cn.friendshipquiz2022.com Open in urlscan Pro
2606:4700:20::ac43:4898 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://cn.friendshipquiz2022.com/
Effective URL:
https://cn.friendshipquiz2022.com/
Submission: On December 01 via api (December 1st 2023, 1:55:14 pm UTC) from US — Scanned from DE

Summary HTTP 261 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 77 IPs in 10 countries across 64 domains to perform 261 HTTP transactions. The main IP is 2606:4700:20::ac43:4898, located in United States and belongs to CLOUDFLARENET, US. The main domain is cn.friendshipquiz2022.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 29th 2023. Valid for: a year.

This is the only time cn.friendshipquiz2022.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:20:... 2606:4700:20::681a:c79	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	2606:4700:20:... 2606:4700:20::ac43:4898	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	151.101.130.217 151.101.130.217	54113 (FASTLY) (FASTLY)
7	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
34	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
4	2606:4700:20:... 2606:4700:20::ac43:4937	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:20:... 2606:4700:20::681a:8e1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:50c0:800... 2606:50c0:8001::153	54113 (FASTLY) (FASTLY)
3	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
5	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400c:c0c::9b	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
2	2606:4700:20:... 2606:4700:20::ac43:4bf1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	139.178.67.5 139.178.67.5	54825 (PACKET) (PACKET)
1 2	145.40.97.67 145.40.97.67	54825 (PACKET) (PACKET)
1	2a00:1450:400... 2a00:1450:4001:812::2013	15169 (GOOGLE) (GOOGLE)
1	52.30.181.208 52.30.181.208	16509 (AMAZON-02) (AMAZON-02)
7	2606:4700:10:... 2606:4700:10::ac43:2ac9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 9	37.252.171.85 37.252.171.85	29990 (ASN-APPNEX) (ASN-APPNEX)
4	35.244.159.8 35.244.159.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700:440... 2606:4700:4400::6812:22b2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2602:803:c003... 2602:803:c003:200::44	26667 (RUBICONPR...) (RUBICONPROJECT)
3	34.255.245.69 34.255.245.69	16509 (AMAZON-02) (AMAZON-02)
1	34.120.63.153 34.120.63.153	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	3.69.155.84 3.69.155.84	16509 (AMAZON-02) (AMAZON-02)
3	34.149.20.76 34.149.20.76	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
3	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
1	130.211.34.132 130.211.34.132	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
22	2a00:1450:400... 2a00:1450:4001:80b::2001	15169 (GOOGLE) (GOOGLE)
5	216.58.212.134 216.58.212.134	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:830::2006	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	213.202.235.10 213.202.235.10	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
8 10	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
3 10	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2.16.97.41 2.16.97.41	16625 (AKAMAI-AS) (AKAMAI-AS)
1	23.197.128.137 23.197.128.137	16625 (AKAMAI-AS) (AKAMAI-AS)
3	23.32.184.38 23.32.184.38	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a02:26f0:480... 2a02:26f0:480:15::213:7e47	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	130.211.44.5 130.211.44.5	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	35.244.193.51 35.244.193.51	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	131.153.158.209 131.153.158.209	60558 (SECUREDSE...) (SECUREDSERVERS-EU)
4	162.19.138.117 162.19.138.117	16276 (OVH) (OVH)
1	54.216.79.244 54.216.79.244	16509 (AMAZON-02) (AMAZON-02)
3	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1	67.202.105.22 67.202.105.22	32748 (STEADFAST) (STEADFAST)
2	184.30.22.30 184.30.22.30	16625 (AKAMAI-AS) (AKAMAI-AS)
1	23.32.184.20 23.32.184.20	16625 (AKAMAI-AS) (AKAMAI-AS)
3 8	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
1	23.35.236.188 23.35.236.188	16625 (AKAMAI-AS) (AKAMAI-AS)
1	162.19.138.119 162.19.138.119	16276 (OVH) (OVH)
1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	188.42.34.65 188.42.34.65	7979 (SERVERS-COM) (SERVERS-COM)
1 1	34.232.187.54 34.232.187.54	14618 (AMAZON-AES) (AMAZON-AES)
1	216.52.2.86 216.52.2.86	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1	2600:9000:219... 2600:9000:2190:9800:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	3.68.140.79 3.68.140.79	16509 (AMAZON-02) (AMAZON-02)
1 1	46.228.174.117 46.228.174.117	56396 (AMOBEE) (AMOBEE)
4	77.245.57.72 77.245.57.72	36057 (WEBAIR-IN...) (WEBAIR-INTERNET-MTL)
1	44.205.81.90 44.205.81.90	14618 (AMAZON-AES) (AMAZON-AES)
1	23.43.60.191 23.43.60.191	16625 (AKAMAI-AS) (AKAMAI-AS)
1	51.75.86.98 51.75.86.98	16276 (OVH) (OVH)
1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a05:d018:d29... 2a05:d018:d29:3601:b946:ae1e:458e:a1ae	16509 (AMAZON-02) (AMAZON-02)
2 3	35.157.81.215 35.157.81.215	16509 (AMAZON-02) (AMAZON-02)
1 1	35.210.239.72 35.210.239.72	15169 (GOOGLE) (GOOGLE)
1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3 3	44.206.51.168 44.206.51.168	14618 (AMAZON-AES) (AMAZON-AES)
1 1	46.228.164.13 46.228.164.13	56396 (AMOBEE) (AMOBEE)
2 2	13.32.27.83 13.32.27.83	16509 (AMAZON-02) (AMAZON-02)
1 1	193.0.160.131 193.0.160.131	54312 (ROCKETFUEL) (ROCKETFUEL)
1	35.244.174.68 35.244.174.68	() ()
1 2	52.46.130.91 52.46.130.91	16509 (AMAZON-02) (AMAZON-02)
1 1	46.228.164.11 46.228.164.11	56396 (AMOBEE) (AMOBEE)
1 1	54.221.120.232 54.221.120.232	14618 (AMAZON-AES) (AMAZON-AES)
2 2	37.157.6.233 37.157.6.233	198622 (ADFORM) (ADFORM)
1 2	34.253.135.155 34.253.135.155	16509 (AMAZON-02) (AMAZON-02)
1	198.47.127.19 198.47.127.19	62713 (AS-PUBMATIC) (AS-PUBMATIC)
261	77

1 2606:4700:20::681a:c79 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cn.friendshipquiz2022.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2606:4700:20::ac43:4898 (United States)

ASN13335 (CLOUDFLARENET, US)

cn.friendshipquiz2022.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.friendshipquiz2022.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.217 (United States)

ASN54113 (FASTLY, US)

fdyn.pubwise.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:20::ac43:4937 (United States)

ASN13335 (CLOUDFLARENET, US)

img.holaquiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:8e1 (United States)

ASN13335 (CLOUDFLARENET, US)

img.realtest.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:50c0:8001::153 (United States)

ASN54113 (FASTLY, US)

superal.github.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c0c::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:4bf1 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.178.67.5 (Parsippany, United States) 1 redirects

ASN54825 (PACKET, US)

sync.pubwise.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 145.40.97.67 (Amsterdam, Netherlands) 1 redirects

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pbs.pubwise.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.30.181.208 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-181-208.eu-west-1.compute.amazonaws.com

hb.yellowblue.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:10::ac43:2ac9 (United States)

ASN13335 (CLOUDFLARENET, US)

useast.quantumdex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.quantumdex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 37.252.171.85 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.244.159.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.159.244.35.bc.googleusercontent.com

pubwise-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:22b2 (United States)

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2602:803:c003:200::44 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.255.245.69 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-245-69.eu-west-1.compute.amazonaws.com

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.63.153 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 153.63.120.34.bc.googleusercontent.com

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.69.155.84 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-69-155-84.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.149.20.76 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 76.20.149.34.bc.googleusercontent.com

ssc.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 130.211.34.132 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 132.34.211.130.bc.googleusercontent.com

api.pubwise.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:80b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 216.58.212.134 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s46-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.202.235.10 (Düsseldorf, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.186.66 (United States) 8 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.18.36.155 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.16.97.41 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-16-97-41.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.197.128.137 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-197-128-137.deploy.static.akamaitechnologies.com

servedby.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.32.184.38 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-184-38.deploy.static.akamaitechnologies.com

cdn.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:480:15::213:7e47 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 130.211.44.5 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 5.44.211.130.bc.googleusercontent.com

tps.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tpsc-ew1.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:3::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.193.51 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 51.193.244.35.bc.googleusercontent.com

lexicon.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 131.153.158.209 (Amsterdam, Netherlands)

ASN60558 (SECUREDSERVERS-EU, US)

id.a-mx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 162.19.138.117 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533568.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.216.79.244 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-216-79-244.eu-west-1.compute.amazonaws.com

id.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.33.220.150 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.22 (United States)

ASN32748 (STEADFAST, US)
PTR: ip22.67-202-105.static.steadfastdns.net

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.30.22.30 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-22-30.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.32.184.20 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-184-20.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 13.248.245.213 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.236.188 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-188.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.119 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533570.ip-162-19-138.eu

lb.eu-1-id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.42.34.65 (Luxembourg) 2 redirects

ASN7979 (SERVERS-COM, US)

ads.betweendigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.232.187.54 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-232-187-54.compute-1.amazonaws.com

ssp.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.52.2.86 (United States)

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2190:9800:1b:5138:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.68.140.79 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-68-140-79.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.228.174.117 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 77.245.57.72 (United States)

ASN36057 (WEBAIR-INTERNET-MTL, US)

sync.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.205.81.90 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-205-81-90.compute-1.amazonaws.com

cs-server-s2s.yellowblue.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.43.60.191 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-43-60-191.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.75.86.98 (France)

ASN16276 (OVH, FR)
PTR: ip98.ip-51-75-86.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3601:b946:ae1e:458e:a1ae (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.157.81.215 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-81-215.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.210.239.72 (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 72.239.210.35.bc.googleusercontent.com

u.ipw.metadsp.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 44.206.51.168 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-206-51-168.compute-1.amazonaws.com

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.228.164.13 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.27.83 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-83.fra56.r.cloudfront.net

live.rezync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.131 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (None, )

ASN- ()

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.46.130.91 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.228.164.11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.221.120.232 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-221-120-232.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.233 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.253.135.155 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-135-155.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.19 (United States)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
59	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 148	674 KB
31	doubleclick.net 8 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196 googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 stats.g.doubleclick.net — Cisco Umbrella Rank: 75 ad.doubleclick.net — Cisco Umbrella Rank: 139 cm.g.doubleclick.net — Cisco Umbrella Rank: 219	340 KB
19	friendshipquiz2022.com 1 redirects cn.friendshipquiz2022.com img.friendshipquiz2022.com	175 KB
12	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 300	282 KB
10	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 578 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 480	7 KB
10	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 229 acdn.adnxs.com — Cisco Umbrella Rank: 610	24 KB
9	3lift.com 3 redirects tlx.3lift.com — Cisco Umbrella Rank: 592 eb2.3lift.com — Cisco Umbrella Rank: 372	5 KB
9	google.com 1 redirects region1.analytics.google.com — Cisco Umbrella Rank: 2693 www.google.com — Cisco Umbrella Rank: 2	1 KB
7	gstatic.com fonts.gstatic.com www.gstatic.com	76 KB
7	quantumdex.io useast.quantumdex.io — Cisco Umbrella Rank: 19494 sync.quantumdex.io — Cisco Umbrella Rank: 4292	2 KB
7	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	539 KB
6	rubiconproject.com fastlane.rubiconproject.com — Cisco Umbrella Rank: 537 eus.rubiconproject.com — Cisco Umbrella Rank: 588 token.rubiconproject.com — Cisco Umbrella Rank: 461	22 KB
5	33across.com ssc.33across.com — Cisco Umbrella Rank: 3699 lexicon.33across.com — Cisco Umbrella Rank: 1596 ssc-cms.33across.com — Cisco Umbrella Rank: 904	955 B
5	pubwise.io 1 redirects fdyn.pubwise.io — Cisco Umbrella Rank: 46424 sync.pubwise.io — Cisco Umbrella Rank: 13681 pbs.pubwise.io api.pubwise.io — Cisco Umbrella Rank: 37342	160 KB
4	adkernel.com sync.adkernel.com — Cisco Umbrella Rank: 1750	536 B
4	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 425	3 KB
4	doubleverify.com cdn.doubleverify.com — Cisco Umbrella Rank: 489 tps.doubleverify.com — Cisco Umbrella Rank: 505 tpsc-ew1.doubleverify.com — Cisco Umbrella Rank: 10082	105 KB
4	flashtalking.com servedby.flashtalking.com — Cisco Umbrella Rank: 923 cdn.flashtalking.com — Cisco Umbrella Rank: 1337 secure.flashtalking.com — Cisco Umbrella Rank: 2874	67 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 206	255 KB
4	openx.net pubwise-d.openx.net — Cisco Umbrella Rank: 98378 us-u.openx.net — Cisco Umbrella Rank: 491 u.openx.net — Cisco Umbrella Rank: 672	703 B
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2189	21 KB
4	holaquiz.com img.holaquiz.com	433 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	4 KB
3	liadm.com 3 redirects i.liadm.com — Cisco Umbrella Rank: 517	2 KB
3	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 336	1 KB
3	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 331	725 B
3	criteo.com gum.criteo.com — Cisco Umbrella Rank: 424 dis.criteo.com — Cisco Umbrella Rank: 550	747 B
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	247 B
3	gumgum.com g2.gumgum.com — Cisco Umbrella Rank: 1524	2 KB
3	4dex.io script.4dex.io — Cisco Umbrella Rank: 1628 mp.4dex.io — Cisco Umbrella Rank: 2346	25 KB
3	google.de www.google.de — Cisco Umbrella Rank: 6765	622 B
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 168	125 KB
2	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 208	1 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 560	1 KB
2	amazon-adsystem.com 1 redirects s.amazon-adsystem.com — Cisco Umbrella Rank: 285	2 KB
2	rezync.com 2 redirects live.rezync.com — Cisco Umbrella Rank: 1785	1 KB
2	turn.com 2 redirects d.turn.com — Cisco Umbrella Rank: 1349 ad.turn.com — Cisco Umbrella Rank: 773	841 B
2	pubmatic.com ads.pubmatic.com — Cisco Umbrella Rank: 544 image6.pubmatic.com — Cisco Umbrella Rank: 793	6 KB
2	betweendigital.com 2 redirects ads.betweendigital.com — Cisco Umbrella Rank: 1601	1 KB
2	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1299	326 B
2	media.net prebid.media.net — Cisco Umbrella Rank: 1498 contextual.media.net — Cisco Umbrella Rank: 665	10 KB
2	yellowblue.io hb.yellowblue.io — Cisco Umbrella Rank: 2147 cs-server-s2s.yellowblue.io — Cisco Umbrella Rank: 2453	828 B
2	a-mo.net 1 redirects prebid.a-mo.net — Cisco Umbrella Rank: 751	502 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 702	1 KB
1	rfihub.com 1 redirects p.rfihub.com — Cisco Umbrella Rank: 825	1 KB
1	metadsp.co.uk 1 redirects u.ipw.metadsp.co.uk — Cisco Umbrella Rank: 4714	240 B
1	yahoo.com pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 474	426 B
1	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 327	646 B
1	onetag-sys.com onetag-sys.com — Cisco Umbrella Rank: 714
1	1rx.io 1 redirects sync.1rx.io — Cisco Umbrella Rank: 546	194 B
1	sharethrough.com match.sharethrough.com — Cisco Umbrella Rank: 495	35 B
1	smaato.net s.ad.smaato.net — Cisco Umbrella Rank: 674	243 B
1	lijit.com ap.lijit.com — Cisco Umbrella Rank: 650	277 B
1	disqus.com 1 redirects ssp.disqus.com — Cisco Umbrella Rank: 1557	283 B
1	eu-1-id5-sync.com lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 940	285 B
1	crwdcntrl.net id.crwdcntrl.net — Cisco Umbrella Rank: 2417	324 B
1	rlcdn.com api.rlcdn.com Failed idsync.rlcdn.com	98 B
1	a-mx.com id.a-mx.com — Cisco Umbrella Rank: 1702	277 B
1	exactag.com m.exactag.com — Cisco Umbrella Rank: 11353	1 KB
1	github.io superal.github.io — Cisco Umbrella Rank: 717230	3 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 204	11 KB
1	realtest.me img.realtest.me	21 KB
0	admanmedia.com Failed cs.admanmedia.com Failed
0	agkn.com Failed fid.agkn.com Failed
261	64

	Domain	Requested by
34	pagead2.googlesyndication.com	cn.friendshipquiz2022.com pagead2.googlesyndication.com tpc.googlesyndication.com c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com s0.2mdn.net
22	tpc.googlesyndication.com	googleads.g.doubleclick.net cn.friendshipquiz2022.com tpc.googlesyndication.com pagead2.googlesyndication.com c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com s0.2mdn.net
18	cn.friendshipquiz2022.com	1 redirects cn.friendshipquiz2022.com
12	s0.2mdn.net	googleads.g.doubleclick.net cn.friendshipquiz2022.com s0.2mdn.net
10	cm.g.doubleclick.net	8 redirects googleads.g.doubleclick.net eb2.3lift.com
10	googleads.g.doubleclick.net	pagead2.googlesyndication.com cn.friendshipquiz2022.com googleads.g.doubleclick.net c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
9	ib.adnxs.com	4 redirects fdyn.pubwise.io googleads.g.doubleclick.net acdn.adnxs.com eb2.3lift.com
8	eb2.3lift.com	3 redirects fdyn.pubwise.io sync.quantumdex.io eb2.3lift.com
8	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net ssum-sec.casalemedia.com
7	www.googletagmanager.com	cn.friendshipquiz2022.com www.googletagmanager.com
6	sync.quantumdex.io	fdyn.pubwise.io sync.quantumdex.io ssum-sec.casalemedia.com
6	region1.analytics.google.com	www.googletagmanager.com
5	ad.doubleclick.net	cn.friendshipquiz2022.com c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
4	sync.adkernel.com	sync.quantumdex.io
4	id5-sync.com	fdyn.pubwise.io sync.quantumdex.io
4	www.googletagservices.com	cn.friendshipquiz2022.com googleads.g.doubleclick.net c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
4	fonts.gstatic.com	fonts.googleapis.com
4	img.holaquiz.com	cn.friendshipquiz2022.com
4	fonts.googleapis.com	cn.friendshipquiz2022.com googleads.g.doubleclick.net
3	i.liadm.com	3 redirects
3	x.bidswitch.net	2 redirects eb2.3lift.com
3	match.adsrvr.org	fdyn.pubwise.io eb2.3lift.com ssum-sec.casalemedia.com
3	www.gstatic.com	googleads.g.doubleclick.net
3	c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	www.facebook.com	cn.friendshipquiz2022.com
3	ssc.33across.com	fdyn.pubwise.io
3	g2.gumgum.com	fdyn.pubwise.io
3	fastlane.rubiconproject.com	fdyn.pubwise.io
3	www.google.com	1 redirects cn.friendshipquiz2022.com tpc.googlesyndication.com
3	www.google.de	cn.friendshipquiz2022.com
3	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
3	connect.facebook.net	www.googletagmanager.com connect.facebook.net
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	securepubads.g.doubleclick.net	cn.friendshipquiz2022.com securepubads.g.doubleclick.net
2	dpm.demdex.net	1 redirects ssum-sec.casalemedia.com
2	c1.adform.net	2 redirects
2	s.amazon-adsystem.com	1 redirects ssum-sec.casalemedia.com
2	live.rezync.com	2 redirects
2	ssum-sec.casalemedia.com	sync.quantumdex.io ssum-sec.casalemedia.com
2	ads.betweendigital.com	2 redirects
2	eus.rubiconproject.com	fdyn.pubwise.io eus.rubiconproject.com
2	gum.criteo.com	fdyn.pubwise.io
2	cdn.doubleverify.com	cdn.flashtalking.com cn.friendshipquiz2022.com
2	cdn.flashtalking.com	servedby.flashtalking.com c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
2	sync.teads.tv	googleads.g.doubleclick.net
2	us-u.openx.net	googleads.g.doubleclick.net
2	prebid.a-mo.net	1 redirects fdyn.pubwise.io
2	sync.pubwise.io	1 redirects cn.friendshipquiz2022.com
2	script.4dex.io	fdyn.pubwise.io script.4dex.io
1	tpsc-ew1.doubleverify.com	cdn.doubleverify.com
1	image6.pubmatic.com	ads.pubmatic.com
1	sync.srv.stackadapt.com	1 redirects
1	ad.turn.com	1 redirects
1	idsync.rlcdn.com	ssum-sec.casalemedia.com
1	p.rfihub.com	1 redirects
1	d.turn.com	1 redirects
1	dis.criteo.com	eb2.3lift.com
1	u.ipw.metadsp.co.uk	1 redirects
1	pr-bh.ybp.yahoo.com	eb2.3lift.com
1	px.ads.linkedin.com	eb2.3lift.com
1	onetag-sys.com	sync.quantumdex.io
1	ads.pubmatic.com	sync.quantumdex.io
1	cs-server-s2s.yellowblue.io	sync.quantumdex.io
1	sync.1rx.io	1 redirects
1	match.sharethrough.com	sync.quantumdex.io
1	s.ad.smaato.net	sync.quantumdex.io
1	ap.lijit.com	sync.quantumdex.io
1	ssp.disqus.com	1 redirects
1	token.rubiconproject.com	eus.rubiconproject.com
1	lb.eu-1-id5-sync.com	fdyn.pubwise.io
1	acdn.adnxs.com	fdyn.pubwise.io
1	u.openx.net	fdyn.pubwise.io
1	contextual.media.net	fdyn.pubwise.io
1	ssc-cms.33across.com	fdyn.pubwise.io
1	id.crwdcntrl.net	fdyn.pubwise.io
1	id.a-mx.com	fdyn.pubwise.io
1	lexicon.33across.com	fdyn.pubwise.io
1	tps.doubleverify.com	cdn.doubleverify.com
1	secure.flashtalking.com	c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
1	servedby.flashtalking.com	c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
1	m.exactag.com	c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
1	api.pubwise.io	fdyn.pubwise.io
1	tlx.3lift.com	fdyn.pubwise.io
1	prebid.media.net	fdyn.pubwise.io
1	mp.4dex.io	fdyn.pubwise.io
1	pubwise-d.openx.net	fdyn.pubwise.io
1	useast.quantumdex.io	fdyn.pubwise.io
1	hb.yellowblue.io	fdyn.pubwise.io
1	pbs.pubwise.io	fdyn.pubwise.io
1	region1.google-analytics.com	www.googletagmanager.com
1	superal.github.io	cn.friendshipquiz2022.com
1	cdnjs.cloudflare.com	cn.friendshipquiz2022.com
1	img.realtest.me	cn.friendshipquiz2022.com
1	img.friendshipquiz2022.com	cn.friendshipquiz2022.com
1	fdyn.pubwise.io	cn.friendshipquiz2022.com
0	cs.admanmedia.com Failed	sync.quantumdex.io
0	api.rlcdn.com Failed	fdyn.pubwise.io
0	fid.agkn.com Failed	fdyn.pubwise.io
261	98

This site contains links to these domains. Also see Links.

Domain
cn.realtest.me
twitter.com
www.instagram.com
www.facebook.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-01-29` - `2024-01-28`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
fdyn.pubwise.io GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-08-12` - `2024-09-12`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
holaquiz.com E1	`2023-10-29` - `2024-01-27`	3 months	crt.sh
realtest.me GTS CA 1P5	`2023-11-30` - `2024-02-28`	3 months	crt.sh
*.github.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-21` - `2024-03-20`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-09-09` - `2023-12-08`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
script.4dex.io Cloudflare Inc ECC CA-3	`2023-10-23` - `2024-10-22`	a year	crt.sh
pbs.pubwise.io GTS CA 1D4	`2023-11-05` - `2024-02-03`	3 months	crt.sh
*.yellowblue.io Amazon ECDSA 256 M02	`2023-04-19` - `2024-05-17`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
ie-ad-exch-prd-one-eks.prd.eks.ie.adexchange.gumgum.com Amazon RSA 2048 M01	`2023-07-17` - `2024-08-14`	a year	crt.sh
prebid.media.net GTS CA 1D4	`2023-10-28` - `2024-01-26`	3 months	crt.sh
*.a-mo.net R3	`2023-11-07` - `2024-02-05`	3 months	crt.sh
*.3lift.com Amazon RSA 2048 M02	`2023-04-13` - `2024-05-11`	a year	crt.sh
ssc.33across.com GTS CA 1D4	`2023-10-28` - `2024-01-26`	3 months	crt.sh
admin.pubwise.io GTS CA 1D4	`2023-11-21` - `2024-02-19`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.exactag.com Sectigo ECC Domain Validation Secure Server CA	`2023-08-22` - `2024-09-15`	a year	crt.sh
teads.tv R3	`2023-11-03` - `2024-02-01`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
servedby.flashtalking.com DigiCert TLS RSA SHA256 2020 CA1	`2023-09-14` - `2024-09-14`	a year	crt.sh
cdn.flashtalking.com DigiCert TLS RSA SHA256 2020 CA1	`2023-05-04` - `2024-05-03`	a year	crt.sh
*.doubleverify.com DigiCert TLS RSA SHA256 2020 CA1	`2023-05-07` - `2024-05-07`	a year	crt.sh
*.tps.doubleverify.com Go Daddy Secure Certificate Authority - G2	`2023-09-29` - `2024-09-28`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-01` - `2024-03-01`	3 months	crt.sh
lexicon.33across.com GTS CA 1D4	`2023-11-27` - `2024-02-25`	3 months	crt.sh
id.a-mx.com Sectigo RSA Domain Validation Secure Server CA	`2023-10-12` - `2024-11-10`	a year	crt.sh
*.id5-sync.com R3	`2023-11-01` - `2024-01-30`	3 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M02	`2023-10-08` - `2024-11-06`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-06` - `2024-09-30`	a year	crt.sh
*.media.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-10` - `2024-02-18`	a year	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2023-08-24` - `2024-08-24`	a year	crt.sh
*.eu-1-id5-sync.com R3	`2023-11-01` - `2024-01-30`	3 months	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2023-05-06` - `2024-05-04`	a year	crt.sh
s.ad.smaato.net Amazon RSA 2048 M03	`2023-09-04` - `2024-10-02`	a year	crt.sh
*.sharethrough.com Amazon RSA 2048 M01	`2023-06-14` - `2024-07-12`	a year	crt.sh
casalemedia.com Cloudflare Inc ECC CA-3	`2023-05-21` - `2024-05-20`	a year	crt.sh
*.adkernel.com AlphaSSL CA - SHA256 - G4	`2023-01-03` - `2024-02-04`	a year	crt.sh
*.pubmatic.com DigiCert TLS RSA SHA256 2020 CA1	`2023-11-26` - `2024-11-26`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-28` - `2024-01-28`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2023-11-03` - `2024-05-03`	6 months	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-08-29` - `2024-02-21`	6 months	crt.sh

This page contains 40 frames:

Primary Page: https://cn.friendshipquiz2022.com/
Frame ID: 1ECB72B4694D23C1C0E8E4D772E6366F
Requests: 107 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231129/r20190131/zrt_lookup_fy2021.html
Frame ID: FBED0A34A8FF0D044076A781BA14E523
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7003191985075097&output=html&adk=1812271804&adf=3025194257&lmt=1701438908&plaf=7%3A2&plat=3%3A128%2C4%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701438908762&bpp=2&bdt=1109&idt=204&shv=r20231129&mjsv=m202311280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6337855700552&frm=20&pv=2&ga_vid=1445266296.1701438909&ga_sid=1701438909&ga_hid=525889725&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078297%2C31079812%2C44807749%2C44807763%2C44808148%2C44808284%2C44809072&oid=2&pvsid=1812535096313103&tmod=385957929&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=213
Frame ID: 83C48D0A7A944A50C4F3A3417DD0E5BF
Requests: 1 HTTP requests in this frame

Frame: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 0D1CC05D8871B24BDF9C811B3E99EBA2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231129/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: B6573FDED54EB713D6456135C057B33C
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231129/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 8F504B72B052B7AAF4CBFEB93DC5F302
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARjD-r7cATAB&v=APEucNXnApzFx22YnSQgfUMerFWq4rIAujCiJFR9p8CSLYZxq9p6iKUTdDVSR7el3iTiuMykTgH4Z1VsjfQPpD6fPr16wH4KAw
Frame ID: 7D1581BE1052E4390AA2BA4E90021EC8
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/abg_lite_fy2021.js
Frame ID: F52DD08840C59E1580203D40E453C900
Requests: 12 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 794ABAB8212AEC92A1B54F00A12A1849
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 71B6AA9DF1210C2591745E6A85978E41
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 9E083CAAA1B40E186D8C1637B5CA83EA
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js
Frame ID: A71D2A3C5C27BCB247FF7D167F422B84
Requests: 1 HTTP requests in this frame

Frame: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: D41A574F917D3118835117E22C99E27C
Requests: 21 HTTP requests in this frame

Frame: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 4EABAA685394F9B96AF5E35004662D99
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvmmQEQhsbxhwQYhM3l7gEwAQ&v=APEucNXthB7hlTGRcNsw2IArl3QsBN4N4XxX0lMxAKzVlLGXexpo3TJeMNEcYZCT7SAkSr2dYqJPvm-8oXxPVzsx5Evp1jAyFFc_Cimk3aleY0mmMu7O3JL8mVyBAvjKHQfJ6dXmZ9uiIm4BekceBf0CzwUUDZWj_G3VfMw23gDdbEhAZUwHCB0
Frame ID: 7B49CF36A5EC671E678AE16CABAEE483
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMY94To4gEwAQ&v=APEucNWQYPhaWis7KmhuyOOpriXwOPO28spaD1nxa5A54iQB8py9Eigr97wvvCHjfF-Os2Yz7tZL62jMiF97lhFjXD0WBhU9NzOxyAUKQAhIzdTjGbSvFL1ZDNLPDCQdkvDLE_ShAtUGh-f_z8LVrP-EOEO9E-5BSqDeW8wyLnRV-DNSl0MVm8U
Frame ID: F50163FB05A0B60A2D946274EE1E0D8E
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: C6DE583632FAFE6A2AA011E8223A6DA1
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Zey4gjmDmL&t=1&renderingType=2&ev=01_250
Frame ID: 3A370CB3059ED28DF91EC03DAB5C9D24
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: C5B2E85CEEC5EBADBA6EF1F0EAAA1199
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 21FF3750D2CD4F41BE93F6160F75406D
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: B3B626157445DCA28EB2B780FF6CCC84
Requests: 3 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements5017.js
Frame ID: 6805DD055EEBC53B4A3061AB547F1264
Requests: 3 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=d4Z_Loo2ur7BmNrkHcnnVW&gdpr_consent=undefined&us_privacy=undefined
Frame ID: 32B15DFF2A99AC683F4465374E617BD1
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 97421E7C04B9DF931F1F792B00288DF7
Requests: 3 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU75OYJ3&prvid=2034%2C2033%2C273%2C233%2C157%2C159%2C236%2C237%2C117%2C437%2C51%2C97%2C55%2C99%2C56%2C59%2C3012%2C122%2C3007%2C246%2C4%2C126%2C203%2C446%2C9%2C208%2C2055%2C171%2C173%2C294%2C251%2C175%2C450%2C178%2C255%2C3018%2C3017%2C214%2C3016%2C3015%2C3014%2C337%2C338%2C459%2C70%2C77%2C38%2C182%2C184%2C261%2C141%2C262%2C186%2C461%2C188%2C145%2C222%2C102%2C225%2C468%2C10000%2C80%2C108%2C229%2C109%2C82&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: 24819BB6B6F2829A5FEF839D82B76447
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 1DCBE40918E5194E005D6A004F8B1251
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 166B224F9197B138BAD3A20608070A48
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 7440133CD4E9E7BFD91E2845AB636AC4
Requests: 3 HTTP requests in this frame

Frame: https://sync.quantumdex.io/usersync/pbjs
Frame ID: 28BF4E17E03F71BC0C84E6AC1B2ED430
Requests: 9 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Frame ID: 8228989FE96CDF48D29B1106F7744EFA
Requests: 10 HTTP requests in this frame

Frame: https://sync.quantumdex.io/setuid?bidder=unruly&uid=OPTOUT&us_privacy=
Frame ID: A5D7ABB547E6BF2B1B1F00EB6258F72D
Requests: 1 HTTP requests in this frame

Frame: https://sync.adkernel.com/user-sync?zone=185416&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dxapads-mw%26uid%3D%7BUID%7D
Frame ID: 2C2FF82680A8D38CEA2E16AB5E6C9C27
Requests: 1 HTTP requests in this frame

Frame: https://sync.adkernel.com/user-sync?zone=148144&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dxapads-mw%26uid%3D%7BUID%7D
Frame ID: 2418955662ADF9132D1F76EE44973421
Requests: 1 HTTP requests in this frame

Frame: https://sync.adkernel.com/user-sync?zone=149271&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dxapads-mw%26uid%3D%7BUID%7D
Frame ID: 35850D67B1EA438684F78BCDA5D782C3
Requests: 1 HTTP requests in this frame

Frame: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Drise%26uid%3D%7BpartnerId%7D
Frame ID: 69E6809A09CEBF83F53C2736EAAA0BE5
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Frame ID: C538E4F2ADEAC4FE81353C11C8863A94
Requests: 2 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=2bb78272a859ca6
Frame ID: 37C47AE04C020A8D61EFEDA5A8190C3D
Requests: 1 HTTP requests in this frame

Frame: https://sync.adkernel.com/user-sync?zone=184388&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dxap-184388%26uid%3D%7BUID%7D
Frame ID: FF6755F77AB48373C79A899009715194
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID&ld=1
Frame ID: 3441F19933CCF895015F708D47EE9B87
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Frame ID: 7C0292B546BCABB73EF5250BC3DB5914
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

2023年真朋友標籤挑戰賽! 現在就接受這個挑戰!

Page URL History Show full URLs

http://cn.friendshipquiz2022.com/ HTTP 301
https://cn.friendshipquiz2022.com/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AngularJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

\bangular.{0,32}\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

261
Requests

90 %
HTTPS

39 %
IPv6

64
Domains

98
Subdomains

77
IPs

10
Countries

3401 kB
Transfer

8992 kB
Size

70
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://cn.realtest.me/?utm_site_source=custom&utm_site_medium=ad&utm_site_campaign=user

Search URL Search Domain Scan URL

URL: https://twitter.com/QuizFriendship

Search URL Search Domain Scan URL

URL: https://www.instagram.com/friendshipquiz22/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/FriendshipQuiz22/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://cn.friendshipquiz2022.com/ HTTP 301
https://cn.friendshipquiz2022.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 58

https://sync.pubwise.io/usersync2/pubwisedirect HTTP 302
https://prebid.a-mo.net/cchain/0?cb=https%3A%2F%2Fsync.pubwise.io%2Fusersync%2Fadaptmxdspban2%2F HTTP 302
https://sync.pubwise.io/usersync/adaptmxdspban2/

Request Chain 119

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 152

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAj6897SU0oQD91f6vLkhjA&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAj6897SU0oQD91f6vLkhjA&google_cver=1&C=1

Request Chain 153

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWnlvq9TbiwhRYtFI0xKZwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAj6897SU0oQD91f6vLkhjA&google_cver=1

Request Chain 154

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESED-QqkZLCAG3QwGwxtAPMU4&google_cver=1

Request Chain 155

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzMyNjkxMzY2MjYwOTc0MDA1OQ%3D%3D

Request Chain 156

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPzW0cnUU9XDyDJOC9ZapF8&google_cver=1

Request Chain 158

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEBUTFTO5V2rqEKYZu8sTnac&google_cver=1

Request Chain 211

https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D HTTP 302
https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1&rts=658338266894501610 HTTP 302
https://sync.quantumdex.io/setuid?bidder=between&uid=05e846ee-4b96-524f-8a75-38a1ef1cdd61

Request Chain 212

https://ssp.disqus.com/redirectuser/?partner=valueimpression&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dzeta-global%26uid%3DBUYERUID HTTP 302
https://sync.quantumdex.io/setuid?bidder=zeta-global&uid=ua-6c0cc20a-c3cc-3925-8f31-b49d9ff2272f

Request Chain 216

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=3326913662609740059

Request Chain 220

https://sync.1rx.io/usersync2/rmphb?gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&us_privacy=${US_PRIVACY}&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%5BRX_UUID%5D HTTP 302
https://sync.quantumdex.io/setuid?bidder=unruly&uid=OPTOUT&us_privacy=

Request Chain 228

https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID HTTP 302
https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID&ld=1

Request Chain 230

https://eb2.3lift.com/ebda?sync=1&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_hm=Njg2MDgzNzUwNzE0Nzc3Njg0OTE5 HTTP 302
https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=

Request Chain 231

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEMunVf-Ooe9-gnwczS3Ehlw&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1

Request Chain 232

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=Njg2MDgzNzUwNzE0Nzc3Njg0OTE5

Request Chain 235

https://x.bidswitch.net/sync?ssp=triplelift&user_id=686083750714777684919&gdpr=0&gdpr_consent=${GDPR_CONSENT} HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=triplelift&user_id=686083750714777684919&gdpr=0&gdpr_consent=${GDPR_CONSENT} HTTP 302
https://u.ipw.metadsp.co.uk/sync?ssp=bidswitch&bidswitch_ssp_id=triplelift&bsw_user_id=${BSW_USER_UD}&bsw_param=d96b649f-7d68-4f90-a449-ee55e3f2c947&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy= HTTP 302
https://x.bidswitch.net/sync?dsp_id=339&expires=14&gdpr=1&gdpr_consent=&user_group=0&user_id=&ssp=triplelift&bsw_param=d96b649f-7d68-4f90-a449-ee55e3f2c947

Request Chain 237

https://ib.adnxs.com/getuid?https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3335%26xuid%3D%24UID%26dongle%3D4d58%26gdpr=0%26gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=3335&xuid=3326913662609740059&dongle=4d58&gdpr=0&gdpr_consent=

Request Chain 239

https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZWnlvny7ywxFNHJUiTd9HgAA%261105&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 303
https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZWnlvny7ywxFNHJUiTd9HgAA%261105&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=3b263b6fa76a4b7aa5f642bd6608bc44 HTTP 303
https://d.turn.com/r/dd/id/L21rdC8xOTcxL2NpZC8xNzQ5ODczMjc1L3QvMg/url/https://i.liadm.com/s/53233?bidder_id=183658&bidder_uuid=$!%7BTURN_UUID%7D HTTP 302
https://i.liadm.com/s/53233?bidder_id=183658&bidder_uuid=3799640567489113041 HTTP 303
https://live.rezync.com/sync?c=0aa2530f29e4f4a05b5d5d9bb35d60c2&p=93c1662463a616a7155169889dd99651&pid=3b263b6f-a76a-4b7a-a5f6-42bd6608bc44 HTTP 302
https://p.rfihub.com/cm?pub=39342&in=1&userid=56c3b7d2-5349-4388-9e12-966502b5147c%3A1701438913.6661978&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D56c3b7d2-5349-4388-9e12-966502b5147c%253A1701438913.6661978%26_%3D1701438913.6690335&cb=1701438913.6690755 HTTP 302
https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5109685631080379783&referrer={encSite}&forward=https%3A%2F%2Fidsync.rlcdn.com%2F501709.gif%3Fpartner_uid%3D56c3b7d2-5349-4388-9e12-966502b5147c%253A1701438913.6661978%26_%3D1701438913.6690335 HTTP 302
https://idsync.rlcdn.com/501709.gif?partner_uid=56c3b7d2-5349-4388-9e12-966502b5147c%3A1701438913.6661978&_=1701438913.6690335

Request Chain 240

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZWnlvny7ywxFNHJUiTd9HgAABFEAAAIB&gpp=&gpp_sid= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZWnlvny7ywxFNHJUiTd9HgAABFEAAAIB&gpp=&gpp_sid=&dcc=t

Request Chain 241

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZWnlvny7ywxFNHJUiTd9HgAABFEAAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEAZ9IbPKlLY-Uhre67KPrDI&google_cver=1

Request Chain 243

https://ad.turn.com/r/cs?pid=21 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3799640567489113041

Request Chain 244

https://sync.srv.stackadapt.com/sync?nid=68 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=4A59JtpPX25x5S7VoKkXxorHJoQ

Request Chain 245

https://c1.adform.net/serving/cookie/match?party=29 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=29 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=7240467649772221518&expiration=1702648512

Request Chain 246

https://dpm.demdex.net/ibs:dpid=23728&dpuuid=ZWnlvny7ywxFNHJUiTd9HgAA%261105?gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=ZWnlvny7ywxFNHJUiTd9HgAA%261105

261 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
cn.friendshipquiz2022.com/
Redirect Chain

http://cn.friendshipquiz2022.com/
https://cn.friendshipquiz2022.com/

23 KB
6 KB

436ms
419ms

Document
text/html

2606:4700:20::ac43:4898
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4898 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

913fa99c4c2195e32fef6a798876939243dcffd0f083057cc5ece914ff02994c

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 82ebd3723c305ca4-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 01 Dec 2023 13:55:07 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iJgJ0jD2sz9laRgDLwb8vCsBrGH%2FO%2Bd04FWXXTTPqOt9a9hb7AiQV8wCd%2B8qpublOekHcetz5mDDIpG1GUshFNjrQYg6N1umjZlbtwMJ%2F1OwiduV2SMJhyro1sCHkbHzMXc%2BFRhNPalPdcMYO6JZPDudtCboUYs%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-host: as-hi-63-web
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Redirect headers

CF-RAY: 82ebd3720be890ef-FRA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Fri, 01 Dec 2023 13:55:07 GMT
Expires: Fri, 01 Dec 2023 14:55:07 GMT
Location: https://cn.friendshipquiz2022.com/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qiqQlN1M3EkEdunrH%2FoXoox3VU4hZqSpGJYt58gUzqgKKNTTUiWBj056kGiPuTQgrcqh%2FOcQvHm%2Bh%2BmzIiow6LngrsJq4RFgAvs3P2xgLAEZLe2V1zYM9A5vnjD4gmsg%2FzrXq1BMxMbu7vXPJfDMeSum6euQink%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H2 200 font-awesome.css
cn.friendshipquiz2022.com/public/css/ 30 KB
7 KB 494ms
493ms Stylesheet
text/css 2606:4700:20::ac43:4898
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cn.friendshipquiz2022.com/public/css/font-awesome.css?v=20231121

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4898 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c936bca314b30e3c48bbad667c920cac28e3e43b72f5f372c706e885a0aa2743

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

server-host: as-hi-190-web
date: Fri, 01 Dec 2023 13:55:08 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 21 Sep 2023 06:56:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"16c8e5-7823-605d8fe5f57c0"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Ok6kQcErCBLpRDe1qkYb6%2B%2B%2FfKAbSyM1QxiR%2FkWmkoxbK2XA5fbM2%2BfO77IgTGt776Q5OHPBthCpAout3TEMYHG0CnMixxP94l8NwAZAwh7JkkXuBw5%2BCccNzeYjiwJpdbAHG3YwEM92n7Xse5IasNzIn2xIJ4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 82ebd374def45ca4-FRA

GET
H2 200 bootstrap.css
cn.friendshipquiz2022.com/public/css/ 119 KB
20 KB 991ms
990ms Stylesheet
text/css 2606:4700:20::ac43:4898
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cn.friendshipquiz2022.com/public/css/bootstrap.css?v=20231121

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4898 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5270b4442df921b38b1241f7152a12f1cc932633bae9ec745515477369e4939

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

server-host: as-hi-177-web
date: Fri, 01 Dec 2023 13:55:08 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 24 Nov 2023 04:46:43 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"16c400-1dad3-60adea389d2c0"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LudgQTKZNVJUip3OhnpvJ0mRvgWidm1T89zyaha0r2YPCQyu9F65vFqMqNDhZxQStcf6Y%2BmrDozQVpODCIcM6Djo1pvnvkM03kdq1cNq17oyHmgiCv3%2BYJViMXI3IkTQJejw4VFsyuBRDcC0TLgpiWzM1KYuP8w%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 82ebd374def65ca4-FRA

GET
H2 200 common-spinner.css
cn.friendshipquiz2022.com/public/css/ 2 KB
731 B 337ms
336ms Stylesheet
text/css 2606:4700:20::ac43:4898
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cn.friendshipquiz2022.com/public/css/common-spinner.css?v=20231121

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4898 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b6dfeb59f7464899e64068a09afaa80fdae61e9767a041f9bc60aae5362c599

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

server-host: as-hi-63-web
date: Fri, 01 Dec 2023 13:55:07 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 24 May 2022 12:10:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"16c38e-6ff-5dfc0d6528380"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TSeHsrG%2BbcvzqAoyud%2BEG5UzDEsTujqhr89LUYkPAxddccXwCYgWN5x5qcazYFdNmUAc8EitXZHPHb2gLlJg9IicbLsc4VciYv6kJHAd21hJ4Xn%2BU%2F90OW2LTwBQVwVzM90o%2B6mtPoIXdrb9zJayOSNtjzV3quE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 82ebd374def85ca4-FRA

GET
H2 200 style.css
cn.friendshipquiz2022.com/public/css/friends_forever/ 46 KB
10 KB 661ms
660ms Stylesheet
text/css 2606:4700:20::ac43:4898
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cn.friendshipquiz2022.com/public/css/friends_forever/style.css?v=20231121

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4898 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1af8189c0a005cdfcd47482d36288517428abf24dd6dff2a84b98e2f5729e3cf

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

server-host: as-hi-173-web
date: Fri, 01 Dec 2023 13:55:08 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 31 Oct 2023 09:38:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"16c1be-b820-608ffec099e80"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RXBHTPPhl2xUJeIScGJVd7Cwz78q3g32jUEnEqBYJ02t1a9ingnO%2BnVxWaYCXTAOGEJsEh8yEqwpLeSWgzC5%2BnjdQckjoeVCvisvfyG6KRKtUEjEo4KLNEEC1XafQSuc%2BVmB1KbcO0Bbsvm9wsqjmTu4SgXvMjU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 82ebd374eef95ca4-FRA

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 91 KB
30 KB 75ms
52ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fc8c22ccf4a82536089f1ff43435905611c36795617cff7ad378e6545260461d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29995
x-xss-protection: 0
server: cafe
etag: 832 / 19692 / m202311150101 / config-hash: 11152387477177976423
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 13:55:08 GMT

GET
H2 200 pws.js Show response
fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/ 530 KB
159 KB 215ms
114ms Script
text/javascript 151.101.130.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Requested by: Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 835d49bdfa132d644e036b39835f57377103a593ed3049ce81f1ece34fba0577

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:08 GMT
via: 1.1 varnish, 1.1 varnish
content-encoding: gzip
age: 2060
x-cache: HIT, HIT
x-goog-meta-surrogate-key: 76aa6e44f67e5da0cf52421a62f592aa 8520a160bdcaefbe224293438b8d0ba7
content-length: 162182
x-pw-gzip: 1
last-modified: Mon, 07 Aug 2023 15:38:47 GMT
x-timer: S1701438909.758868,VS0,VE107
etag: "f114f1c7cae4b9c414bffdefbe7cf29b"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=21600
accept-ranges: bytes
x-pw-frac: 10
x-cache-hits: 1, 1

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 186 KB
68 KB 56ms
34ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-216124835-12

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9c20edcd95e8e4b77510bb79edc12ce9bb7e29f37eed3efcfb77c03191d6f892

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 69033
x-xss-protection: 0
last-modified: Fri, 01 Dec 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Dec 2023 13:55:08 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 187 KB
68 KB 46ms
24ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-126527512-27

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dd048bc7a6651d25b265c16eb7d1a670d7d5532a317c669e27546df53de6f524

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 69042
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 01 Dec 2023 13:55:08 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 150 KB
52 KB 82ms
59ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7003191985075097

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

798b2b4e370e6505dfbb408bb1d9fa0d2b33123315f4a3e49c31943d465fe5e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cn.friendshipquiz2022.com/
Origin: https://cn.friendshipquiz2022.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52779
x-xss-protection: 0
server: cafe
etag: 11894336618225936920
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 13:55:08 GMT

GET
H2 200 css2
fonts.googleapis.com/ 7 KB
1019 B 49ms
28ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,400;0,500;0,600;0,700;0,800;1,600&display=swap

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6e5f38456e85c91724979e7df314dc38b568bed6a75d0fa42c5c76bd94c07ad7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 01 Dec 2023 13:55:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 01 Dec 2023 13:55:07 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 01 Dec 2023 13:55:07 GMT

GET
H2 200 css2
fonts.googleapis.com/ 18 KB
923 B 60ms
39ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84cb06c27b7617c81b075bdb123e0e63e8da1b70feee763f86899a4fc3f3623

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 01 Dec 2023 13:55:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 01 Dec 2023 13:55:07 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 01 Dec 2023 13:55:07 GMT

GET
H2 200 FSQ_LOGO.png
img.friendshipquiz2022.com/public/site_content/quiz/ck_editor/images/ 2 KB
3 KB 41ms
21ms Image
image/png 2606:4700:20::ac43:4898
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.friendshipquiz2022.com/public/site_content/quiz/ck_editor/images/FSQ_LOGO.png

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4898 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a6c1d708c813d74cce955af0a64f9e2e1bf9030fa8a95fcb147756dd25fee633

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

server-host: as-hi-205-web
date: Fri, 01 Dec 2023 13:55:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6358
content-length: 2181
last-modified: Tue, 30 Nov 2021 09:23:47 GMT
server: cloudflare
etag: "31e034-885-5d1fe1d4c6ec0"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xLWgAqirkOkQqZuoYbq4AN%2BweKsvInYlSnah2eHTCPPGZTfoiUD%2FfncECplk3e6kuVfmCFMwXzDkIqGKMcyqlue2JV0c7tEEbOJTEn7848kpXY4ajTgH3X9Cp0TGxkFeEtdrQp4KGzIqmOHWB4bv0OrsOIOf6zIU"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
access-control-allow-credentials: true
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 82ebd374ff0f5ca4-FRA

GET
H2 200 lang.png
cn.friendshipquiz2022.com/public/images/friends_forever/ 661 B
1 KB 370ms
370ms Image
image/png 2606:4700:20::ac43:4898
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cn.friendshipquiz2022.com/public/images/friends_forever/lang.png

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4898 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf9c6fa44989dd4c596f901f16c35fe611d383f46754231f92457dffa58ca006

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

server-host: as-hi-190-web
date: Fri, 01 Dec 2023 13:55:08 GMT
cf-cache-status: MISS
last-modified: Fri, 14 Jan 2022 07:48:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "16cafc-295-5d58606256040"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DGAWlG4jli0rpDrjP7MYWUvkO4MtczhwqVoquUzDOlhn6IRSuUm%2FAl5v0ODXBuHWk%2But%2BFactfFZTfczKGvsktrl1T66nYnVXePnBL2%2FLqBViyBJO%2BL643glFlGkIFg3kq2H8FdwjoZwdmRiofY7BgcFcBN%2BYQE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 82ebd374eefb5ca4-FRA
content-length: 661

GET
H2 200 friendshipquiz2022-Category61a9af3ed4630.jpg
img.holaquiz.com/public/site_content/quiz/category/ 63 KB
64 KB 840ms
796ms Image
image/jpeg 2606:4700:20::ac43:4937
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.holaquiz.com/public/site_content/quiz/category/friendshipquiz2022-Category61a9af3ed4630.jpg

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4937 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b737b0525dd5b7d5263333545c1bcf47becde1d6b5d17a438b0cb4ba2604f94

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

server-host: as-hi-205-web
date: Fri, 01 Dec 2023 13:55:08 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-length: 64682
last-modified: Fri, 03 Dec 2021 05:46:38 GMT
server: cloudflare
etag: "31823f-fcaa-5d2376e3bcb80"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HDIGQKhqmpG65N7UcNqFfxojAmQfes1Ig02Llo5n1ZPJ30eftX4vaueecLY1A0L9k%2BoeHRX1Etzjp3DPZARCf%2FJhQZgCyGRQO8aTD1H15KdtoBYcquuGhNSbhrV%2FjroSJECzKFUvMSAYzVhhlSE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 82ebd3756c281b35-FRA

GET
H2 200 HolaQuiz-Category634e406641963.jpg
img.holaquiz.com/public/site_content/quiz/category/ 52 KB
52 KB 642ms
642ms Image
image/jpeg 2606:4700:20::ac43:4937
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.holaquiz.com/public/site_content/quiz/category/HolaQuiz-Category634e406641963.jpg

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4937 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a185501e6494aabce4dbbe996abd879f6793d605c5525aead8346f1632de300a

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

server-host: as-hi-205-web
date: Fri, 01 Dec 2023 13:55:08 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-length: 52905
last-modified: Tue, 18 Oct 2022 05:57:58 GMT
server: cloudflare
etag: "31c046-cea9-5eb48c6246580"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6cUH78TP0cnoxnYMQ9c2UvgDl3HL2ocZnsKs0X8B4uTl%2Fv%2FdmghHEUwYL6ZAmEC13%2BUuAbvZmkTtC7P7%2B%2B9JXzbhgy2TJSjalQYgC61mh8ZDO6VUfpmT%2FbK3M8gnsiOMxuB9gOIbbGIlyqV%2Fn9w%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 82ebd3773ee01b35-FRA

GET
H2 200 friendshipquiz2022-Category620cbcbfac2ac.jpg
img.holaquiz.com/public/site_content/quiz/category/ 58 KB
59 KB 649ms
649ms Image
image/jpeg 2606:4700:20::ac43:4937
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.holaquiz.com/public/site_content/quiz/category/friendshipquiz2022-Category620cbcbfac2ac.jpg

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4937 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5a816d74686d4c8dc5a9fbd3f3b34761227ef7d42c7dc6d82dcb5735ad7a57d

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

server-host: as-hi-205-web
date: Fri, 01 Dec 2023 13:55:09 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-length: 59638
last-modified: Wed, 16 Feb 2022 08:58:39 GMT
server: cloudflare
etag: "39409f-e8f6-5d81edb096dc0"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LnjzmEQRCslmQ8ikeNBX0Invqa8LSLKXOPZrxizemdiGcgh9bwVuRDamTKnZ%2Fn7mZKjXxN6IvHxVPNvbF31yLEWPpH7cx9JMs4vdMEhve30kcGh2ijymwuZfrqTB%2ByNXUzxAJsHUn%2BomH2Co2ig%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 82ebd37a6a9c1b35-FRA

GET
H2 200 HolaQuiz-Category62ecc84dd83d7.png
img.holaquiz.com/public/site_content/quiz/category/ 257 KB
258 KB 888ms
886ms Image
image/png 2606:4700:20::ac43:4937
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.holaquiz.com/public/site_content/quiz/category/HolaQuiz-Category62ecc84dd83d7.png

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4937 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2dcdc932ef9d1ab987c479b1fb592eacfe61500f6d43359f318f5d79776ce1f5

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

server-host: as-hi-205-web
date: Fri, 01 Dec 2023 13:55:09 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-length: 263532
last-modified: Fri, 05 Aug 2022 07:35:41 GMT
server: cloudflare
etag: "3183f8-4056c-5e5798358ed40"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4OFWolyOGO%2FWDW%2F2rVGmCrbtnkx5DOzTVNXoH1gRJc0mH%2BpD4DbGhV9c9YDA1kqriDlD7UklrXiIc%2F%2FWNJBoiAaEqmEXjKW2qMyejpDvg%2BKF16u7GbljJewGeYacGwIqjuXsWoRyJrOKIeapEgs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 82ebd37b1b741b35-FRA

GET
H2 200 traditional_custom.jpeg
img.realtest.me/public/site_content/quiz/ck_editor/images/ 21 KB
21 KB 652ms
540ms Image
image/jpeg 2606:4700:20::681a:8e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.realtest.me/public/site_content/quiz/ck_editor/images/traditional_custom.jpeg

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:8e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e4d3266d1899da97717c9737a31a9e6539bc595dbe5504e933c9a8c37bd89cf

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

server-host: as-hi-205-web
date: Fri, 01 Dec 2023 13:55:09 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-length: 21085
last-modified: Wed, 12 Apr 2023 06:26:49 GMT
server: cloudflare
etag: "31e1b7-525d-5f91db1635c40"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2FHc5vPwiJf0ckVYPDk0riskZok8%2BHJ3eqw2f9dEv38ixs%2BTAJ5oHCypwC%2BmW0t5tbb5UQ9DyBzhBRTXgsT4IKBXljRKo2%2BTAf65gnewqrx59l5qeoP7gaUKhSSCbaYoGK%2B%2B0DsbUq8cJa24dw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 82ebd37bcd3b997b-FRA

GET
H2 200 twitter_footer.png
cn.friendshipquiz2022.com/public/images/friends_forever/ 523 B
882 B 373ms
371ms Image
image/png 2606:4700:20::ac43:4898
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cn.friendshipquiz2022.com/public/images/friends_forever/twitter_footer.png

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4898 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63e6f24715518dd6a3520f0b6d768b24ce278787b788154d6fbccc10ac062c1b

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

server-host: as-hi-63-web
date: Fri, 01 Dec 2023 13:55:09 GMT
cf-cache-status: MISS
last-modified: Fri, 14 Jan 2022 07:48:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "16cb12-20b-5d58606256040"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1ZF40keC0f8S%2FMuU1mxzoRkoZ%2FJnK%2F0KamneLNKGVK0sC%2BtTwpPrREswcmBvuCvZf8rX1sWYFMqYj1RTNyFXL%2FecUgfT8ZAmn%2BqK51wLLRWCQJppZm0zFQnPsInAW%2Bh8PObOiMsLgEkfXEXXNTyGJN8XOp2oUgc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 82ebd37b2d2f5ca4-FRA
content-length: 523

GET
H2 200 instagram_footer.png
cn.friendshipquiz2022.com/public/images/friends_forever/ 605 B
978 B 371ms
370ms Image
image/png 2606:4700:20::ac43:4898
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cn.friendshipquiz2022.com/public/images/friends_forever/instagram_footer.png

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4898 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb0fd579388b546353dbf540497787a7fd40b983b99391a764706b984545667d

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

server-host: as-hi-190-web
date: Fri, 01 Dec 2023 13:55:09 GMT
cf-cache-status: MISS
last-modified: Fri, 14 Jan 2022 07:48:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "16caf9-25d-5d58606256040"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HgmeIOEUOSrto7N2Y%2FEXqxuMnB6BImrxnd6339ovRCssZK9MHBSt5ZKLXm8nb5nuD%2FjW4aboaMcd58jUmp%2F7%2FG1Ymj71DxaJnuFLhqd4JpsFH0rGPtfD9zhCu7XIE8UJk5f8xlS2zgM%2Bx71DJfJ0gll8lxl3C%2FM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 82ebd37b2d305ca4-FRA
content-length: 605

GET
H2 200 fb_footer.png
cn.friendshipquiz2022.com/public/images/friends_forever/ 520 B
842 B 373ms
372ms Image
image/png 2606:4700:20::ac43:4898
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cn.friendshipquiz2022.com/public/images/friends_forever/fb_footer.png

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4898 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac7c82b8bb1d0f85cd4e112e5789568360d256d2f3200aabab6f9d1dbce9663c

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

server-host: as-hi-173-web
date: Fri, 01 Dec 2023 13:55:09 GMT
cf-cache-status: MISS
last-modified: Fri, 14 Jan 2022 07:48:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "16caee-208-5d58606256040"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IpP9E0fypGY7L1jJ%2B2EuKjGHfl%2FVKtptoS6SFOOSO4%2BNyGlUF%2Bx57VpjQzzcxq%2Fr6xjcw3iv5hj2dEy2yQKbP9soLgePPz0PeWKc1GBcakJWVlDe5hDU4DDFc%2FaNBfNjYP4CKdg128JGNjFIrmtCNYR%2Bl8Jf9l8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 82ebd37b2d335ca4-FRA
content-length: 520

GET
H2 200 jquery.min.js Show response
cn.friendshipquiz2022.com/public/js/ 94 KB
34 KB 1063ms
1059ms Script
text/javascript 2606:4700:20::ac43:4898
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cn.friendshipquiz2022.com/public/js/jquery.min.js?v=20231120

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4898 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

server-host: as-hi-173-web
date: Fri, 01 Dec 2023 13:55:09 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 14 Oct 2021 06:29:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"16ce29-176f8-5ce4a32c18b80"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qj69YOCqzQdPfLB76esjum6XoTl8PpcmTAYb28hU7eLHJmaZZSyOMhckFHrmbPBWBO01ywIwLgFKXm8KBc2EnrPG%2BjqkARdw2lKQvLuJ9hg%2FnHkid2iEyPx%2BhHuJthWfAW6I26COK97AD9IsjYMyrYom6blmK3c%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 82ebd37b1d225ca4-FRA

GET
H2 200 bootstrap.js Show response
cn.friendshipquiz2022.com/public/js/ 34 KB
10 KB 669ms
665ms Script
text/javascript 2606:4700:20::ac43:4898
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cn.friendshipquiz2022.com/public/js/bootstrap.js?v=20231120

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4898 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57f6d3807b91f5746bee342a67bb053029f637f59ed6afee9f224ab8ef394757

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

server-host: as-hi-190-web
date: Fri, 01 Dec 2023 13:55:09 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 21 Sep 2023 06:56:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"16cb0e-888e-605d8fe5f57c0"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9%2FS4aS1gdTTk2R75jPtxHCyUbb7W4CS8qGmxrrrVBsziTzZc5Yt8SyMTfKItXzpWZwdlpzGY5ubVABvLMRs%2BN7cQOVnKjxBVI9OKdnmtJbDPjxotnwt30gfNdOgsaCNBwums7Hxouv7iA3ZQoJ%2BNRXyJvdjeUDY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 82ebd37b1d245ca4-FRA

GET
H2 200 angular.js Show response
cn.friendshipquiz2022.com/public/js/ 114 KB
41 KB 1065ms
1062ms Script
text/javascript 2606:4700:20::ac43:4898
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cn.friendshipquiz2022.com/public/js/angular.js?v=20231120

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4898 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c72c5cdb8ee97ed1e23f49f9cc0884c795f9c70e85a566453d9701f12cebfe9f

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

server-host: as-hi-177-web
date: Fri, 01 Dec 2023 13:55:09 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 14 Oct 2021 06:29:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"16ce1e-1c61c-5ce4a32c18b80"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LBpbP10TYUhQdO6M1Ep6h2ddyBf6NlFyk%2FgVzFCediO7kEizG5OKyeS2%2Bt3TR77Po9A0e7JA55tQRkZxDqBO%2FFlUgnd00wlH0K3qrqgry29XitrmwuEUHd6xZ3qWvP3%2Fkc61CiRrwzHveYN6nMOkX757fmATmZY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 82ebd37b1d265ca4-FRA

GET
H2 200 angular-sanitize.js Show response
cn.friendshipquiz2022.com/public/js/ 21 KB
7 KB 497ms
494ms Script
text/javascript 2606:4700:20::ac43:4898
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cn.friendshipquiz2022.com/public/js/angular-sanitize.js?v=20231120

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4898 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db668b70fd0021a224a50338fc80f62881fc5e678e84987ff62785d86ab3f320

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

server-host: as-hi-63-web
date: Fri, 01 Dec 2023 13:55:09 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 14 Jan 2022 07:48:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"16ce1c-5536-5d58606256040"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FPUHRxwmDbKwjThKwtaXIZdZFKRPn0429csBy6ZeEct7pR%2BK9EowoXui8X1O%2FgLBnCWzU8M7JpyxXiUKfOBavfHmZ2lxt3DWhCdqSK0SVt4A8c4y2SJgu0p7pMgmqa1Y97KWiajLBqK0jTj6wLtJD9HaJm0Vqso%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 82ebd37b1d275ca4-FRA

GET
H2 200 site_api.js Show response
cn.friendshipquiz2022.com/public/js/ 269 B
507 B 344ms
341ms Script
text/javascript 2606:4700:20::ac43:4898
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cn.friendshipquiz2022.com/public/js/site_api.js?v=20231120

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4898 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a7e4bf63bc70f8c050d0d52aea5b15dddaaf64fd51036cd996130cbb5f58b14

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

server-host: as-hi-187-web
date: Fri, 01 Dec 2023 13:55:08 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 01 Jun 2023 11:40:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"16d113-10d-5fd0fe7a15500"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WAQpy8lkUm58nPzVLPGJp3mlieIOEn6bQaXeHt9kbN4U8l1irsIcYfevXHdh%2F1G1JCt0vfvfIMZJu6Urz4R1zCghlDyvOXh4VpWKGHwo2RtnS0NkkX5HXkuLep89HGpil2NrMqNS7l%2B3jqyaPD1rJzqroHY3PGk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 82ebd37b2d285ca4-FRA

GET
H2 200 s_a_cont.js Show response
cn.friendshipquiz2022.com/public/js/ 97 KB
19 KB 960ms
957ms Script
text/javascript 2606:4700:20::ac43:4898
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cn.friendshipquiz2022.com/public/js/s_a_cont.js?v=20231120

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4898 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba67e5d2e5db0a26ca087c9a9bcdf1ca76a909b0e00de8b692c187c98bfa82e1

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

server-host: as-hi-173-web
date: Fri, 01 Dec 2023 13:55:09 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 24 Nov 2023 04:46:43 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"16ce20-18469-60adea389d2c0"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1f8%2BXzt0ec8jMJZDulwwf6ZyQOsXwmGvWd6kI%2FDJVGRoA%2F61sBuiMo7glo8p0Oqwk9dTN8dS8AUMigcnDd09egncNel%2Fm8ilspEEakn0fuxt%2B3HSm6zn4wkERF5Cs4G0zicEUfBeyi5Jhlhhm%2FDoSsebsKSGpmI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 82ebd37b2d2a5ca4-FRA

GET
H2 200 s_a_ser.js Show response
cn.friendshipquiz2022.com/public/js/ 6 KB
2 KB 340ms
337ms Script
text/javascript 2606:4700:20::ac43:4898
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cn.friendshipquiz2022.com/public/js/s_a_ser.js?v=20231120

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4898 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e04a40af8692b8e76780c014a3f5ad8d55d98fe8a6cd671bbebd32413117888d

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

server-host: as-hi-177-web
date: Fri, 01 Dec 2023 13:55:08 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 08 Feb 2023 11:15:31 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"16d073-198d-5f42e61db7ac0"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BGoxYDXt7mPS0vje3eX1kMyuR25xosLQeXyERiiV11VsMEFIi6zRCFWxEAnpICiGJ%2Be290TGWFqwtSMBavqQRyIn%2B5WCBdny3ZV9VFevKvwDWUU5kGLqyfFPB6%2Fhbr%2BUUupEBFHJ%2BCtPiqAnHoIDd3vqhhhLZiQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 82ebd37b2d2c5ca4-FRA

GET
H2 200 site.js Show response
cn.friendshipquiz2022.com/public/js/ 49 KB
12 KB 717ms
715ms Script
text/javascript 2606:4700:20::ac43:4898
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cn.friendshipquiz2022.com/public/js/site.js?v=20231120

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4898 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9d326d143e17ce184ce94bd819a52c092a13b2cea37cac67fc423984914562c

Security Headers

Name	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

server-host: as-hi-187-web
date: Fri, 01 Dec 2023 13:55:09 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 24 Nov 2023 04:46:43 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"16c37e-c31b-60adea389d2c0"
x-frame-options: ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7XjAQXW%2FL%2FjziDxKTXs8Y%2FF5xiJAO1FSi%2B5QGmzTma%2F9mlqOdGZSy%2BxE9YKtGCCPE0YDspazaYKBlUgRxFffm0ZqRtCiR%2FezEEvW%2F%2F9ItXDx%2FXuoTvFZz3wpQIVfEFI2gRZFAFtdhBH3CTqKPzatNMJHxxAOIWg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 82ebd37b2d2e5ca4-FRA

GET
H2 200 html2canvas.min.js Show response
cdnjs.cloudflare.com/ajax/libs/html2canvas/0.4.1/ 36 KB
11 KB 33ms
15ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/html2canvas/0.4.1/html2canvas.min.js

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

737473b145a0fb2d97963ba71104b42ea59d434e17d43de3db67ddffc24200ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:08 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 300384
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 11066
last-modified: Mon, 04 May 2020 16:11:09 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e9d-9079"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JvNJinaExpDtKEqNlQsXB%2BZpZA%2FPQoSe59nTou6%2F6dWyYGZaQJRmm82XMKYPcNpD1L0wCRcrrMbYfVWG%2B5eGARuv3M71Py9oCYIM7pj2s%2FuD2tJ8pArJwf9g9w%2FJpNIMeHI7VYfBhhPZkT8%2F4vgD06bt"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82ebd37b3c33924d-FRA
expires: Wed, 20 Nov 2024 13:55:08 GMT

GET
H2 200 canvas2image.js Show response
superal.github.io/canvas2image/ 8 KB
3 KB 49ms
8ms Script
application/javascript 2606:50c0:8001::153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://superal.github.io/canvas2image/canvas2image.js
Requested by: Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: 9a03674bfe83fe09eee7aae6106943918be73a009be21468c2bdb1b4ce958fdc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-fastly-request-id: aa593478ed4d9f51d45d7fb3f8b603d9030ff434
date: Fri, 01 Dec 2023 13:55:08 GMT
content-encoding: gzip
via: 1.1 varnish
x-cache-hits: 4
age: 474
x-cache: HIT
x-proxy-cache: HIT
content-length: 2514
x-served-by: cache-fra-eddf8230053-FRA
last-modified: Thu, 27 Oct 2016 14:01:12 GMT
server: GitHub.com
x-github-request-id: 57C4:6DDD:BFA50A:C267A8:65669693
x-timer: S1701438909.699926,VS0,VE1
etag: W/"581208a8-1fcf"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=600
permissions-policy: interest-cohort=()
accept-ranges: bytes
expires: Wed, 29 Nov 2023 01:47:08 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 202 KB
70 KB 84ms
63ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N547JW2

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f5a1358bce26ba1080892d68986a6585f6604dcba6bfd26af426bb59461e3fd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71547
x-xss-protection: 0
last-modified: Fri, 01 Dec 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Dec 2023 13:55:08 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 283 KB
92 KB 26ms
26ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-F1D0DCDYHL&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-126527512-27

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

295f0eeddb27fe87d2b476aa26baa47e5ffc0f0dee23dca0e2179a220f004c42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 94192
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 01 Dec 2023 13:55:08 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 186 KB
67 KB 29ms
29ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-216124835-12&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-126527512-27

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ce6a9938f990b4b22489339f7fcc181d6c16a4cf0891b74e4b1abe1bfc90462e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68974
x-xss-protection: 0
last-modified: Fri, 01 Dec 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Dec 2023 13:55:08 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-126527512-27

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 01 Dec 2023 13:49:38 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 330
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 01 Dec 2023 15:49:38 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 224 KB
79 KB 28ms
27ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-LT965J6N63&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-216124835-12

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4255bacb0aa796ba5ea21355c688198863422015a69d2cf8913ebc871bb08971

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 81285
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 01 Dec 2023 13:55:08 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/ 431 KB
135 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b033f59e4ffeaa6f3e4f2e839c035a14811d5469d3f772eda6056d7d5782c53f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 11:26:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8890
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138149
x-xss-protection: 0
server: cafe
etag: 11558412289700915514
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sat, 30 Nov 2024 11:26:58 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311280101/ 398 KB
135 KB 96ms
81ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311280101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7003191985075097&plah=cn.friendshipquiz2022.com&bust=31079812

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7003191985075097

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0efe4f242ffcd666285267dc3f5b0910bbb397559071764769e967f760e5150e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137671
x-xss-protection: 0
server: cafe
etag: 15194584320922268245
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 13:55:08 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231129/r20190131/ Frame FBED 9 KB
4 KB 27ms
7ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231129/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7003191985075097

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9f6e245ec73203f99ecb888db309a2bdaf91f8696c1cebaa94e477a953fab30a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cn.friendshipquiz2022.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 60939
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4121
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 30 Nov 2023 20:59:29 GMT
etag: 12051592065903069241
expires: Thu, 14 Dec 2023 20:59:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 292 KB
95 KB 16ms
15ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-9QKBNZJYL1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N547JW2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

adaba1a1d73fff1bbde3db9d87855112f40fa0d67555ad3014fb9df0a8586b86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 97272
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 01 Dec 2023 13:55:08 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
54 KB 24ms
8ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N547JW2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 01 Dec 2023 13:55:08 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: yjaS/742WYYXWRO+HMGL0BdQR3SFBkQbrF+ui3BUzgq5b4ZTu4o+JnVFGSUVLaRTQDU20Q4C132adq2DEXw5dQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 150 KB
52 KB 65ms
64ms Fetch
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b13a816e34126e36b42e0941b193a1dd48063d37a41dbe41899fd1ea888be195

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52631
x-xss-protection: 0
server: cafe
etag: 46312795165444687
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 13:55:08 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
214 B 14ms
14ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=525889725&t=pageview&_s=1&dl=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&ul=en-us&de=UTF-8&dt=2023%E5%B9%B4%E7%9C%9F%E6%9C%8B%E5%8F%8B%E6%A8%99%E7%B1%A4%E6%8C%91%E6%88%B0%E8%B3%BD!%20%E7%8F%BE%E5%9C%A8%E5%B0%B1%E6%8E%A5%E5%8F%97%E9%80%99%E5%80%8B%E6%8C%91%E6%88%B0!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=170713629&gjid=435615769&cid=1445266296.1701438909&tid=UA-126527512-27&_gid=399680957.1701438909&_r=1&gtm=457e3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&jsscut=1&z=629940668

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
68 B 14ms
14ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=525889725&t=pageview&_s=1&dl=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&ul=en-us&de=UTF-8&dt=2023%E5%B9%B4%E7%9C%9F%E6%9C%8B%E5%8F%8B%E6%A8%99%E7%B1%A4%E6%8C%91%E6%88%B0%E8%B3%BD!%20%E7%8F%BE%E5%9C%A8%E5%B0%B1%E6%8E%A5%E5%8F%97%E9%80%99%E5%80%8B%E6%8C%91%E6%88%B0!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAACAAI~&jid=927204443&gjid=298377103&cid=1445266296.1701438909&tid=UA-216124835-12&_gid=399680957.1701438909&_r=1&gtm=457e3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&jsscut=1&z=1463817178

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
261 B 35ms
14ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-LT965J6N63&gtm=45je3bt0v9115737579&_p=1701438908651&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1445266296.1701438909&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EAAI&_s=1&sid=1701438908&sct=1&seg=0&dl=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&dt=2023%E5%B9%B4%E7%9C%9F%E6%9C%8B%E5%8F%8B%E6%A8%99%E7%B1%A4%E6%8C%91%E6%88%B0%E8%B3%BD!%20%E7%8F%BE%E5%9C%A8%E5%B0%B1%E6%8E%A5%E5%8F%97%E9%80%99%E5%80%8B%E6%8C%91%E6%88%B0!&en=page_view&_fv=1&_ss=1&tfd=1650
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-LT965J6N63&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 14ms
13ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-F1D0DCDYHL&gtm=45je3bt0v893201685&_p=1701438908651&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1445266296.1701438909&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EAAI&_s=1&sid=1701438908&sct=1&seg=0&dl=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&dt=2023%E5%B9%B4%E7%9C%9F%E6%9C%8B%E5%8F%8B%E6%A8%99%E7%B1%A4%E6%8C%91%E6%88%B0%E8%B3%BD!%20%E7%8F%BE%E5%9C%A8%E5%B0%B1%E6%8E%A5%E5%8F%97%E9%80%99%E5%80%8B%E6%8C%91%E6%88%B0!&en=page_view&_fv=1&_ss=1&tfd=1683
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-F1D0DCDYHL&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
47 B 51ms
17ms Ping
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-F1D0DCDYHL&cid=1445266296.1701438909&gtm=45je3bt0v893201685&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-F1D0DCDYHL&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 51ms
31ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-F1D0DCDYHL&cid=1445266296.1701438909&gtm=45je3bt0v893201685&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=2049690041

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
356 B 41ms
17ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-126527512-27&cid=1445266296.1701438909&jid=170713629&gjid=435615769&_gid=399680957.1701438909&_u=YEBAAUAAAAAAACAAI~&z=2076523471

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 01 Dec 2023 13:55:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
45 B 14ms
14ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-9QKBNZJYL1&gtm=45je3bt0v899789978z8858329937&_p=1701438908651&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1445266296.1701438909&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=Ag&_s=1&sid=1701438908&sct=1&seg=0&dl=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&dt=2023%E5%B9%B4%E7%9C%9F%E6%9C%8B%E5%8F%8B%E6%A8%99%E7%B1%A4%E6%8C%91%E6%88%B0%E8%B3%BD!%20%E7%8F%BE%E5%9C%A8%E5%B0%B1%E6%8E%A5%E5%8F%97%E9%80%99%E5%80%8B%E6%8C%91%E6%88%B0!&en=page_view&_fv=1&_ss=1&tfd=1721
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-9QKBNZJYL1&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
54 B 17ms
16ms Ping
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-9QKBNZJYL1&cid=1445266296.1701438909&gtm=45je3bt0v899789978z8858329937&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-9QKBNZJYL1&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 32ms
32ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-9QKBNZJYL1&cid=1445266296.1701438909&gtm=45je3bt0v899789978z8858329937&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=467150449

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 14ms
13ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-9QKBNZJYL1&gtm=45je3bt0v899789978&_p=1701438908651&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1445266296.1701438909&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAg&_s=2&sid=1701438908&sct=1&seg=0&dl=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&dt=2023%E5%B9%B4%E7%9C%9F%E6%9C%8B%E5%8F%8B%E6%A8%99%E7%B1%A4%E6%8C%91%E6%88%B0%E8%B3%BD!%20%E7%8F%BE%E5%9C%A8%E5%B0%B1%E6%8E%A5%E5%8F%97%E9%80%99%E5%80%8B%E6%8C%91%E6%88%B0!&en=page_location&_et=1&tfd=1728
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-9QKBNZJYL1&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 13ms
13ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-9QKBNZJYL1&gtm=45je3bt0v899789978&_p=1701438908651&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1445266296.1701438909&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AkA&_s=3&sid=1701438908&sct=1&seg=0&dl=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&dt=2023%E5%B9%B4%E7%9C%9F%E6%9C%8B%E5%8F%8B%E6%A8%99%E7%B1%A4%E6%8C%91%E6%88%B0%E8%B3%BD!%20%E7%8F%BE%E5%9C%A8%E5%B0%B1%E6%8E%A5%E5%8F%97%E9%80%99%E5%80%8B%E6%8C%91%E6%88%B0!&en=scroll&epn.percent_scrolled=90&_et=4&tfd=1730
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-9QKBNZJYL1&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 433976035387592 Show response
connect.facebook.net/signals/config/ 139 KB
36 KB 146ms
146ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/433976035387592?v=2.9.138&r=stable&domain=cn.friendshipquiz2022.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ed2a554b4e67b7fb75be198b6f6a81d20c06987015f6c32a5ba704d6fc70b16e

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 01 Dec 2023 13:55:09 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: UIuvk+jTN8FIR62ovKpcltDtzpuOd343KLMeGhktJu09fc7rKoTgNw76qEUtfwE3kYgrDnDCsf0GlxCs28wZkQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 52ms
32ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-126527512-27&cid=1445266296.1701438909&jid=170713629&_u=YEBAAUAAAAAAACAAI~&z=1628900870

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 31ms
31ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-126527512-27&cid=1445266296.1701438909&jid=170713629&_u=YEBAAUAAAAAAACAAI~&z=1628900870

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ 483 B
1 KB 47ms
15ms Script
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 13:55:08 GMT
Content-Encoding: br
CF-Cache-Status: HIT
Last-Modified: Mon, 27 Nov 2023 07:14:08 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Age: 369620
ETag: W/"922cffdd75f7192f75231d92684885aa"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZT%2BUX13fgdBOAnv1sv2iVpX4uuNoRTd2iOlnK9Hww1aOMJ5GwLBoG5I5sba2HYOp%2F%2FWvYowvdl9oWsJzFih1x0cPNFc%2F%2FR%2Bbgr3SPLEfsSS3232l85qMQQp4CoJUwqoNfR7sdu17dwHWeeSD"}],"group":"cf-nel","max_age":604800}
Cache-Control: public, max-age=1800
Connection: keep-alive
CF-RAY: 82ebd37d082a39e8-FRA

GET
H2

200

/
sync.pubwise.io/usersync/adaptmxdspban2/
Redirect Chain

https://sync.pubwise.io/usersync2/pubwisedirect
https://prebid.a-mo.net/cchain/0?cb=https%3A%2F%2Fsync.pubwise.io%2Fusersync%2Fadaptmxdspban2%2F
https://sync.pubwise.io/usersync/adaptmxdspban2/

43 B
97 B

94ms
94ms

Image
image/gif

139.178.67.5
PACKET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.pubwise.io/usersync/adaptmxdspban2/
Requested by: Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/
Protocol: H2
Server: 139.178.67.5 Parsippany, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: nginx/1.21.6 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:09 GMT
server: nginx/1.21.6

Redirect headers

location: https://sync.pubwise.io/usersync/adaptmxdspban2/
date: Fri, 01 Dec 2023 13:55:08 GMT
cache-control: max-age=0, private, must-revalidate
x-envoy-upstream-service-time: 0
server: envoy
content-length: 0

POST
H2 200 auction Show response
pbs.pubwise.io/openrtb2/ 231 B
482 B 207ms
122ms XHR
application/json 2a00:1450:4001:812::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pbs.pubwise.io/openrtb2/auction
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 8f481b5bcd63b5520e8565327a241ca70e6ae72543151dff2373f5d29bd2431f

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:09 GMT
server: Google Frontend
x-prebid: pbs-go/0.255.0
vary: Origin
content-type: application/json
access-control-allow-origin: https://cn.friendshipquiz2022.com
x-cloud-trace-context: cced9cb88a6dc270fe15b7eb5419427e
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 231
expires: 0

POST
H2 200 hb-multi Show response
hb.yellowblue.io/ 105 B
460 B 169ms
72ms XHR
application/json 52.30.181.208
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.yellowblue.io/hb-multi
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.30.181.208 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-181-208.eu-west-1.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 66f5781f587f8005892713ebe3cd1c91cc9727d6bdd3c676a6761b944c1754a6

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 01 Dec 2023 13:55:09 GMT
server: istio-envoy
x-reason: maxmind hosting provider
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://cn.friendshipquiz2022.com
content-type: application/json
access-control-allow-credentials: true
x-envoy-upstream-service-time: 40
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length: 105

POST
H2 204 pbjs Show response
useast.quantumdex.io/auction/ 0
272 B 129ms
104ms XHR
text/plain 2606:4700:10::ac43:2ac9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://useast.quantumdex.io/auction/pbjs
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://cn.friendshipquiz2022.com
date: Fri, 01 Dec 2023 13:55:09 GMT
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82ebd37d2e4d65d1-FRA
access-control-allow-methods: POST, GET

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ 361 B
933 B 31ms
16ms XHR
application/json 37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4bff8e4514921bff17a1e78597fd0c2e7ecee686846e3403c809a1df2a79c61f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:08 GMT
an-x-request-uuid: 96e4e568-5282-4395-8f2a-259b9dcacaf7
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 138.199.38.132; 138.199.38.132; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 361
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 arj Show response
pubwise-d.openx.net/w/1.0/ 73 B
376 B 84ms
20ms XHR
application/json 35.244.159.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://pubwise-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=0665fc56-b516-4de5-8781-88e71ff5e2f1%2Caae95735-95c6-46ea-84c7-4998eb01ee39%2C5c115bf3-533b-4f05-ad5f-4759fa53c948&nocache=1701438908953&pubcid=5a9e0712-8f27-4caf-9658-9bca2b595385&schain=1.0%2C1!pubwise.io%2Ca70ee0%2C1%2C%2C%2C&aus=728x90%7C728x90%7C320x50&divids=fq2022_ATF_728x90%2Cfq2022_BTF_728x90%2Cfq2022_320x50_footer&aucs=%252F21759293390%252Ffq2022_ATF_728x90%2C%252F21759293390%252Ffq2022_BTF_728x90%2Cfq2022_320x50_footer&auid=557945576%2C557945576%2C557945576
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 562a90e48abfcf078bcb8e187e981487912ae93feea123f1782f9f20896851ea

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:09 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: application/json
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 200 prebid Show response
mp.4dex.io/ 60 B
404 B 58ms
28ms XHR
application/json 2606:4700:4400::6812:22b2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22b2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 77b47b7a038f38916adbe760bc262fe2aa75e9f2a0d67621d19ad74e41acdb39

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:09 GMT
x-err: Shapings: no adunits with size and seat and mapping
x-version: 3.0.0-gcp-ams
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
content-encoding: gzip
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 82ebd37d2bde30e2-FRA
expires: 0

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 371 B
911 B 168ms
114ms XHR
application/json 2602:803:c003:200::44
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19602&site_id=445830&zone_id=2575006&size_id=2&rp_schain=1.0,1!pubwise.io,a70ee0,1,,,&eid_pubcid.org=5a9e0712-8f27-4caf-9658-9bca2b595385%5E1&rf=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&kw=2023%E5%B9%B4%E7%9C%9F%E6%9C%8B%E5%8F%8B%E6%A8%99%E7%B1%A4%E6%8C%91%E6%88%B0%E8%B3%BD%2C%E5%89%B5%E5%BB%BA%E4%BD%A0%E7%9A%84%E6%8C%91%E6%88%B0%EF%BC%8C%E8%88%87%E4%BD%A0%E7%9A%84%E6%9C%8B%E5%8F%8B%E5%88%86%E4%BA%AB%EF%BC%8C%E7%9C%8B%E7%9C%8B%E8%AA%B0%E6%98%AF%E4%BD%A0%E7%9A%84%E7%9C%9F%E6%9C%8B%E5%8F%8B%EF%BC%9F&tg_i.page=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&tg_i.domain=cn.friendshipquiz2022.com&tg_i.pbadslot=%2F21759293390%2Ffq2022_ATF_728x90&tk_flint=pbjs_lite_v7.33.0&x_source.tid=0665fc56-b516-4de5-8781-88e71ff5e2f1&l_pb_bid_id=25fba4448af37e4&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21759293390%2Ffq2022_ATF_728x90&slots=1&rand=0.20767105791305718
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: f5531aacc62eaa1fa42ddbb52866ea4c11ed4d07926eb8675c85bcc963ea4000

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:09 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 371
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 371 B
729 B 184ms
130ms XHR
application/json 2602:803:c003:200::44
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19602&site_id=445830&zone_id=2575006&size_id=2&rp_schain=1.0,1!pubwise.io,a70ee0,1,,,&eid_pubcid.org=5a9e0712-8f27-4caf-9658-9bca2b595385%5E1&rf=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&kw=2023%E5%B9%B4%E7%9C%9F%E6%9C%8B%E5%8F%8B%E6%A8%99%E7%B1%A4%E6%8C%91%E6%88%B0%E8%B3%BD%2C%E5%89%B5%E5%BB%BA%E4%BD%A0%E7%9A%84%E6%8C%91%E6%88%B0%EF%BC%8C%E8%88%87%E4%BD%A0%E7%9A%84%E6%9C%8B%E5%8F%8B%E5%88%86%E4%BA%AB%EF%BC%8C%E7%9C%8B%E7%9C%8B%E8%AA%B0%E6%98%AF%E4%BD%A0%E7%9A%84%E7%9C%9F%E6%9C%8B%E5%8F%8B%EF%BC%9F&tg_i.page=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&tg_i.domain=cn.friendshipquiz2022.com&tg_i.pbadslot=%2F21759293390%2Ffq2022_BTF_728x90&tk_flint=pbjs_lite_v7.33.0&x_source.tid=aae95735-95c6-46ea-84c7-4998eb01ee39&l_pb_bid_id=2689193931a9368&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21759293390%2Ffq2022_BTF_728x90&slots=1&rand=0.05476810934716125
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: c40357d87c7a7f2c344dd2542718c072e6c6df2ad7c5c9ffb008a81696dc31ab

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:09 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 371
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 12 KB
6 KB 203ms
150ms XHR
application/json 2602:803:c003:200::44
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19602&site_id=445830&zone_id=2575006&size_id=43&rp_schain=1.0,1!pubwise.io,a70ee0,1,,,&eid_pubcid.org=5a9e0712-8f27-4caf-9658-9bca2b595385%5E1&rf=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&kw=2023%E5%B9%B4%E7%9C%9F%E6%9C%8B%E5%8F%8B%E6%A8%99%E7%B1%A4%E6%8C%91%E6%88%B0%E8%B3%BD%2C%E5%89%B5%E5%BB%BA%E4%BD%A0%E7%9A%84%E6%8C%91%E6%88%B0%EF%BC%8C%E8%88%87%E4%BD%A0%E7%9A%84%E6%9C%8B%E5%8F%8B%E5%88%86%E4%BA%AB%EF%BC%8C%E7%9C%8B%E7%9C%8B%E8%AA%B0%E6%98%AF%E4%BD%A0%E7%9A%84%E7%9C%9F%E6%9C%8B%E5%8F%8B%EF%BC%9F&tg_i.page=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&tg_i.domain=cn.friendshipquiz2022.com&tg_i.pbadslot=fq2022_320x50_footer&tk_flint=pbjs_lite_v7.33.0&x_source.tid=5c115bf3-533b-4f05-ad5f-4759fa53c948&l_pb_bid_id=27449f766c44655&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.04579319832124629
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 967708adb7f0c1d0e157c84b612535a7dc1bf2f17cb6482e34ec4565daa406a2

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:09 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 369 B
629 B 145ms
72ms XHR
application/json 34.255.245.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?lt=1701438908957&to=-60&aun=fq2022_ATF_728x90&pubcid=5a9e0712-8f27-4caf-9658-9bca2b595385&gpid=%2F21759293390%2Ffq2022_ATF_728x90&t=oeabcez1&pi=3&maxw=728&maxh=90&si=3&bf=728x90&schain=1.0%2C1!pubwise.io%2Ca70ee0%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&ce=false&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.33.0%22%7D&ogu=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&ns=10240
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.255.245.69 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-255-245-69.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 442b640b55f08adab45026546c08b9dddb05de589ddeb5ad7a9c28b219192614

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:09 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 369 B
629 B 143ms
71ms XHR
application/json 34.255.245.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?lt=1701438908957&to=-60&aun=fq2022_BTF_728x90&pubcid=5a9e0712-8f27-4caf-9658-9bca2b595385&gpid=%2F21759293390%2Ffq2022_BTF_728x90&t=oeabcez1&pi=3&maxw=728&maxh=90&si=3&bf=728x90&schain=1.0%2C1!pubwise.io%2Ca70ee0%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&ce=false&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.33.0%22%7D&ogu=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&ns=10240
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.255.245.69 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-255-245-69.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: f59f5cdad1043d40faa8065096c35e8d0bfe04f545030bacbfac6471364c62d0

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:09 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 369 B
630 B 146ms
74ms XHR
application/json 34.255.245.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?lt=1701438908957&to=-60&aun=fq2022_320x50_footer&pubcid=5a9e0712-8f27-4caf-9658-9bca2b595385&gpid=fq2022_320x50_footer&t=oeabcez1&pi=3&maxw=320&maxh=50&si=3&bf=320x50&schain=1.0%2C1!pubwise.io%2Ca70ee0%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&ce=false&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.33.0%22%7D&ogu=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&ns=10240
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.255.245.69 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-255-245-69.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: ad0c0144b9f6cbd37c5d1531fbfffa610d35aaa7ff43b64dbebc6a458208801a

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:09 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
2 KB 238ms
219ms XHR
application/json 34.120.63.153
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CU75OYJ3
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.63.153 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 153.63.120.34.bc.googleusercontent.com
Software: envoy /
Resource Hash: 95bb3eaf0e9d9efc5a8970687a2b17e905537b2beaa1dcd787ad02c705243def

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:09 GMT
via: 1.1 google
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
server: envoy
content-type: application/json;charset=utf-8
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 202
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 01 Dec 2023 13:55:08 GMT

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
362 B 146ms
28ms XHR
text/plain 145.40.97.67
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.97.67 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://cn.friendshipquiz2022.com
date: Fri, 01 Dec 2023 13:55:08 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 12
server: envoy
vary: origin, Accept-Encoding

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
579 B 34ms
8ms XHR
application/json 3.69.155.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=7.33.0&referrer=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&tmax=1400

Requested by

Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.69.155.84 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-69-155-84.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:08 GMT
accept-ch: sec-ch-width,sec-ch-viewport-height,sec-ch-save-data,sec-ch-ect,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-device-memory,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-full-version,sec-ch-ua-arch,sec-ch-rtt,sec-ch-ua-mobile,sec-ch-viewport-width,sec-ch-downlink,sec-ch-ua-full-version-list,sec-ch-prefers-color-scheme,sec-ch-ua-platform,sec-ch-dpr,user-agent
x-auction-status: 5, 5, 5
content-type: application/json; charset=utf-8
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 87 B
161 B 127ms
105ms XHR
application/json 34.149.20.76
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=d4Z_Loo2ur7BmNrkHcnnVW
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 2db8a0a3e12473188d443ef7099794647d646e7f000173a4d80efe5e1c77157a

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 01 Dec 2023 13:55:09 GMT
content-encoding: gzip
via: 1.1 google
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
status: 200 OK
access-control-allow-origin: https://cn.friendshipquiz2022.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 87 B
179 B 130ms
109ms XHR
application/json 34.149.20.76
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=d4Z_Loo2ur7BmNrkHcnnVW
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 2db8a0a3e12473188d443ef7099794647d646e7f000173a4d80efe5e1c77157a

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 01 Dec 2023 13:55:09 GMT
content-encoding: gzip
via: 1.1 google
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
status: 200 OK
access-control-allow-origin: https://cn.friendshipquiz2022.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 87 B
358 B 126ms
105ms XHR
application/json 34.149.20.76
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=d4Z_Loo2ur7BmNrkHcnnVW
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 2db8a0a3e12473188d443ef7099794647d646e7f000173a4d80efe5e1c77157a

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 01 Dec 2023 13:55:09 GMT
content-encoding: gzip
via: 1.1 google
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
status: 200 OK
access-control-allow-origin: https://cn.friendshipquiz2022.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 83C4 315 KB
89 KB 696ms
696ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7003191985075097&output=html&adk=1812271804&adf=3025194257&lmt=1701438908&plaf=7%3A2&plat=3%3A128%2C4%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701438908762&bpp=2&bdt=1109&idt=204&shv=r20231129&mjsv=m202311280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6337855700552&frm=20&pv=2&ga_vid=1445266296.1701438909&ga_sid=1701438909&ga_hid=525889725&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078297%2C31079812%2C44807749%2C44807763%2C44808148%2C44808284%2C44809072&oid=2&pvsid=1812535096313103&tmod=385957929&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=213

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311280101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7003191985075097&plah=cn.friendshipquiz2022.com&bust=31079812

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a01d4697c573f58e7767751f7e71fff08322f15c98d2f11ec8c2f8bee36c9ef1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cn.friendshipquiz2022.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 90716
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 13:55:09 GMT
expires: Fri, 01 Dec 2023 13:55:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/ 75 KB
24 KB 115ms
102ms Fetch
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26305a08644b4f51b55812cf0ecf879c22da303a365b3d2769baa1b54c028c4d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 13:55:09 GMT
Content-Encoding: br
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Nov 2023 07:14:07 GMT
Server: cloudflare
ETag: W/"6faf3acfde3bb82adada71be4fc1deb0"
Vary: Origin, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p0MUUFJMfMZ1fj3IMgrx9tDzuA4MskpYVnBhdFg79Z7Bf9SNYUKkYdTcFknd84rRd9VBY40zqKa9dAOcLfpHXegXCb6jq5PnlMOXjtLTV1G51WZOqpEDqrX%2BIO4D38WT5sjOFrOfQgbWuqQt"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Cache-Control: public, max-age=1800
CF-RAY: 82ebd37d4fd62c79-FRA

GET
H3 200 312859934377354 Show response
connect.facebook.net/signals/config/ 133 KB
35 KB 149ms
149ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/312859934377354?v=2.9.138&r=stable&domain=cn.friendshipquiz2022.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5efeb7fce5704344f6f4b94d54662363451fc28c9532d6009d855658aade1b92

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 01 Dec 2023 13:55:09 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: Ba1m7W5VzrWNuOPya5DE7g1LJbPLeSKz4mG/zZgIcqe94G4/NR1/ZlGkcnuzL2EpN4wE/qX8wXKp4rxpmDIglw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 22ms
7ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=433976035387592&ev=PageView&dl=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&rl=&if=false&ts=1701438909075&sw=1600&sh=1200&v=2.9.138&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1701438909074.2016244654&cs_est=true&ler=empty&it=1701438908912&coo=false&tm=1&rqm=GET

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 01 Dec 2023 13:55:09 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 144 KB
52 KB 942ms
934ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1812535096313103&correlator=2710087831497168&eid=31079240%2C31079783%2C31079527&output=ldjh&gdfp_req=1&vrg=202311150101&ptt=17&impl=fifs&iu_parts=21759293390%2Cfq2022_ATF_728x90%2Cfq2022_BTF_728x90&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=728x90%2C728x90&ifi=2&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701438909208&lmt=1701438909&adxs=-12245933%2C-12245933&adys=-12245933%2C-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1%7C-1&ucis=1%7C2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&vis=1&psz=0x0%7C0x0&msz=0x0%7C0x0&fws=128%2C128&ohw=0%2C0&ga_vid=1445266296.1701438909&ga_sid=1701438909&ga_hid=525889725&ga_fc=true&dlt=1701438907654&idt=1175&prev_scp=refresh%3Dtrue%7Crefresh%3Dtrue&cust_params=page%3Dhome%26lang%3Dcn&adks=1825163562%2C3091440892&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9cbc98e8f827f5bf7d7b3f9892a103449f680023978df5e642725f280888d982

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:10 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53490
x-xss-protection: 0
google-lineitem-id: -1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0D1C 6 KB
3 KB 127ms
15ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cn.friendshipquiz2022.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 13:55:09 GMT
expires: Sat, 30 Nov 2024 13:55:09 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 7ms
7ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=433976035387592&ev=PageView&dl=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&rl=&if=false&ts=1701438909249&sw=1600&sh=1200&v=2.9.138&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=4126&fbp=fb.1.1701438909074.2016244654&cs_est=true&ler=empty&it=1701438908912&coo=false&rqm=GET

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 01 Dec 2023 13:55:09 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 7ms
7ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=312859934377354&ev=PageView&dl=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&rl=&if=false&ts=1701438909249&sw=1600&sh=1200&v=2.9.138&r=stable&a=tmgoogletagmanager&ec=0&o=4126&fbp=fb.1.1701438909074.2016244654&ler=empty&it=1701438908912&coo=false&rqm=GET

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 01 Dec 2023 13:55:09 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 204 / Show response
api.pubwise.io/api/v8/event/add/ 0
183 B 528ms
463ms XHR
text/plain 130.211.34.132
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.pubwise.io/api/v8/event/add/
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.34.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 132.34.211.130.bc.googleusercontent.com
Software: nginx/1.19.8 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 01 Dec 2023 13:55:09 GMT
x-bes: pw-api-v8log-zzxh
via: 1.1 google
server: nginx/1.19.8
vary: Origin
access-control-allow-origin: https://cn.friendshipquiz2022.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311280101/ 160 KB
55 KB 63ms
63ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311280101/reactive_library_fy2021.js?bust=31079812

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f8757ec93adfe3dcfc33ad9f5ae28aca9dd843f87e015c41cde2adaf108d5d91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:09 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55931
x-xss-protection: 0
server: cafe
etag: 18420945195776416365
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 13:55:09 GMT

GET
H3 200 slotcar_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311280101/ 93 KB
32 KB 91ms
91ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311280101/slotcar_library_fy2021.js?bust=31079812

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7003191985075097

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

257b7f77931c8219281a4151064b6a82fa6fa167591dbc6c066aea5f65d03022

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:09 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32941
x-xss-protection: 0
server: cafe
etag: 3624000659260770521
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 13:55:09 GMT

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 29ms
8ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,400;0,500;0,600;0,700;0,800;1,600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://cn.friendshipquiz2022.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 00:19:52 GMT
x-content-type-options: nosniff
age: 567317
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7816
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 00:19:52 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 26ms
7ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,400;0,500;0,600;0,700;0,800;1,600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://cn.friendshipquiz2022.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 19:33:17 GMT
x-content-type-options: nosniff
age: 584512
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 19:33:17 GMT

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1JlFc-K.woff2
fonts.gstatic.com/s/poppins/v20/ 5 KB
5 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1JlFc-K.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,400;0,500;0,600;0,700;0,800;1,600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ce2c84c474fb80b33e347ae6f356796021d6fd42e88a6352fc6e9ca0b22bd63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://cn.friendshipquiz2022.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 17:10:39 GMT
x-content-type-options: nosniff
age: 161070
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5384
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:11:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Nov 2024 17:10:39 GMT

GET
H3 200 pxiByp8kv8JHgFVrLCz7Z11lFc-K.woff2
fonts.gstatic.com/s/poppins/v20/ 38 KB
38 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z11lFc-K.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,400;0,500;0,600;0,700;0,800;1,600&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6197a4123dfc798c91a85e5e1fde08a54770adfcdfd7300ff70dd26459cea817

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://cn.friendshipquiz2022.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 17:22:53 GMT
x-content-type-options: nosniff
age: 160336
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39148
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:11:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Nov 2024 17:22:53 GMT

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231129/r20110914/ Frame B657 9 KB
4 KB 8ms
7ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231129/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9f6e245ec73203f99ecb888db309a2bdaf91f8696c1cebaa94e477a953fab30a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cn.friendshipquiz2022.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 49803
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4121
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 00:05:06 GMT
etag: 12051592065903069241
expires: Fri, 15 Dec 2023 00:05:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231129/r20110914/ Frame 8F50 9 KB
4 KB 7ms
6ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231129/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9f6e245ec73203f99ecb888db309a2bdaf91f8696c1cebaa94e477a953fab30a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cn.friendshipquiz2022.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 49803
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4121
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 00:05:06 GMT
etag: 12051592065903069241
expires: Fri, 15 Dec 2023 00:05:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame B657 4 KB
767 B 27ms
26ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231129/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 01 Dec 2023 13:55:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 01 Dec 2023 13:25:39 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 01 Dec 2023 13:55:09 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame B657 205 B
296 B 30ms
8ms Image
image/png 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231129/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 18:06:55 GMT
x-content-type-options: nosniff
age: 71294
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 29 Nov 2024 18:06:55 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame B657 604 B
1 KB 29ms
7ms Image
image/png 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231129/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:48:04 GMT
x-content-type-options: nosniff
age: 162425
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 28 Nov 2024 16:48:04 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/ Frame B657 16 KB
7 KB 38ms
9ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231129/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a6df8215439f8c1a4f31e4407a93cdb72cfc12b525cc378678ad717f8451325d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 23:01:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53600
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6758
x-xss-protection: 0
server: cafe
etag: 13232977368472197749
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 23:01:49 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/ Frame B657 22 KB
9 KB 36ms
8ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231129/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bbbf189ee0fd46edc91bdc96aeac86c78c35c8d497ecd9a786ef318ccb62e985

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 22:37:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55073
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9189
x-xss-protection: 0
server: cafe
etag: 14682237860056745894
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 22:37:16 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7D15 0
20 B 49ms
48ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARjD-r7cATAB&v=APEucNXnApzFx22YnSQgfUMerFWq4rIAujCiJFR9p8CSLYZxq9p6iKUTdDVSR7el3iTiuMykTgH4Z1VsjfQPpD6fPr16wH4KAw

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231129/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 13:55:09 GMT
expires: Fri, 01 Dec 2023 13:55:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/ Frame F52D 24 KB
9 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/abg_lite_fy2021.js

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b67ad968ba3668562f331df45b73501e17c7c166bcf7e5443c33633cbc9d5783

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 22:40:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54853
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9305
x-xss-protection: 0
server: cafe
etag: 13635642240219548939
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 22:40:56 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/ Frame F52D 7 KB
3 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 09:45:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14979
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Dec 2023 09:45:30 GMT

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame F52D 0
0 97ms
54ms Fetch
image/gif 216.58.212.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsu9Jk5FnGyt7ovIlTq1ujRmTy1Q5Rddkg54vi0ItM5mh6gWaC3Ziwe4hfB7K-yRViR5q4Bk7v2JsRiRcU0UfLW0m1FkQoly-bSsY2t7dFcqCfQmrmbPDf-DCLs1xa9rQQq64JS2IvPdu4BOG5E_cyu6FlXNxAHyov-ZZ7n43ptI8KbS1sWZvJE3WbxSkJG1UUvc8TVsPTrOv2Wpv8CCUQT5DoKo9HeD9AgrO0rgGUBl1xVHxFwOpTv88LyDz-lCmOa-_oIhHstlhLzDHRb5YHa4t_IBOt9i1E09gTwejjBluGIkWAjV8TYjeEIuYZx0ytwzFd9Dtb9kqRpLr9pAa5xnVgqJGrm7iX_2JX0BH2GBsE8qy62T7hpL2rQ8IPO35c8zUa1PrQlapaFdFuNKVNWzInD_CvBtwq_E_HOAOy09Xu1v9svRVelfgfe0nyUWsGQyiq8E27vSFVXF3A1IQ-zsALs0X0krJqChxDu6A3lPybzlfZeMptItirxbch1vM9bQyrVR952FUwqWWNIWBVi96eJ1Il4bEg4ImLsZOyqTwPZpNCOW2IicVeGJlkZKcz6cTo4BPAjqRohKUz8HktvAcFisBBb5i6Q1sNfnzEUrCAGwyrf4wI275Jif8V4Ip1cz1urmDNMJrQ5699_Zqo7V1OMJtoc_iMKT4inEoyCMSCKFXTFpdZUVy7-GYdlqKMy1sHOX7UTs_Efi-JpMWwB5NsfJU9hdArPKUjppX49PtPpOtkvU2BEUKf_r24n6zCzqM25e0bx7kC8QAkTa1w7x_5sjqtRdKMBQk9d42MZ-oJg93WylidgPag_f-KBeoctrs7GpPwNAfFlfTsLc03B8d9qrMIY0bISIxDKolGJLZLo9ERYkxw9Q7916XwWxGgCkmEOIa782Dj0X0AEXyBECoSF68gmZcp69qDf_DYNMxuZNGe7tGTKh0QVOsOHVZNEat85jSSjDe1XaZzGHkZ6PFk-9536WzFaZYrEh2UtKsy_jrZBnhK5Q8ABBn1zxfnMjfIYJnDyeN42xv7rrHocUxupgXD_Jli8O191kHH8wU56lsTk5oxdp6E1ebhxwNKGK2kPROeW_RR1kpHfHP2h3u-zKHoIchcXtxBmL6VE7sbz3TFYDBnRt6uh_Kgw_Y9hUHm6R6zrHb7B69WaeXHbH0gRnZFBoRYM8PRmivKtOQtsOHIZcgrHE2qhnNAVHrXPa8ta1jjpxVBQ-ER01MEv4rSMhMb5CfCMrydacgdNUE5tN_WwwRdrqIsJDTlwbLAUTBpqGndrVGWOmnqQnHiyQNUGKTN6BajT3bZncZAqdfUfELYBns1-7GZSO25yffzFKrlTN7OZ0HyXWezlIRRF0RimaLyLiUZrIKw&sai=AMfl-YSjht8_DLFK3bqh74qX9g0X5ZlwXkKpdYquozE6NbxPymAy7XDHe1AdKnYOiD7Whsyp5a3QFQX3aJ5ciTzsyaWX4UvuEs4s-4jQhtDvV1dzQyHRFQpTiuHCUPhkR7V7ZZDpYwKfPpzUC377Eyx9EhjFEmcoo6k6qFT-LFTcZHRW5BAt5BVjZyMRZzGaZTfbLRmWjH4B38jTFk6zTyDyYP8wKkkNxdBOpbCXucyDmebuXaos0c98Zj2EaiQLiUxZYyKH0Zw-H9S-Uh7BIYUx1LNhKrKHBWAyqSdYEzhG9HOMHOWCbIKkJIt8zGhY_G0Oji4B6LFt54OIqo0vaoJnw2t8d5HdR1jinTb63mfUKluhXsMLEkc6M8VB6lKzSLNS6W2dfJ7FRCJiexF5iwjnHH3COsvVXkJcbXkypLN4qo8t6GZls4_IrFTFmWB0AjGIW7ouAvGWXuic3GBQZerB-IqCpVf8rO555coSgTJlfjE5iA655uk9_k65G3Tv9Z6DmbJVXf7Pn_X7&sig=Cg0ArKJSzPy9WKLxq5DNEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9maXZlcnIuY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20231129.49672&arae=0&ftch=1&adurl=

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 01 Dec 2023 13:55:09 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Dec 2023 13:55:09 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame F52D 41 KB
14 KB 29ms
15ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 509867
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 16:17:22 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame F52D 3 KB
1 KB 30ms
16ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/window_focus_fy2021.js

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 19:59:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64551
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 19:59:18 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame F52D 20 KB
8 KB 25ms
11ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09b186dc119230c8ab2c806d31bcc8dd4a0a2ba347165f35156422307b8e10ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 19:59:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64551
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8544
x-xss-protection: 0
server: cafe
etag: 17124069415086231762
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 19:59:18 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame F52D 202 KB
64 KB 65ms
49ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1adb10c9a5878dd4306d66ff94ae27a07cbe47f57b34dec9a807e5d2d426eee0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65067
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701261208926228"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Dec 2023 13:55:09 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F52D 42 B
63 B 41ms
41ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BuqYMR_aweRcqO6CtGlERCD-4AmXwqy-KMRrfCik5Flw-7oJw4JtfHYcpzABKKeAj4gQqt80IHytggDWulwEy5ZITekMxzGbrEjj8jJcc-3i-m2P4

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 14760175816907913160
s0.2mdn.net/simgad/ Frame F52D 24 KB
24 KB 49ms
7ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/14760175816907913160

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231129/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

baf28ddd2dcf0a7ea32052eb7a066df465ef72054ec9d90ac2cdb981006dcb70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 09:33:26 GMT
x-content-type-options: nosniff
age: 15703
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24186
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 07:06:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 30 Nov 2024 09:33:26 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 794A 14 KB
1 KB 20ms
20ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231129/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 01 Dec 2023 13:55:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 01 Dec 2023 12:21:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 01 Dec 2023 13:55:09 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame 794A 2 KB
902 B 7ms
6ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231129/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 12:24:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5456
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Dec 2023 12:24:13 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/ Frame 794A 24 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231129/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b67ad968ba3668562f331df45b73501e17c7c166bcf7e5443c33633cbc9d5783

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 12:23:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5499
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9305
x-xss-protection: 0
server: cafe
etag: 13635642240219548939
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Dec 2023 12:23:30 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 71B6 143 B
166 B 11ms
11ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231129/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231129/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 401
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 13:48:28 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame 794A 3 KB
1 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231129/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 19:59:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64551
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 19:59:18 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame 794A 20 KB
8 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231129/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09b186dc119230c8ab2c806d31bcc8dd4a0a2ba347165f35156422307b8e10ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 19:59:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64551
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8544
x-xss-protection: 0
server: cafe
etag: 17124069415086231762
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 19:59:18 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 794A 202 KB
64 KB 82ms
81ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231129/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1adb10c9a5878dd4306d66ff94ae27a07cbe47f57b34dec9a807e5d2d426eee0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65067
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701261208926228"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Dec 2023 13:55:09 GMT

GET
H2 200 a6de5423b7c632060e8f86136bd5d27a.js Show response
www.gstatic.com/mysidia/ Frame 794A 37 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a6de5423b7c632060e8f86136bd5d27a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231129/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 07:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 281681
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15478
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 14:10:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 26 Feb 2024 07:40:28 GMT

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 9E08 38 KB
13 KB 8ms
6ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 5502
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 12:23:27 GMT
expires: Sat, 30 Nov 2024 12:23:27 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame F52D 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0f0215b545d433a392f578cc36dc8ecf84539bdd4aac5f5b8bcf116beb009aea

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 71B6
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

16ms
16ms

Document
text/html

2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231129/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 13:55:09 GMT
expires: Fri, 01 Dec 2023 13:55:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 13:55:09 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame F52D 0
0 45ms
45ms Fetch
image/gif 216.58.212.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsu9Jk5FnGyt7ovIlTq1ujRmTy1Q5Rddkg54vi0ItM5mh6gWaC3Ziwe4hfB7K-yRViR5q4Bk7v2JsRiRcU0UfLW0m1FkQoly-bSsY2t7dFcqCfQmrmbPDf-DCLs1xa9rQQq64JS2IvPdu4BOG5E_cyu6FlXNxAHyov-ZZ7n43ptI8KbS1sWZvJE3WbxSkJG1UUvc8TVsPTrOv2Wpv8CCUQT5DoKo9HeD9AgrO0rgGUBl1xVHxFwOpTv88LyDz-lCmOa-_oIhHstlhLzDHRb5YHa4t_IBOt9i1E09gTwejjBluGIkWAjV8TYjeEIuYZx0ytwzFd9Dtb9kqRpLr9pAa5xnVgqJGrm7iX_2JX0BH2GBsE8qy62T7hpL2rQ8IPO35c8zUa1PrQlapaFdFuNKVNWzInD_CvBtwq_E_HOAOy09Xu1v9svRVelfgfe0nyUWsGQyiq8E27vSFVXF3A1IQ-zsALs0X0krJqChxDu6A3lPybzlfZeMptItirxbch1vM9bQyrVR952FUwqWWNIWBVi96eJ1Il4bEg4ImLsZOyqTwPZpNCOW2IicVeGJlkZKcz6cTo4BPAjqRohKUz8HktvAcFisBBb5i6Q1sNfnzEUrCAGwyrf4wI275Jif8V4Ip1cz1urmDNMJrQ5699_Zqo7V1OMJtoc_iMKT4inEoyCMSCKFXTFpdZUVy7-GYdlqKMy1sHOX7UTs_Efi-JpMWwB5NsfJU9hdArPKUjppX49PtPpOtkvU2BEUKf_r24n6zCzqM25e0bx7kC8QAkTa1w7x_5sjqtRdKMBQk9d42MZ-oJg93WylidgPag_f-KBeoctrs7GpPwNAfFlfTsLc03B8d9qrMIY0bISIxDKolGJLZLo9ERYkxw9Q7916XwWxGgCkmEOIa782Dj0X0AEXyBECoSF68gmZcp69qDf_DYNMxuZNGe7tGTKh0QVOsOHVZNEat85jSSjDe1XaZzGHkZ6PFk-9536WzFaZYrEh2UtKsy_jrZBnhK5Q8ABBn1zxfnMjfIYJnDyeN42xv7rrHocUxupgXD_Jli8O191kHH8wU56lsTk5oxdp6E1ebhxwNKGK2kPROeW_RR1kpHfHP2h3u-zKHoIchcXtxBmL6VE7sbz3TFYDBnRt6uh_Kgw_Y9hUHm6R6zrHb7B69WaeXHbH0gRnZFBoRYM8PRmivKtOQtsOHIZcgrHE2qhnNAVHrXPa8ta1jjpxVBQ-ER01MEv4rSMhMb5CfCMrydacgdNUE5tN_WwwRdrqIsJDTlwbLAUTBpqGndrVGWOmnqQnHiyQNUGKTN6BajT3bZncZAqdfUfELYBns1-7GZSO25yffzFKrlTN7OZ0HyXWezlIRRF0RimaLyLiUZrIKw&sai=AMfl-YSjht8_DLFK3bqh74qX9g0X5ZlwXkKpdYquozE6NbxPymAy7XDHe1AdKnYOiD7Whsyp5a3QFQX3aJ5ciTzsyaWX4UvuEs4s-4jQhtDvV1dzQyHRFQpTiuHCUPhkR7V7ZZDpYwKfPpzUC377Eyx9EhjFEmcoo6k6qFT-LFTcZHRW5BAt5BVjZyMRZzGaZTfbLRmWjH4B38jTFk6zTyDyYP8wKkkNxdBOpbCXucyDmebuXaos0c98Zj2EaiQLiUxZYyKH0Zw-H9S-Uh7BIYUx1LNhKrKHBWAyqSdYEzhG9HOMHOWCbIKkJIt8zGhY_G0Oji4B6LFt54OIqo0vaoJnw2t8d5HdR1jinTb63mfUKluhXsMLEkc6M8VB6lKzSLNS6W2dfJ7FRCJiexF5iwjnHH3COsvVXkJcbXkypLN4qo8t6GZls4_IrFTFmWB0AjGIW7ouAvGWXuic3GBQZerB-IqCpVf8rO555coSgTJlfjE5iA655uk9_k65G3Tv9Z6DmbJVXf7Pn_X7&sig=Cg0ArKJSzPy9WKLxq5DNEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9maXZlcnIuY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=62&vt=11&dtpt=61&dett=2&cstd=0&cisv=r20231129.49672&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:09 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 9E08 39 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 10:34:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12023
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 30 Nov 2024 10:34:46 GMT

POST
H3 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 42ms
41ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7003191985075097
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H3 200 1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js Show response
pagead2.googlesyndication.com/bg/ Frame A71D 51 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7fee07b08f21a5a9c385220b8e279007527e8bfb32434d53da04727600362ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 11:48:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7601
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19719
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 30 Nov 2024 11:48:29 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9E08 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BRsw9veVpZaGHBL3rtOUP6uqJ0AIAAAAAOAHgBAI&bg=!2Nul25TNAAY3kmNgF5I7ADQBe5WfOG88b0ZEAl5Uz-wupZPMIQ35FpJv4ni28UJDmx-bwbm9dHan7W3gKTNYZbHPmVSqAgAAAG1SAAAAAmgBB5kDJVYQIvSG4MA3ewaAYuyV3o0r0GlXviuDfSIm2-w8Q9fy1b1oC3GEgbbwICDTuNUMXaW0hSRcuFUyZ3wR6Vny07m_RaoaMtj8J0xUJjrTwACP_Qjdr21PGvyxKCXNMCZE0FX4uqETVd9Bzw0A6j9E-5QdEzDE73Jz2-X6l5MLoKQaJA8FHJkC42YmPxTaT-a7kCP86PxYWqsA1fTWYCUVfKkAXmiIZKjIrSutLlL99r81jLa2N6Ssp1Xv6weDlL6PsZdmQnhS0KlS57CuzPTyeu5zkk3Y7WDgezOJEQeE34jYdsFQBnB7Ku8AW2K0ii1mezXXWikmCWtRjeTHR4Xa0P9sq8Zy77mCNKkmWnaSuF1-VZ4dWc8BTV8-q8sOtMc3PB_UY-kdz7A36O3-fCPC3BnDJd91UfBukVUqiDIMxsUh_2hhJXnQe0kew5rQNbDFf6pVLT1VOaGxTjrWdPMR-ehsOoNyyppJaML0UrnBVr6OUOVoTF1UMoVMKsCqPYHQAffwI3O-8K5sFk9-aPfB2-dYnu1fSTzf03W8JKwKELNLzACLqq_zqqJnOPZnB9nbWTIgd_wYiZqsZWjgkT0vIerE7QPvvMNQBefQcIyjpI0JYZljgRyiOGkJeqweQAFH6jJTMEETejeL3TdOUVJ4ryu9c1N4Xb364XfAxG1lSElqaPN6fuwoR2Plyv8otU77_SyuQUSJDOxdJKJtywf6qVq8QTnHAJ56a7QSDMg-y9hhailkrXgVtjCEIu9MgL7flry06dbE8h8WzTz3kecCoMeDvpuEPVWGiEG_1u9e3hyA8QyJ48mSlVqJ3FLcZPP9TU1VvS09I8aVDKGp7a4bot5lQUVAxmGvAtm4lc1Tmr3rC7PG9vdKdV4RoW7smNp__uoacHuRGpNx7xiU2ius5uD-DRk6PjK_R11CWOZTpM1GPARawCxdVeypV-bh4DIVhup-Tn03ECiehIB5g7c8ztY-zZN1zTjRDb-dji1axo4WKaiOqFpfjm2jFErZScfD9Q8ddIBGvapkoJMKu1DexaeHxdlAB7mXc66LRKIFw3XkryoLJOg

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 64ms
64ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231129&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a7c103dcd91c8435d96ab66b6295a26231dd992c08ea1ec4532fb561f162c2a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:10 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12445
x-xss-protection: 0

POST
H3 204 collect
region1.analytics.google.com/g/ 0
17 B 15ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-F1D0DCDYHL&gtm=45je3bt0v893201685&_p=1701438908651&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1445266296.1701438909&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EEAI&_s=2&sid=1701438908&sct=1&seg=0&dl=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&dt=2023%E5%B9%B4%E7%9C%9F%E6%9C%8B%E5%8F%8B%E6%A8%99%E7%B1%A4%E6%8C%91%E6%88%B0%E8%B3%BD!%20%E7%8F%BE%E5%9C%A8%E5%B0%B1%E6%8E%A5%E5%8F%97%E9%80%99%E5%80%8B%E6%8C%91%E6%88%B0!&en=scroll&epn.percent_scrolled=90&_et=20&tfd=2924
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-F1D0DCDYHL&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D41A 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cn.friendshipquiz2022.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 13:55:09 GMT
expires: Sat, 30 Nov 2024 13:55:09 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 72ms
72ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 01 Dec 2023 13:55:10 GMT

GET
H2 200 container.html Show response
c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4EAB 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cn.friendshipquiz2022.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 13:55:09 GMT
expires: Sat, 30 Nov 2024 13:55:09 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7B49 624 B
245 B 49ms
48ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvmmQEQhsbxhwQYhM3l7gEwAQ&v=APEucNXthB7hlTGRcNsw2IArl3QsBN4N4XxX0lMxAKzVlLGXexpo3TJeMNEcYZCT7SAkSr2dYqJPvm-8oXxPVzsx5Evp1jAyFFc_Cimk3aleY0mmMu7O3JL8mVyBAvjKHQfJ6dXmZ9uiIm4BekceBf0CzwUUDZWj_G3VfMw23gDdbEhAZUwHCB0

Requested by

Host: c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
URL: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 13:55:10 GMT
expires: Fri, 01 Dec 2023 13:55:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame D41A 89 KB
31 KB 65ms
65ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
URL: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:10 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 13:55:10 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D41A 42 B
63 B 42ms
42ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Coq-V_r67jpooRbTGrZm3BKz9ZhakZw7DLGZVKjxHBarepMRb5IonDtYhenBiXO9VUsTI5yAosNYC6B6eawOxviI3mYMhMJ6nzp04WpgTICGx3irc

Requested by

Host: c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
URL: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D41A 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=15768765844247879758&x=1&ct=77

Requested by

Host: c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
URL: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame D41A 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/window_focus_fy2021.js

Requested by

Host: c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
URL: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 19:59:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64552
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 19:59:18 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame D41A 20 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
URL: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09b186dc119230c8ab2c806d31bcc8dd4a0a2ba347165f35156422307b8e10ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 19:59:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64552
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8544
x-xss-protection: 0
server: cafe
etag: 17124069415086231762
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 19:59:18 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame D41A 202 KB
64 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
URL: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1adb10c9a5878dd4306d66ff94ae27a07cbe47f57b34dec9a807e5d2d426eee0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65067
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701261208926228"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Dec 2023 13:55:10 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F501 640 B
265 B 49ms
49ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMY94To4gEwAQ&v=APEucNWQYPhaWis7KmhuyOOpriXwOPO28spaD1nxa5A54iQB8py9Eigr97wvvCHjfF-Os2Yz7tZL62jMiF97lhFjXD0WBhU9NzOxyAUKQAhIzdTjGbSvFL1ZDNLPDCQdkvDLE_ShAtUGh-f_z8LVrP-EOEO9E-5BSqDeW8wyLnRV-DNSl0MVm8U

Requested by

Host: c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
URL: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 13:55:10 GMT
expires: Fri, 01 Dec 2023 13:55:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 4EAB 172 KB
60 KB 22ms
7ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
Origin: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 11:48:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7601
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 11:48:29 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/ Frame 4EAB 7 KB
3 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 09:45:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14980
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Dec 2023 09:45:30 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/ Frame 4EAB 24 KB
9 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/abg_lite_fy2021.js

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b67ad968ba3668562f331df45b73501e17c7c166bcf7e5443c33633cbc9d5783

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 22:40:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54854
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9305
x-xss-protection: 0
server: cafe
etag: 13635642240219548939
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 22:40:56 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 4EAB 41 KB
14 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 509868
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 16:17:22 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame 4EAB 3 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/window_focus_fy2021.js

Requested by

Host: c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
URL: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 19:59:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64552
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 19:59:18 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame 4EAB 20 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
URL: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09b186dc119230c8ab2c806d31bcc8dd4a0a2ba347165f35156422307b8e10ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 19:59:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64552
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8544
x-xss-protection: 0
server: cafe
etag: 17124069415086231762
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 19:59:18 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4EAB 42 B
63 B 46ms
46ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A4G_hSfWoaYCHZ6y9trDblLG9pi5YipvXEKAxhgTPdwJ5g9JeY7FpBHwjc6KbGV3lQNg9qFEKHWUI54aMUQdjOcJMxcUXby2bWESzDQJvhudmqHts

Requested by

Host: c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
URL: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4EAB 202 KB
64 KB 71ms
71ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
URL: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1adb10c9a5878dd4306d66ff94ae27a07cbe47f57b34dec9a807e5d2d426eee0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65067
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701261208926228"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Dec 2023 13:55:10 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame C6DE 38 KB
13 KB 7ms
6ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 5503
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 12:23:27 GMT
expires: Sat, 30 Nov 2024 12:23:27 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 4EAB 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 92b095a78bd2239b1ef158151eeeba1c4f53da5310a2f13b4af35391bbfd9407

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame C6DE 39 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 10:34:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12024
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 30 Nov 2024 10:34:46 GMT

GET
H2 200 index.html Show response
s0.2mdn.net/sadbundle/15415463092317913147/ Frame 3A37 1 KB
875 B 43ms
42ms Document
text/html 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Zey4gjmDmL&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

51c012cf2461bf8b29f345373366183c7fd121579b6178e942be0b61d8c7da14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 739
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 13:55:10 GMT
expires: Sat, 30 Nov 2024 13:55:10 GMT
last-modified: Thu, 27 Apr 2023 13:50:29 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 4EAB 0
0 55ms
54ms Fetch
image/gif 216.58.212.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjst5S9vTL3a-I74KkyTUdB8JMp2WtlzzCV6DTuYR8Y8pzRrBa8cg1p8itVWC1YwJ2z2X5LbDcPo5ufTPM4gWZWQH1x2883Cx54nJyjAiopvxg9DlWCRfpQA60tgNA6pjYYZ-H8p4m_oLyVJUFBEv7HFemAsUX8qxsqC58_Tai7aBBqwnKkiLAxxdZz01XSF1kfdvnQAtcf3795NatmlA7GnwcKN-FSVGuRBFWMFpAF-qM2P5rAZ04DQ7gnSiNpP5K3m4Fc7caYARsxmp-DNyC4TYzepDwtdAoKN39L6DYVbXMMuW9ZN00qxrvtmizR2yykHD5gUSZVLs0DaoiQ4jhBTYNoxCE7T3lXg5PnWx6guO6KiunIcqlqHG7-UmzV4p-ijOjzFjlj3bkIrzqXkXZ63PRZ_rSKnoQJCYgEeJLHO551g0_JR2I_i_vsN2IbWwDTNN5cN7_2u2d3Vj8A9HKD_zmwKMpGVGvR5FiZ_JLL1Sfn-PAmEDMJItD47pWdy_33RJvSbTFFetPZCGDbfjPQiMTKAGzkg7tLugfaao9ZW3s_5mcJ10f_lrs6Pl-fGxVTNeXf9Sm-37ZND7f6ru6LDBBl1PG6bk275rGoj1cPG_lFrfzYWTfZp5iKsa6AAI4YrP3ztcYzZrDrLRIOPqM2cybmS5lZ7EfMtNh7QCpFlBmsqqW79coUVY_uZn6RyEsC3u3hOW4HmQ2dzhyO2hJY7-PTWJdj07f3xXamCiU_nB92VyPjNEp7z-AXLZrewzgTxwzQShIh8hOdLLm46_XhoDXEekQzUJJJIG9JlhAYsWQP63TO4cG3A7GA8yRvGmfXuvEMRsyMl5usBQgV-SlUHkl1jj1kTmM7g3A4ZXKjvBHCsR473ws4by33b72pYlg_ZAJcGLRi3PGhzs9MggB09WMhNJ3TyLhGpn25OdDaB4Ln0-tuGXc6RUCrPMPaHXBvhifC23x1SHwXiRpDzUezHHt1xu2gA2GTjxQsEwlENl847HLnfwcD2ANa1OtgjLi6eHvFsuTL2S3ETmrLQCGKNxb8XaneJTXbpy5acGw2sQS2uCFsXcNV5_aR8oMLnu-12OAFXDDDP9waVs0sdLTcuFZH1EtqUD8m_uDzGFzuGKVTcdKhNk_7eZV9P5q3hojeYYRQ6Fcc63lLx_WVIVk8uiLwNLTAcY1BO4oOlTbbNJ7ctPMECYryGK7ilnz2rdMMV7dM05NKbytDyAaEDmpmWFz1G8u9kFPcXyPwg4tEj0OMJRedxdH0nvOwU60se72y2UFfE4KFMD1WueontqXTGL7KHaQ7DUTZDgqzYtPtarUKE11wnKYS1WD55g9my9Sas972eVwUyQpJsFs6BdxPZDyqNoB5yYNWWfpEPmPg3pKcuH0YLr46pY4wyqHlGGkGJz4ewvThf7BhciT6ZdDmc9KsnfMlk3Q8l9L9WJxg4ZC_qbbwNrNdWN55QstrR9q34cXhjvyI-LiIROIRyFv6Xrg0EvP5I&sai=AMfl-YSr4bV7iPqN15Jm3jfr6EwC-b4tzqjqjRUdxB5igOYXmtsG3o4YCLfdUD4fu6nRqCBMAZKEvPcpRgJG1ZIQAgThBBN5yHVl04GV5gls6LdQQ0I6XJfYBQiut8nWOOnivte0c3qF583hYuNHUqbpaCNpghUOKmBQfdDGNYsSj_JurNSD0Mz9t2rXVaKey0ekxxgl894j8IZ9UFEiwkibE-zV02cdWkGuzuNcvK4AREjvHp8rZUNMmr-MxxVkbK34ck-cyxx3JEesl3dHveLc-S5qA0ERZmW-m-EOGVy1gVksWS4XjmPuenwlm16eCcsAQLO_zZnvWr9R7Y7NOF5J6wKQERY1DzWCzeMGEYp7FGNKqKStc-KI02OA1lkoFx2D59HI9laP6-QJ15BoL1qdzo7A2a6lx8CRa98yrM5i3cLRc5fGJg61Vi1YzFfVKqQs8D18_Lg0PW0AYO8OKt3kZ2sbccqHPtoSkHGJ-sYZ3ONO-F_tHPLMVpGSo_xODXuOKJl2krD9E6RCGw&sig=Cg0ArKJSzFH8pt1Cjj0nEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9sdWZ0aGFuc2EuY29tLGh0dHBzOi8vZXhhY3RhZy5jb20&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=39&cbvp=1&cstd=34&cisv=r20231129.76052&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 01 Dec 2023 13:55:10 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame 4EAB 43 B
1 KB 116ms
27ms Image
image/gif 213.202.235.10
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=63&extPu=lh-mindshare&extProvApi=lh_de&extLi=26915561&extCr=180481255&extPm=361577826&gdpr_consent=&gdpr=

Requested by

Host: c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
URL: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

213.202.235.10 Düsseldorf, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Fri, 01 Dec 2023 13:55:10 GMT
X-Content-Type-Options: nosniff
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Fr, 01 Dez 2023 01:55:10 GMT
X-ET-Code: 0
Accept-CH: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1119
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 7B49
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAj6897SU0oQD91f6vLkhjA&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAj6897SU0oQD91f6vLkhjA&google_cver=1&C=1

43 B
769 B

25ms
25ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAj6897SU0oQD91f6vLkhjA&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvmmQEQhsbxhwQYhM3l7gEwAQ&v=APEucNXthB7hlTGRcNsw2IArl3QsBN4N4XxX0lMxAKzVlLGXexpo3TJeMNEcYZCT7SAkSr2dYqJPvm-8oXxPVzsx5Evp1jAyFFc_Cimk3aleY0mmMu7O3JL8mVyBAvjKHQfJ6dXmZ9uiIm4BekceBf0CzwUUDZWj_G3VfMw23gDdbEhAZUwHCB0
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qGOsnxrxwUBXuSc4tfc2zpBJlGBPI1olDCNo2LP2aVmJ7QLMnj%2BTKJtAZtWaiaXruUX2qvm6pVKnjqE97Xj1NqzwH8g38N3KvhKuCQPQDrjI65ryBC11PM26%2FNhVmI%2BHuLd0yjMEcXyWdw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82ebd385792f2c79-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6eBiNwrmjwUi1dYdl%2FkxO%2BaAxpViB681Yil%2FrtY16%2FMxD7xl5zhqhltTZF6rqVM0s9L15y4zvGETJAGV4JcZM1kosFB01f%2F5s35ouHd99Nd83n5CshvsqcBITdfo%2FexVI7G%2FcqAnolA0jg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEAj6897SU0oQD91f6vLkhjA&google_cver=1&C=1
cache-control: no-cache
cf-ray: 82ebd3855d4a5c74-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 7B49
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWnlvq9TbiwhRYtFI0xKZwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAj6897SU0oQD91f6vLkhjA&google_cver=1

43 B
729 B

20ms
20ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAj6897SU0oQD91f6vLkhjA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvmmQEQhsbxhwQYhM3l7gEwAQ&v=APEucNXthB7hlTGRcNsw2IArl3QsBN4N4XxX0lMxAKzVlLGXexpo3TJeMNEcYZCT7SAkSr2dYqJPvm-8oXxPVzsx5Evp1jAyFFc_Cimk3aleY0mmMu7O3JL8mVyBAvjKHQfJ6dXmZ9uiIm4BekceBf0CzwUUDZWj_G3VfMw23gDdbEhAZUwHCB0
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bH7KV%2FyBtJcGXYctsQrY25hxJgDG6ZMuKbsfZ2B6jMKc3g3B3Ui2Y8gdKT6VzDAEdxyK2aLOQLxRtRP4grV12zyMeBYWCnjsNDe107ImdatmKwxC1h31VLE9IWLbMgExPgX6dDKQy14pag%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82ebd385b9602c79-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAj6897SU0oQD91f6vLkhjA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 7B49
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESED-QqkZLCAG3QwGwxtAPMU4&google_cver=1

43 B
842 B

7ms
6ms

Image
image/gif

37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESED-QqkZLCAG3QwGwxtAPMU4&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvmmQEQhsbxhwQYhM3l7gEwAQ&v=APEucNXthB7hlTGRcNsw2IArl3QsBN4N4XxX0lMxAKzVlLGXexpo3TJeMNEcYZCT7SAkSr2dYqJPvm-8oXxPVzsx5Evp1jAyFFc_Cimk3aleY0mmMu7O3JL8mVyBAvjKHQfJ6dXmZ9uiIm4BekceBf0CzwUUDZWj_G3VfMw23gDdbEhAZUwHCB0

Protocol

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
an-x-request-uuid: 161a5902-0c38-4172-8110-9b0367745db8
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 138.199.38.132; 138.199.38.132; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESED-QqkZLCAG3QwGwxtAPMU4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7B49
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzMyNjkxMzY2MjYwOTc0MDA1OQ%3D%3D

170 B
188 B

28ms
28ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzMyNjkxMzY2MjYwOTc0MDA1OQ%3D%3D

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
an-x-request-uuid: 8f211cdc-3063-4c0f-88a9-231e36d10d08
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzMyNjkxMzY2MjYwOTc0MDA1OQ%3D%3D
x-proxy-origin: 138.199.38.132; 138.199.38.132; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame F501
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPzW0cnUU9XDyDJOC9ZapF8&google_cver=1

43 B
105 B

16ms
16ms

Image
image/gif

35.244.159.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPzW0cnUU9XDyDJOC9ZapF8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMY94To4gEwAQ&v=APEucNWQYPhaWis7KmhuyOOpriXwOPO28spaD1nxa5A54iQB8py9Eigr97wvvCHjfF-Os2Yz7tZL62jMiF97lhFjXD0WBhU9NzOxyAUKQAhIzdTjGbSvFL1ZDNLPDCQdkvDLE_ShAtUGh-f_z8LVrP-EOEO9E-5BSqDeW8wyLnRV-DNSl0MVm8U
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPzW0cnUU9XDyDJOC9ZapF8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame F501 43 B
131 B 39ms
17ms Image
image/gif 35.244.159.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMY94To4gEwAQ&v=APEucNWQYPhaWis7KmhuyOOpriXwOPO28spaD1nxa5A54iQB8py9Eigr97wvvCHjfF-Os2Yz7tZL62jMiF97lhFjXD0WBhU9NzOxyAUKQAhIzdTjGbSvFL1ZDNLPDCQdkvDLE_ShAtUGh-f_z8LVrP-EOEO9E-5BSqDeW8wyLnRV-DNSl0MVm8U
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame F501
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEBUTFTO5V2rqEKYZu8sTnac&google_cver=1

23 B
163 B

36ms
34ms

Image
image/gif

2.16.97.41
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEBUTFTO5V2rqEKYZu8sTnac&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMY94To4gEwAQ&v=APEucNWQYPhaWis7KmhuyOOpriXwOPO28spaD1nxa5A54iQB8py9Eigr97wvvCHjfF-Os2Yz7tZL62jMiF97lhFjXD0WBhU9NzOxyAUKQAhIzdTjGbSvFL1ZDNLPDCQdkvDLE_ShAtUGh-f_z8LVrP-EOEO9E-5BSqDeW8wyLnRV-DNSl0MVm8U
Protocol: H2
Server: 2.16.97.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-16-97-41.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

expires: Fri, 01 Dec 2023 13:55:10 GMT
pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEBUTFTO5V2rqEKYZu8sTnac&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame F501 23 B
163 B 68ms
33ms Image
image/gif 2.16.97.41
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMY94To4gEwAQ&v=APEucNWQYPhaWis7KmhuyOOpriXwOPO28spaD1nxa5A54iQB8py9Eigr97wvvCHjfF-Os2Yz7tZL62jMiF97lhFjXD0WBhU9NzOxyAUKQAhIzdTjGbSvFL1ZDNLPDCQdkvDLE_ShAtUGh-f_z8LVrP-EOEO9E-5BSqDeW8wyLnRV-DNSl0MVm8U
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.97.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-16-97-41.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

expires: Fri, 01 Dec 2023 13:55:10 GMT
pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame C5B2 13 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cn.friendshipquiz2022.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 56321
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 30 Nov 2023 22:16:29 GMT
expires: Fri, 29 Nov 2024 22:16:29 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 21FF 829 B
559 B 18ms
18ms Document
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

893dfc6a97255b3a7dde5cea214ce45a2eb28a08e3bad48cdd44a6597710cc2e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ZicZYChkpgYyRgHt8R_uhw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cn.friendshipquiz2022.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-ZicZYChkpgYyRgHt8R_uhw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 13:55:10 GMT
expires: Fri, 01 Dec 2023 13:55:10 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D41A 0
20 B 45ms
45ms Ping
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5764410344066&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D41A 0
20 B 43ms
42ms Ping
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5764410344066&version=m202309260101&ct=77&x=1&cor=15768765844247880000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame D41A 34 KB
19 KB 56ms
56ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Cq1ag_5kKz9S-3cBMuI_vp8xB3Vnr7QC7U4miqp960VDAu3WetDPo-V02NH_BxXYAn206TyOxHZ8UrPrA6YLtezKSfQPUKXNdQ6jsX7ZiJYIqt0ymjIEc7ZEQoNH5DjJ0oNj1cv2nNoEBMRhJ7469jdk2t553MQqHFh1ZQ-kY9rDcE0gc&cry=1&dbm_d=AKAmf-C87Jps4qTa3GRaKfS8k3ldEQosklyh-jKNLnL5uVgDfBsHkbfs1Z2PU1oZhap9tN_W6fa5oamjenZ5R4su3ZXJsbPUBnKVXTMH8BwQdLig_m1_oc-zO7-7SOEhJGtl9KIc3k9obW6ESINTYp6U4C0_fksySa5lVmawsxPH9ksjFujJfaKBr_ryFyKPhqwf4P_RDUVEjH07zPbmwkUWRVreTSgWwFS42IpeblmeuU-tRGlEyaswPYBwLJKOJPNftaEOP1WZugYGwuJcUUUeuRoqgFN23Adtnx7VHQcKwdbDEid2GR-RlxQ2m3EqDIoPJVPVT7X4MATyvaGzjOa_r1Kl6lwgrISxjhn8GvF11918flyF-_m81HT2sfu4Sai4VrRp2Sl_A3eJbC79072Zm5t7x9O_1hyIfUMH8hMm9xzwRzUK6XgI1d-9R3SXRTHb1w2TDHw4nkL-5DFxrM5elzdnVz3Ir83pKr6LU2xID1pXgTD48K3SswkqKqy-nJF1pt3VkuvUz08WDkjkmuhmOJgpo1_wK-bmsUkLhRNEAAAuYvjIJJOFvZMcNK_TDe6aQYbATL9siDKl4Wc5fcS8BTpm5eEW_PSj_jQqzWOFm0B5oDcEnhmCYZ0SUsJx82cPexmxYSCtgz85n0ivfzHkSixC3bAUyrY0yHpJBnWiBm55_TVh4VpYfC0TFyu5-VAcJo4IRFIv1-555Ym85eSteXfgSlaynjsi0YB_JuzJXPWkw_CzdsDG0aQlwPWYMQkPsrSTVGcVSkp566l8Dm7i1_DdJ5V1Tk0q_uyhUa0X_4FoU-Qt07YE6HpwLieJ2jj6XQ7rUHNZCJeTd1SEJS5pUtU-dRX_cLXsg2zMKbXPOLMouYd2xOy-PweFOXoKtGSyjIJNjlWF_6CcGfqLQCOJ4Rj4lNlXm62iND630tvxE1LP6jsSeVCc4fuJl2WdWqA0U8J9nuFCu1EtCVDLeKmIu5rhhU47DHwQdvPHx2tI2uQLnI6Ex2lrCU34RvU6P2aC2BkZxieFyGfsdpKJRPYD5Mw0-mxugTxacKSPmKb7fE422nQbFn0mZGBt80yynZLCMbv8x_EMlSJ3ACmYLYsOIzMGlJc5ym7ekqBLnzn-5027_17iqWMjlqdlmPLsY396N3QaHAIB1zcijALEa_ofixoU1B0DRLndxdS9AcPozRXF5ugm4o5HwRl6O-RnDzaeNfxcAvywqC0Ed6hW6C3qx3zkIohb3chNUkth5lqMn3nU59y7zRxFcn1WI6kRf95AOO1CkeeHQC19EVdN1gRmZU7DKAi_YvsQYdCpm2yV52XV541iNyBw-FQPj--86KHWV2juNrxMEt0z9XyzCHbXaCJmLGvJ0iI4CEfD_Vn1riWQSVUoSrzCRgf8RedbUcVF8jh8Sr9s4ncg2a3FHfr4WWnYleQ8ng1pk6GenQADo7ti0gNPS7rsgRcK8S8aQLj875UE-9-ImqmkDnxPhQ2ewUNriXpA40H7s3Eu8oxttV3RCPcf423k9ix28ZdzJBEbfviwFQLsojs55pr60_YWz-4-uvaUGS-kINhZdTViQJOb3e1lw6BVk_8Wov5CKyK3T7yEz766sZtVXqIPxTV0KwjHDi6xIJ_SjvuKP6FVH-nkdfgr0npKtinSGpMc5_8JTErPpeqG3VSLu_a8zM9pFnA_S9mZ1V7L_NRSaDhEkhfh_CDZeA2eiAeqvr8i0TVCMRh-ZD2vpTUYx1Sxs9QoX0WTNNyb9ufZ7jEURabW_x2oj41dZ4oUWKQtx8D2Xk3Bhvgptvv-MqfiFAbYullWY3j39o9p-ZDyF4IaHssjVWNa-u6Dc4DwkFBotSc7B328DnebYFv1YBju8U0Hou56dC71g2BphPl4laKbDWyeGSxzHRsbaMUSM4vYlByt0sL9cuUWK3mYsxZh4Iq62wG1v5_q-E0ZKdFMmv_22mkHMAnYiUmfeqCl68P1r_jx8tO2vl2mtK8Qx9Y7KGrjeAwsOjoab5_L0lBeW4qROQwn9qDyLw6LOV_L65qIaz06HXpbJ-ovpd0-WEMQIu9XlWyrlp_99o7bQRNJrRaC9PWRi-gd56WOE7Cd_V_IWCtYfA0ClyqDdgBDHx9pbOg30wDKZuDp85Jsoy9zHySyFcayINQxM1r6Dmi3khTq8u9zBg5zCih_mRVLVugfmec_2GH55xElzA8fFm4ecHzV5xY1WW3PvNZab5mQXq-HXl2Uu2gsEN2plGBTamVuczv7CO-Yz0akGkBqaBM09-5aXZKXVeIhtlvoC_V2hwWJGQXuhb4vy_kw50iKa4bSjkkbmne5NZ5CbpKOnqWcL-SJ3LbQxLeMZfm-btOr1WFBZsesVPU1QQd3wydXZWUjf-4xUVCqKITJjHbC8KJ5yq7hJ5nE7Vfd8hYN12FiZaaSw-1Z-9KDqZ2PPR1i5z33KXsiLN5FrZXQfHnxOdWzMAwHosmaGmSAgP6h2CHLh6oo1hHhCrlOXibbD99dPkCG7IzG0J-eIVev8cil9YdSkXjQRgX6BV6KyyLCyfZth8HqQq0jPb9yHN3cVCZ1psuo4KBKxVZ__wJVjt5d8EH4BEsClG3JRjK6Ma7cvRNhk7LDe8DcT4FSq-diP4yH1jmCEMEgrYtTrag5Sdl5iLu5vBL0P4RHFz5imssNIlEa_AXOmPXHC2K_m6o1QkaNLf3Y2KKMNHKSq-3V0ITUlMYSF_aZN2rdkBnx0XkpSTJRnu_0mcLxdVscmeRp7dNtxtFcwpPyMaTgqs0uAWXwnSHZslDlXe4wqnstqCsb3U0q6UQYnFx225OxjoFnjdTFsxD4BSWYM-yCRw13d0S2LRtqGnU4xoyA-cE2vnPEi4ZqPxrwq4YX65g9m74tk7s574dlBJxHosa5L25AO16-Me8gRwl8rxhv92nQBnwwZPfrcAllj94Y23GqVwISOpfrdHKVhlYTZVLLCd_CQZIwl6aTzt_iIr9We9I4VjRy_IyS9t5vPELXY-zISIdDO0s60CNuimGH0C2Lbd960QeuwWlPUTHp2FX9Cyqm4fK6a0Ldak8vujj4u_zygJutTgNOWhgq6fh7aG-TJ7GHF9RxNzU7fLU_YgsDA5ipPIszZV-wkU9TmrQVxSmlE_jwNOxicrGfZo0HiY9Mdkf0jAZ7-HsyT590ncl7RG6YEsuQRHu5LrYswot3kx_uxzPjuHtVztPAq_du6kw8Di2LT1bJy5CjHTaR5vhO5yDPgNemBjXXV1Icbm_9CftclWtF6gm3dTpfqwpX1xB9tlLWfSIIdrd9szfs7snwUxtBPou0nuRkkx4C0BbEENBuQ9n0go5mIV8o80Ob1N-N8FRT2b-A5w3xWeTfVVEOrWg5YPUHNRrU-u2Ac0M-0m0S644PhUdTt-yg1jfG27m1VwVdUyXrKiiufQGdw9SXOzrF_z3kGzqnAeCSZbbkxSsxmkgnf3QuhO4bNkQKBumHvPC6pL3XDVE2w_PoeWNHdKbESJo4UwhIEcecsjsyF3SO8-PZVRfNjOsUnBDjcepFiaObShugGIws_6-OLlSA0R-oz4u82U7HgmOJVfB6MgEPJHQ2w_yxxlXYdFOaLlbavKb2zy0neixm8b0rzIiRY4E6rDHQ3yoDQ35D5Ew5J0ZzgNYl-Bw72ARa7UV4AEnTcHQPj2fLfKFcl3aA1pTZO17HVFtC_FelRhyNQ4lzS76eyAzVXPht1RxE6Mp2ka-BbB9N7HfzixNLDL6LgP9AMovfqXXkyvSgyNvlEqqss5-MF2VOiiQiDXfp-aUkSktAgr4FKjWOtM_X3jbsFQ_9uk0dGi5oJdDNlnvZVR-EdAsWvDOiXAisyUhBB8YWe_nN4EY2sRv3TW6eG7n7wrJLRlevT6fhaf6kmDtC5x4OfPPFnZTbSBiXfZgG4Xe-vf3a3svAeJMLJxiObVYadZGq_ELt8827V1iJfpp60lVse76tSlNB_75iO1jqFx85fXTTA15un-LCccpasqI-Z2fxci7M8kNMj-45eXVs_5JwzSSUJkXyXZgUSUOnlDbkHgq5SZF42gLugoCid8zUIsJePyjxkfHEBFY1I7nqXodE5RmLmcwxdq6k0SPeyohGQbvmLQxF7WkAHg1Y69aXWOLtxeilzSOtlvddy3V67NevtkZ3w9BZV05D4dDAKIgmSNCEAbJvtdnW5SIxIA0ThcGinvtKJIdguzI5hs-duDzBxQJ3tdYWIt7WaBRgVzUQh1B0uSEqROwzI8EeXQ9Q7Jj7YtF1hevwh51gtec3OJtrJT7iE1fzFWN7Qjxl9HvBLmGKs3gVqEKHLqo8X1tpeh0AtbGnCIohXBwvtVryJHo0YM2H-mxVIHi6tRaWWxxxnPCAgVKNgCfwbiWg9TEB-iEza2PP1E6lbYHczIot0sdrH6SNKLTEgOzQ-_nZT0Nzep2APMVtZ0H0oNvr21ZfNnv8PMA-H6oJ7I4&cid=CAQSTwDICaaNdAoqWnOjznFQXlieNfAwigpG7zJcTUuHrPH-j7rcQrwo8AkMlNuszcZNBO2HOliNiL4KBqeDEFzP2o_R85hBMwELfpVwstdFmf0YAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&ds=l&xdt=1&iif=1&cor=15768765844247880000&adk=2228999115&idt=70&cac=0&dtd=27

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d5bee46776e28c81c5683a7abe06e70d07f8f1a106d5948031a515859387d7ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19858
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 tweenmax_2.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 3A37 113 KB
38 KB 2963ms
2962ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Zey4gjmDmL&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Zey4gjmDmL&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38915
x-xss-protection: 0
last-modified: Tue, 19 Jun 2018 18:02:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Dec 2023 13:55:13 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 3A37 118 KB
40 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Zey4gjmDmL&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Zey4gjmDmL&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:12:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34957
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 04:12:33 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 21FF 0
0 40ms
40ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231129&jk=1812535096313103&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame C5B2 39 KB
15 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 10:34:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12024
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 30 Nov 2024 10:34:46 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/ Frame D41A 31 KB
12 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Cq1ag_5kKz9S-3cBMuI_vp8xB3Vnr7QC7U4miqp960VDAu3WetDPo-V02NH_BxXYAn206TyOxHZ8UrPrA6YLtezKSfQPUKXNdQ6jsX7ZiJYIqt0ymjIEc7ZEQoNH5DjJ0oNj1cv2nNoEBMRhJ7469jdk2t553MQqHFh1ZQ-kY9rDcE0gc&cry=1&dbm_d=AKAmf-C87Jps4qTa3GRaKfS8k3ldEQosklyh-jKNLnL5uVgDfBsHkbfs1Z2PU1oZhap9tN_W6fa5oamjenZ5R4su3ZXJsbPUBnKVXTMH8BwQdLig_m1_oc-zO7-7SOEhJGtl9KIc3k9obW6ESINTYp6U4C0_fksySa5lVmawsxPH9ksjFujJfaKBr_ryFyKPhqwf4P_RDUVEjH07zPbmwkUWRVreTSgWwFS42IpeblmeuU-tRGlEyaswPYBwLJKOJPNftaEOP1WZugYGwuJcUUUeuRoqgFN23Adtnx7VHQcKwdbDEid2GR-RlxQ2m3EqDIoPJVPVT7X4MATyvaGzjOa_r1Kl6lwgrISxjhn8GvF11918flyF-_m81HT2sfu4Sai4VrRp2Sl_A3eJbC79072Zm5t7x9O_1hyIfUMH8hMm9xzwRzUK6XgI1d-9R3SXRTHb1w2TDHw4nkL-5DFxrM5elzdnVz3Ir83pKr6LU2xID1pXgTD48K3SswkqKqy-nJF1pt3VkuvUz08WDkjkmuhmOJgpo1_wK-bmsUkLhRNEAAAuYvjIJJOFvZMcNK_TDe6aQYbATL9siDKl4Wc5fcS8BTpm5eEW_PSj_jQqzWOFm0B5oDcEnhmCYZ0SUsJx82cPexmxYSCtgz85n0ivfzHkSixC3bAUyrY0yHpJBnWiBm55_TVh4VpYfC0TFyu5-VAcJo4IRFIv1-555Ym85eSteXfgSlaynjsi0YB_JuzJXPWkw_CzdsDG0aQlwPWYMQkPsrSTVGcVSkp566l8Dm7i1_DdJ5V1Tk0q_uyhUa0X_4FoU-Qt07YE6HpwLieJ2jj6XQ7rUHNZCJeTd1SEJS5pUtU-dRX_cLXsg2zMKbXPOLMouYd2xOy-PweFOXoKtGSyjIJNjlWF_6CcGfqLQCOJ4Rj4lNlXm62iND630tvxE1LP6jsSeVCc4fuJl2WdWqA0U8J9nuFCu1EtCVDLeKmIu5rhhU47DHwQdvPHx2tI2uQLnI6Ex2lrCU34RvU6P2aC2BkZxieFyGfsdpKJRPYD5Mw0-mxugTxacKSPmKb7fE422nQbFn0mZGBt80yynZLCMbv8x_EMlSJ3ACmYLYsOIzMGlJc5ym7ekqBLnzn-5027_17iqWMjlqdlmPLsY396N3QaHAIB1zcijALEa_ofixoU1B0DRLndxdS9AcPozRXF5ugm4o5HwRl6O-RnDzaeNfxcAvywqC0Ed6hW6C3qx3zkIohb3chNUkth5lqMn3nU59y7zRxFcn1WI6kRf95AOO1CkeeHQC19EVdN1gRmZU7DKAi_YvsQYdCpm2yV52XV541iNyBw-FQPj--86KHWV2juNrxMEt0z9XyzCHbXaCJmLGvJ0iI4CEfD_Vn1riWQSVUoSrzCRgf8RedbUcVF8jh8Sr9s4ncg2a3FHfr4WWnYleQ8ng1pk6GenQADo7ti0gNPS7rsgRcK8S8aQLj875UE-9-ImqmkDnxPhQ2ewUNriXpA40H7s3Eu8oxttV3RCPcf423k9ix28ZdzJBEbfviwFQLsojs55pr60_YWz-4-uvaUGS-kINhZdTViQJOb3e1lw6BVk_8Wov5CKyK3T7yEz766sZtVXqIPxTV0KwjHDi6xIJ_SjvuKP6FVH-nkdfgr0npKtinSGpMc5_8JTErPpeqG3VSLu_a8zM9pFnA_S9mZ1V7L_NRSaDhEkhfh_CDZeA2eiAeqvr8i0TVCMRh-ZD2vpTUYx1Sxs9QoX0WTNNyb9ufZ7jEURabW_x2oj41dZ4oUWKQtx8D2Xk3Bhvgptvv-MqfiFAbYullWY3j39o9p-ZDyF4IaHssjVWNa-u6Dc4DwkFBotSc7B328DnebYFv1YBju8U0Hou56dC71g2BphPl4laKbDWyeGSxzHRsbaMUSM4vYlByt0sL9cuUWK3mYsxZh4Iq62wG1v5_q-E0ZKdFMmv_22mkHMAnYiUmfeqCl68P1r_jx8tO2vl2mtK8Qx9Y7KGrjeAwsOjoab5_L0lBeW4qROQwn9qDyLw6LOV_L65qIaz06HXpbJ-ovpd0-WEMQIu9XlWyrlp_99o7bQRNJrRaC9PWRi-gd56WOE7Cd_V_IWCtYfA0ClyqDdgBDHx9pbOg30wDKZuDp85Jsoy9zHySyFcayINQxM1r6Dmi3khTq8u9zBg5zCih_mRVLVugfmec_2GH55xElzA8fFm4ecHzV5xY1WW3PvNZab5mQXq-HXl2Uu2gsEN2plGBTamVuczv7CO-Yz0akGkBqaBM09-5aXZKXVeIhtlvoC_V2hwWJGQXuhb4vy_kw50iKa4bSjkkbmne5NZ5CbpKOnqWcL-SJ3LbQxLeMZfm-btOr1WFBZsesVPU1QQd3wydXZWUjf-4xUVCqKITJjHbC8KJ5yq7hJ5nE7Vfd8hYN12FiZaaSw-1Z-9KDqZ2PPR1i5z33KXsiLN5FrZXQfHnxOdWzMAwHosmaGmSAgP6h2CHLh6oo1hHhCrlOXibbD99dPkCG7IzG0J-eIVev8cil9YdSkXjQRgX6BV6KyyLCyfZth8HqQq0jPb9yHN3cVCZ1psuo4KBKxVZ__wJVjt5d8EH4BEsClG3JRjK6Ma7cvRNhk7LDe8DcT4FSq-diP4yH1jmCEMEgrYtTrag5Sdl5iLu5vBL0P4RHFz5imssNIlEa_AXOmPXHC2K_m6o1QkaNLf3Y2KKMNHKSq-3V0ITUlMYSF_aZN2rdkBnx0XkpSTJRnu_0mcLxdVscmeRp7dNtxtFcwpPyMaTgqs0uAWXwnSHZslDlXe4wqnstqCsb3U0q6UQYnFx225OxjoFnjdTFsxD4BSWYM-yCRw13d0S2LRtqGnU4xoyA-cE2vnPEi4ZqPxrwq4YX65g9m74tk7s574dlBJxHosa5L25AO16-Me8gRwl8rxhv92nQBnwwZPfrcAllj94Y23GqVwISOpfrdHKVhlYTZVLLCd_CQZIwl6aTzt_iIr9We9I4VjRy_IyS9t5vPELXY-zISIdDO0s60CNuimGH0C2Lbd960QeuwWlPUTHp2FX9Cyqm4fK6a0Ldak8vujj4u_zygJutTgNOWhgq6fh7aG-TJ7GHF9RxNzU7fLU_YgsDA5ipPIszZV-wkU9TmrQVxSmlE_jwNOxicrGfZo0HiY9Mdkf0jAZ7-HsyT590ncl7RG6YEsuQRHu5LrYswot3kx_uxzPjuHtVztPAq_du6kw8Di2LT1bJy5CjHTaR5vhO5yDPgNemBjXXV1Icbm_9CftclWtF6gm3dTpfqwpX1xB9tlLWfSIIdrd9szfs7snwUxtBPou0nuRkkx4C0BbEENBuQ9n0go5mIV8o80Ob1N-N8FRT2b-A5w3xWeTfVVEOrWg5YPUHNRrU-u2Ac0M-0m0S644PhUdTt-yg1jfG27m1VwVdUyXrKiiufQGdw9SXOzrF_z3kGzqnAeCSZbbkxSsxmkgnf3QuhO4bNkQKBumHvPC6pL3XDVE2w_PoeWNHdKbESJo4UwhIEcecsjsyF3SO8-PZVRfNjOsUnBDjcepFiaObShugGIws_6-OLlSA0R-oz4u82U7HgmOJVfB6MgEPJHQ2w_yxxlXYdFOaLlbavKb2zy0neixm8b0rzIiRY4E6rDHQ3yoDQ35D5Ew5J0ZzgNYl-Bw72ARa7UV4AEnTcHQPj2fLfKFcl3aA1pTZO17HVFtC_FelRhyNQ4lzS76eyAzVXPht1RxE6Mp2ka-BbB9N7HfzixNLDL6LgP9AMovfqXXkyvSgyNvlEqqss5-MF2VOiiQiDXfp-aUkSktAgr4FKjWOtM_X3jbsFQ_9uk0dGi5oJdDNlnvZVR-EdAsWvDOiXAisyUhBB8YWe_nN4EY2sRv3TW6eG7n7wrJLRlevT6fhaf6kmDtC5x4OfPPFnZTbSBiXfZgG4Xe-vf3a3svAeJMLJxiObVYadZGq_ELt8827V1iJfpp60lVse76tSlNB_75iO1jqFx85fXTTA15un-LCccpasqI-Z2fxci7M8kNMj-45eXVs_5JwzSSUJkXyXZgUSUOnlDbkHgq5SZF42gLugoCid8zUIsJePyjxkfHEBFY1I7nqXodE5RmLmcwxdq6k0SPeyohGQbvmLQxF7WkAHg1Y69aXWOLtxeilzSOtlvddy3V67NevtkZ3w9BZV05D4dDAKIgmSNCEAbJvtdnW5SIxIA0ThcGinvtKJIdguzI5hs-duDzBxQJ3tdYWIt7WaBRgVzUQh1B0uSEqROwzI8EeXQ9Q7Jj7YtF1hevwh51gtec3OJtrJT7iE1fzFWN7Qjxl9HvBLmGKs3gVqEKHLqo8X1tpeh0AtbGnCIohXBwvtVryJHo0YM2H-mxVIHi6tRaWWxxxnPCAgVKNgCfwbiWg9TEB-iEza2PP1E6lbYHczIot0sdrH6SNKLTEgOzQ-_nZT0Nzep2APMVtZ0H0oNvr21ZfNnv8PMA-H6oJ7I4&cid=CAQSTwDICaaNdAoqWnOjznFQXlieNfAwigpG7zJcTUuHrPH-j7rcQrwo8AkMlNuszcZNBO2HOliNiL4KBqeDEFzP2o_R85hBMwELfpVwstdFmf0YAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&ds=l&xdt=1&iif=1&cor=15768765844247880000&adk=2228999115&idt=70&cac=0&dtd=27

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

43c9555701d17579571d962cfee37868f4769995820a96abf451623b0528c92c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 23:19:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 52521
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11894
x-xss-protection: 0
server: cafe
etag: 8278194740845609983
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 23:19:49 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame D41A 41 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 509868
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 16:17:22 GMT

GET
H3 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMTQzODkxMDMxNjcxMgogIHNlcnZlcl9pcDogMTc1ODc0MzE0CiAgcHJvY2Vzc19pZDogMjI2NTkyMjgxMQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMjU5Njcw...
ad.doubleclick.net/ddm/activity/ Frame D41A 0
22 B 45ms
44ms Image
image/png 216.58.212.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMTQzODkxMDMxNjcxMgogIHNlcnZlcl9pcDogMTc1ODc0MzE0CiAgcHJvY2Vzc19pZDogMjI2NTkyMjgxMQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMjU5NjcwMgphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vYWRvYmUuY29tIgp4ZmFfYXR0cmlidXRpb25faW50ZXJhY3Rpb25fdHlwZTogVklFVwppbXByZXNzaW9uX3ByaW9yaXR5OiAwCmltcHJlc3Npb25fZXhwaXJ5X2luX2RheXM6IDMwCmV2ZW50X2ltcHJlc3Npb25faWQ6IDI2Mzc1OTk0MTQ2MDczMTQ1NDkKZGVidWdfa2V5OiAxMzE5MDc5NzU5ODEzNjk0NDY4CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiMjAyMy0xMi0wMSIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDEyNTk2NzAyCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFURk9STV9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1FVRVJZX0NPVU5UUlkKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiVVMiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQUNFTUVOVF9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMzY5ODMwMTY0CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxMDkwMjgyMjQ2CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19MSU5FX0lURU1fSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIwNzY1MDEwODcwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19DUkVBVElWRV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNTAwNzg2ODIwCiAgfQp9CmFyY2hldHlwZV9pZDogMTIKYXJjaGV0eXBlX2lkOiAxMwphcmNoZXR5cGVfaWQ6IDE0CmFyY2hldHlwZV9pZDogMTUKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2Fkb2JlLmNvbSIKaW1wcmVzc2lvbl9ldmVudF9yZXBvcnRpbmdfd2luZG93X2RheXM6IDQKYnJvd3Nlcl9hdHRyaWJ1dGlvbl9hcGlfcmVxdWVzdF9wcm9jZXNzaW5nX2JpdHM6IDczODE5NzUwNAo

Requested by

Host: c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
URL: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0x137d7b3f07b5ad070000000000000000","13":"0x93c7e88199c848c10000000000000000","14":"0x89694d671d63370c0000000000000000","15":"0x786712b47a8085800000000000000000"},"debug_key":"1319079759813694468","debug_reporting":true,"destination":"https://adobe.com","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"21":[],"8":["12596702"]},"priority":"0","source_event_id":"2637599414607314549"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK / Show response
servedby.flashtalking.com/imp/1/211300;7457129;201;js;DV360;EMEAB2BFY23ProgrammaticCCCCTTrialDECreativeEndUsersCreative1728x90png/ Frame D41A 2 KB
1 KB 59ms
23ms Script
text/javascript 23.197.128.137
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://servedby.flashtalking.com/imp/1/211300;7457129;201;js;DV360;EMEAB2BFY23ProgrammaticCCCCTTrialDECreativeEndUsersCreative1728x90png/?ftx=&fty=&ftadz=&ftscw=&ft_custom=&ftOBA=1&ft_ifb=1&ft_domain=cn.friendshipquiz2022.com&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&cachebuster=944626.5143191271

Requested by

Host: c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
URL: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.197.128.137 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-128-137.deploy.static.akamaitechnologies.com

Software

prod-xre-app8.frk11 /

Resource Hash

86900319055f822123338c1e323f1f1ed695be64a7db58a6631c36cf035a744e

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Dec 2023 13:55:10 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=86400
Server: prod-xre-app8.frk11
Vary: Accept-Encoding
Content-Type: text/javascript;charset=ISO-8859-1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 688
Expires: Fri, 01 Dec 2023 13:55:10 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C6DE 0
20 B 45ms
44ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B_GSrveVpZfDrD56C1PIPivC22AgAAAAAOAHgBAI&bg=!4uGl4a7NAAY3kmNgF5I7ADQBe5WfOERpwfhTeEPPOV5zGoaHdjOyORoS1I3YsO71-SPf1ReOK9nkv2rRQRJmC4NKycrgAgAAAG9SAAAAAmgBB5kDEt1amsBRem_GhFHXxtu0ij0tR_geDfI8X_o_eBq_AGzo2MUowVwUYQoYEbOMP3bYzNlh2TboLq4fmqk-ajLqkaacEdpwHWJEM2ndXqDdb1lSfqjByG4mgNRqipYGtxKPfcmGHBOeDHHwIHBSDHRirjN--5r4fxjNFcLXh1mtYjgsWvfvYKaSN1B3Z4XPCoMsj8GsUuSJaLODes0V67ekvXeryxMBWJrssTILHrZNbzO9YwpTyTNeUJI0_6wce_T-H3vaA1ID0G2tCIArIhEfymgr6-scVwMjsd_xVWIjuWF3LDdoJd6hlyRqa7u5iPndqXDCmagN7p4TBqrDGaNfbinjka-Vp-aLGwVGuBFK5R-lacAkthjt8ph1uTX_fDcF0PaQ2kdqAdFTmnkZrkkEqhIDkT9KyRlmKvhsJAHcOXeeymYfRUOzDZUW7bJ0a6g8UoZFQA6XSflsPWosQ7X_YK8bYP7euYlASVCtARNyMQl_od38R5xSY9FE6eW7lu0v2RRA53v92jlIu6W082LUBLIVbLXtWJ14REQgISgw57-taAirf9UKaNUjMlka-RopXWvpEaJRC3TCI0q2pkXuPLUjayz2AlXLGvleRz4qV6GfZQr9RaoH08x5a4pQ7mibvgHLQ_pR64noFvf-P4lZSZH1XojSBpMXjYqo1XuLOG1Um3TXLR20D-RidnlYpjEcgOXWbFbloH6BEB3Kj1LDtg6plAGVjkePpGq8Zmdfez2BGYl3h3vvLidZ92xXKiTWwQyL6MrTUdNnRpaUwvtmidyop7akPTWwD-j29vmWzaiONpuZFlRLeuCsza7qgUIW8EIY6uf0i9wdCNMwix4-A-ou9TPZN8AyHYXokCj4CeR3PvZ7njcXp0qDUGTqNVNDQMsDr3c-j6XlIwu3rQudhZ9McVftg8I-Ewk5WcpgDnNpH75E9NMLGZH2hxWUs9e7TeR4X-zoa2o_ZUKlwMd8hMSltV76rZFNFxQanf_4zsUmWGeXNrY7kuizMEC8J8vm1JvTIVEBagXsnGhLec7L7oiHog

Requested by

Host: c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
URL: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame B3B6 38 KB
13 KB 7ms
6ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 5503
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 12:23:27 GMT
expires: Sat, 30 Nov 2024 12:23:27 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame B3B6 39 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 10:34:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12024
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 30 Nov 2024 10:34:46 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame C5B2 0
10 B 6ms
6ms Image
text/plain 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?EkPD4Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:10 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1 200
OK j-7457129-4363815.js Show response
cdn.flashtalking.com/xre/745/7457129/4363815/js/ Frame D41A 51 KB
15 KB 74ms
16ms Script
text/javascript 23.32.184.38
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.flashtalking.com/xre/745/7457129/4363815/js/j-7457129-4363815.js
Requested by: Host: servedby.flashtalking.com
URL: https://servedby.flashtalking.com/imp/1/211300;7457129;201;js;DV360;EMEAB2BFY23ProgrammaticCCCCTTrialDECreativeEndUsersCreative1728x90png/?ftx=&fty=&ftadz=&ftscw=&ft_custom=&ftOBA=1&ft_ifb=1&ft_domain=cn.friendshipquiz2022.com&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&cachebuster=944626.5143191271
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.32.184.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-184-38.deploy.static.akamaitechnologies.com
Software: Flashtalking (AKA) /
Resource Hash: 2b366228a37137c0904b937602dfcba4f827337cf8f100b104234635f9d7574f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 13:55:10 GMT
Content-Encoding: gzip
Last-Modified: Fri, 23 Jun 2023 09:30:19 GMT
Server: Flashtalking (AKA)
ETag: W/"1f5e900e844da6423889ca321cb6e408"
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
X-Varnish: 88010180
Cache-Control: max-age=198
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14445
Expires: Fri, 01 Dec 2023 13:58:28 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B3B6 0
20 B 45ms
45ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BSGrbvuVpZaiqE4rC7gP7-by4CAAAAAA4AeAEAg&bg=!7O-l76DNAAY3kmNgF5I7ADQBe5WfOCV89xsbR88kmm6a_ZA2CXwMG9hEhwyeiaBml1qRHPQE3PjHnn2-c1npGJmpEz9nAgAAADVSAAAAAWgBBwoAJnWxRE_Vhy7cfmDz49HZunWq5Fsh98urKNYF42PnEGPeUHmfvM5RmQMIC-HBRz6EjHoNpWCAWgV3AM3zrdAYSYslcYk5lsAh3gpjr-lZLqeo3-PfDsKXxIUHuQqSDrcXWUpCMdJo4aC0zMoeff7Imd5EJI58XnOY9VdQp1y2VU8fR0VvdVIKhM1wau9n4cwbJ_oHpjkEUa4nxWY6QQE7hwz6MvhUeI7NlllUmDh18M-QCo97vssHZvPbfj5JXvK5TrzAPx9Xz0FrVBGc43E_-zU8pNer2GRH0X0U101s4MgluTvbJ_4Y1fJfbhuKzqqjU5ZkzVdA0qS9QJxMWlq9o2fIbqz1IDp2nHFcqQ8ZpJCv5y1XXqVeeMimBtqzX22PTgwhsbGeCeKBRZfB2cA-_Z0MH510HUYaavosBQ_ozO_H5tCeHzEsSvWdDY7bndfIX5FyOi-hmt78r46NOZapPH2TjIyqndc6XB7P3QDkBkBs_amqkhNXKWGYP8WIgnCJriycFKQyNuKb0JcMsTeg8u2oysiufkT23zfyewDAGEQh6NBsqYFd6uDRCgOKL36Yh1tBNsqZkM6KfsDSFSphITiuECCowNoRIAB0ShevQutX9njbljmIYyM1k2EnN4LeIPWXjFmJxmo6ewvL_tvAWd-KvZWKcxy3DFzxsVae6d-Ksy0UwJuS-FOHt97jWGxKsIJoBjoUSghjimTug77fUEQx73lfJdKSBfaUIDokUUFJ9QYCj2PDayU6x0ueNTPJ5ag4I0Gr_aXVHuqpROo3gciHS6vsqmsKbK-p_iUQPcd4rsmFgqvkeOaC6A7uv1DtMRWyf6N28J042F_77WOoTNvHTtoxoPBTD1XfZgIk6OaGL3A5g1ci9pn6ZNb3XgYKDegXyinaK1_o3m22AdKF0hLSoc1zaGAIQZW8FytwTw64TEEhkPpe2gs-zD5y1LkRiJtNCVH-SfQDO5D4nI-UADeYfytul60WVGP0LH9e8SEiiYXk8umzMawPBQLgCwkk9MFYfjZFjjeuh5cmyt5a5nrrVF12ypSZ0ld9B72n2J6y9pmEknLbMmJbZok65u4KI9A

Requested by

Host: c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
URL: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame D41A 9 KB
4 KB 51ms
7ms Script
application/javascript 2a02:26f0:480:15::213:7e47
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js
Requested by: Host: cdn.flashtalking.com
URL: https://cdn.flashtalking.com/xre/745/7457129/4363815/js/j-7457129-4363815.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:15::213:7e47 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 1e8255905b241808d05b885ad24ef9b55debdcf9362004c7fa53c2a6814d569e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 13:55:10 GMT
Content-Encoding: gzip
Last-Modified: Thu, 30 Nov 2023 13:08:04 GMT
Server: UploadServer
ETag: "bc712440ade02d7a128c4b98ec1d9c0d"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3638
Expires: Fri, 01 Dec 2023 14:10:10 GMT

GET
H/1.1 200
OK 4363815.gif
cdn.flashtalking.com/xre/745/7457129/4363815/image/ Frame D41A 49 KB
49 KB 8ms
7ms Image
image/gif 23.32.184.38
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.flashtalking.com/xre/745/7457129/4363815/image/4363815.gif?849502254
Requested by: Host: c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
URL: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.32.184.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-184-38.deploy.static.akamaitechnologies.com
Software: Flashtalking (AKA) /
Resource Hash: 04682722d7b228d153dbf1ca953940f30843864c0285972e6030bbcee309d790

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 13:55:10 GMT
Last-Modified: Fri, 23 Jun 2023 09:30:20 GMT
Server: Flashtalking (AKA)
ETag: W/"af77b7fe5ce81b701e1aac3c05f4cf00"
Content-Type: image/gif
X-Varnish: 237949317
Cache-Control: max-age=199
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 50254
Expires: Fri, 01 Dec 2023 13:58:29 GMT

GET
H/1.1 200
OK iconc.png
secure.flashtalking.com/oba/icon/ Frame D41A 1 KB
2 KB 28ms
7ms Image
image/png 23.32.184.38
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.flashtalking.com/oba/icon/iconc.png?EDAA_icon=y
Requested by: Host: c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
URL: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.32.184.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-184-38.deploy.static.akamaitechnologies.com
Software: Flashtalking (AKA) /
Resource Hash: f75ada33b07cb31e16a0a0d3325961a22dc9526edb49bff04c31d7b7611f7025

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 13:55:10 GMT
Last-Modified: Sat, 12 Apr 2014 19:14:32 GMT
Server: Flashtalking (AKA)
ETag: W/"db320ef6f3c45ab5c90887ef618de2bb"
Content-Type: image/png
X-Varnish: 1054853558 766581083
Cache-Control: max-age=1298197
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1308
Expires: Sat, 16 Dec 2023 14:31:47 GMT

GET
DATA 200
OK truncated
/ Frame D41A 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4f2eb4153b5650d718847c96f2c727d4684a930961c256ffe21da3e2a81be522

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK dv-measurements5017.js Show response
cdn.doubleverify.com/ Frame 6805 424 KB
100 KB 7ms
7ms Script
application/javascript 2a02:26f0:480:15::213:7e47
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements5017.js
Requested by: Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:15::213:7e47 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: c3b04b64fa45af19c92cb704fcc1d0856c477060fa78815c7a0f050dd714feb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 13:55:10 GMT
Content-Encoding: gzip
Last-Modified: Thu, 30 Nov 2023 08:32:12 GMT
Server: UploadServer
ETag: "6c51d60bc3f0f9e37f97539801285681"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 102041
Expires: Sat, 30 Nov 2024 13:55:10 GMT

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame 6805 729 B
748 B 93ms
27ms Script
text/javascript 130.211.44.5
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=26&ttfrms=12&brid=3&brver=119.0.6045.199&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau4%3F%5D7C%3A6%3F5D9%3AABF%3AKa_aa%5D4%40%3ETauU2%3F4r92%3A%3Fl9EEADTbpTauTau4%3F%5D7C%3A6%3F5D9%3AABF%3AKa_aa%5D4%40%3ETar9EEADTbpTauTau4bh7e%60c62_35f4f256eafe67e33533g4%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&srcurlD=0&aUrlD=0&ssl=https:&dfs=350&ddur=52&uid=1701438910603409&jsCallback=dvCallback_1701438910603561&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F119.0.6045.199%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=90&winw=728&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=5017&tgjsver=5017&lvvn=28&m1=13&refD=1&referrer=https%3A%2F%2Fc39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&fcifrms=9&brh=2&dvp_epl=253&noc=4&nav_pltfrm=Win32&ctx=25015906&cmp=211300&sid=18330&plc=7457129&crt=4363815&btreg=7457129&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_rcp=2&dvp_htec=1&dvp_seem=2&dvp_tuk=1&dvp_sukv=11660874.285698982&ee_dp_sukv=11660874.285698982&dvp_tukv=198094077838.07794&ee_dp_tukv=198094077838.07794&dvp_strhd=0.20000004768371582&dvpx_strhd=0.20000004768371582&dvp_tuid=235197097421&jurtd=1449103311
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements5017.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 5.44.211.130.bc.googleusercontent.com
Software: /
Resource Hash: be9ba5044c34fe26e410721da1a816bfa6a97d5240a003423d74b0f890e854a9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Dec 2023 13:55:10 GMT
Content-Encoding: br
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: keep-alive
Timing-Allow-Origin: *
Expires: 11/30/2023 13:55:10

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 44ms
44ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231129&jk=1812535096313103&bg=!fX6lfjHNAAY3kmNgF5I7ADQBe5WfOKiI3POoLQc5zaSjkE7R33NAZGZZOIJ7l43hm7XOjseT2P-B6-Xio1tZkmzfHOTBAgAAAEVSAAAAA2gBB5kCxOpLe0K8TYW3g1j6we5yROQejXK_ayToyA4WqlC7JhHHmW6R770sT3_8Mu9LH5CBfljSBssyckCIY-EQNaTTsjv9iV2LQjeeeuGwpVsM6Lapt9fZCCpk09Sud-wrg7Yn8Lj9RsWORerIZqIfOM888tjNhCL_3-wsn7kxic1clZv7NSYNdHTO-tZf4VkwhmDw12o6wOdu68p-tZ092Y8eyRNysKpjxhQlNRXmY-jxvMVXXou-PgHr3fzwSU0RDChpvBzhUJ2Kjdb48WizsYrW_PyzgGWHS3g2nqPNHL6772UhGA8q2L6X2643ZHX-DxevVinTHorlGnTwWoNh3OUYYHPVhAq5RvklE4Mrd6Um9nxR9iXguUbScREf7IVtMnkUTJkpKqW4LPltLi3GF61JyX4ldUuMv981lmPJCiZAzCceW-hqTeQS7Xv87sV4Wwo7WnTWWzuy_asYlwS9I1LbVHh4lWqaK0iRZ9b-iNyGMNL4rIMBwR1SyqirfWAm5aoIknBlYVRVN0eAlcXOAT6nItor_x3nRYpZ_qLyoYYpUQ3I3Crj171XNhB57Iw3RcJInOa-4jpbShrbqJnT_2OS9ChVoFF8w0Ys4_GuXg0HUdry-nxTboNYrFHhSbLwXKV8Nk7oF643VldujZRKStbQkjRJDt9BFNxYOKTwUwIEwyiquO1g4jwb7zlLbdrXK_LRfNNOz5sAepwX1qGPHfO0suQmfgH7nS4lmAXC6mF6COwRaCeZPRMl_RVpMHef1CjaddB47ACqgBz-Qqcb80JaMqxFCCwhF8qhv2QAAnBqrSf698sbB6Qc8RwjkDVwrDSOlh5cCcw8EjQMppMZBpmR_PHKH3EUUnv7DVbBYdt_2ZGkZQJOU-KEcwNKWFn55PNkHk2-f3Esn2D9QFqA05V1lIn_tjpRN7ZyIq3_gVf3LLYz-L6RHA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F52D 42 B
64 B 42ms
41ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuEc3HM904NKUuOxmPl1u8lpNIGtkOJVfzpXcfcf-410iB8GWa1pTYBk3kLQ1d0XJmVyK3hbc0TEjHcShW3tKQVYMHI5RKi6w662rq7Hiyktx21zZnAWNu6nNHYluegZ1gqqBEM8wyvyn2B&sai=AMfl-YR2UnyqmDDI6HY0fCn_OGzE18EKtKITl-ABnFuSzxEmUomqPbbPPTAq-5Y9PhhoDGjY6ogAuriiXOVwlSabn-LoTO1Yyxk3W99H_2CPJK8F6ppiiU3uHB9wDgJ6TlkynNKoYPfdebjIjAN3udb7puVhxXDvclNfWe4a&sig=Cg0ArKJSzHPgi_PUSCG9EAE&cid=CAQSTwDICaaN3xDaJLyPmSdNRTySDdMq_Abn_GhBtqVV9t6tF8nGZPCiWDVbwMH1HkmN4xnpnFwcGpe4K1DCqsqgeSFvVSeZB9QCO185mTbrpOkYAQ&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=317,806,1000,1091,1138&tos=317,489,194,91,47&v=20231129&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701438909855&rpt=142&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D41A 42 B
64 B 44ms
44ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvxiUcSSQ2DKXCVD0MhORNnSuJdbFHckgjVxaJ98MDFi9u46LW05vEI8CObjNWnFUhOH_GuW4WUwR7ki4KpPWJ-2G6askPNZYkdFF-GOzhi0OrGHkFYVlgOrIFJGl6n8fs&sai=AMfl-YRldo2kTpbJmp74c_u21bVQv2PyPlkD1pQJru0u04QuEJhCsIENk_ipfyPb2Q4HRmTVpIfvnVsrOl8r7Vkk9ZO1mCjQcF5MMhjGuzsy1IBTjgUOcQ54OD5d0FNdwYxM-38_5u2vNAXEF94M712fZnw5GK6jgi2z0knw&sig=Cg0ArKJSzOdFmFtpCH1EEAE&cid=CAQSTwDICaaNdAoqWnOjznFQXlieNfAwigpG7zJcTUuHrPH-j7rcQrwo8AkMlNuszcZNBO2HOliNiL4KBqeDEFzP2o_R85hBMwELfpVwstdFmf0YAQ&id=lidar2&mcvt=1000&p=103,436,193,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231129&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1825163562&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701438910163&rpt=380&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D41A 0
21 B 40ms
40ms Ping
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5764410344066&version=m202309260101&ct=77&x=1&cor=15768765844247880000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 39ms
13ms Preflight
application/json 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&domain=cn.friendshipquiz2022.com&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://cn.friendshipquiz2022.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Fri, 01 Dec 2023 13:55:11 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 428995
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 envelope Show response
lexicon.33across.com/v1/ 49 B
257 B 140ms
95ms XHR
application/json 35.244.193.51
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://lexicon.33across.com/v1/envelope?pid=0010b00002MpxP1AAJ&gdpr=0&src=pbjs&ver=7.33.0
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.193.51 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 51.193.244.35.bc.googleusercontent.com
Software: /
Resource Hash: d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 01 Dec 2023 13:55:12 GMT
via: 1.1 google
vary: origin
content-type: application/json
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: private, must-revalidate, max-age=28800
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49

GET
H/1.1 200
OK / Show response
id.a-mx.com/sync/ 66 B
277 B 127ms
12ms XHR
application/json 131.153.158.209
SECUREDSERVERS-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://id.a-mx.com/sync/?tagId=&ref=null&u=https://cn.friendshipquiz2022.com/&v=7.33.0&vg=pwpbjs&us_privacy=null&gdpr=0&gdpr_consent=
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 131.153.158.209 Amsterdam, Netherlands, ASN60558 (SECUREDSERVERS-EU, US),
Reverse DNS
Software: /
Resource Hash: b17c86c98ccc2958f0dec3bc102b020e6cb575b14f72d754fb3b485190fe8fac

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://cn.friendshipquiz2022.com
date: Fri, 1 Dec 2023 13:55:12 GMT
access-control-allow-credentials: true
content-length: 66
content-type: application/json

GET
H2 200 json Show response
gum.criteo.com/sid/ 2 B
384 B 41ms
14ms XHR
application/json 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&domain=cn.friendshipquiz2022.com&cw=1&lsw=1

Requested by

Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:11 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 301015
expires: 0

GET f
fid.agkn.com/ 0
0

POST
H2 200 prebid Show response
id5-sync.com/api/config/ 135 B
426 B 29ms
8ms XHR
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

c03d773dc1e1f956cde7fe63c78d64efa28ec457089224dfea4df757e47818dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://cn.friendshipquiz2022.com
date: Fri, 01 Dec 2023 13:55:11 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type: application/json;charset=UTF-8

GET envelope
api.rlcdn.com/api/identity/ 0
0

GET
H2 200 id Show response
id.crwdcntrl.net/ 43 B
324 B 104ms
32ms XHR
application/json 54.216.79.244
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.crwdcntrl.net/id?c=17333
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.216.79.244 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-216-79-244.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:12 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: no-cache
x-server: 10.45.6.67
access-control-allow-credentials: true
content-length: 43
expires: 0

GET
H2 200 rid Show response
match.adsrvr.org/track/ 63 B
429 B 107ms
33ms XHR
application/json 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=z9q9llu&fmt=json
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 01feb2124a8ed47a12ee5bb7305dfaaa4d615f60a47c487e55d0a306cd4e26fc

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 01 Dec 2023 13:55:12 GMT
content-encoding: gzip
server: Kestrel
vary: Origin, Accept-Encoding
content-type: application/json
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
expires: Sun, 31 Dec 2023 13:55:12 GMT

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame 32B1 0
0 345ms
111ms Document
text/plain 67.202.105.22
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=d4Z_Loo2ur7BmNrkHcnnVW&gdpr_consent=undefined&us_privacy=undefined
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.22 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip22.67-202-105.static.steadfastdns.net
Software: 33XP006 /
Resource Hash

Request headers

Referer: https://cn.friendshipquiz2022.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

date: Fri, 01 Dec 2023 13:55:11 GMT
server: 33XP006
x-33x-status: 2000208

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 9742 281 B
555 B 35ms
7ms Document
text/html 184.30.22.30
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.22.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-22-30.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://cn.friendshipquiz2022.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Fri, 01 Dec 2023 13:55:12 GMT
ETag: "280525-119-60930cbd3cec0"
Last-Modified: Thu, 02 Nov 2023 19:57:23 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 2481 25 KB
9 KB 48ms
26ms Document
text/html 23.32.184.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU75OYJ3&prvid=2034%2C2033%2C273%2C233%2C157%2C159%2C236%2C237%2C117%2C437%2C51%2C97%2C55%2C99%2C56%2C59%2C3012%2C122%2C3007%2C246%2C4%2C126%2C203%2C446%2C9%2C208%2C2055%2C171%2C173%2C294%2C251%2C175%2C450%2C178%2C255%2C3018%2C3017%2C214%2C3016%2C3015%2C3014%2C337%2C338%2C459%2C70%2C77%2C38%2C182%2C184%2C261%2C141%2C262%2C186%2C461%2C188%2C145%2C222%2C102%2C225%2C468%2C10000%2C80%2C108%2C229%2C109%2C82&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1

Requested by

Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.32.184.20 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-32-184-20.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b0a6c1fbdc65aa3a8dbf6da640512e24dd965b922f85c4d300763132e388b7d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://cn.friendshipquiz2022.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 8660
content-type: text/html; charset=UTF-8
date: Fri, 01 Dec 2023 13:55:12 GMT
expires: Sun, 03 Dec 2023 13:55:12 GMT
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H2 200 sync Show response
eb2.3lift.com/ Frame 1DCB 37 B
140 B 44ms
8ms Document
image/gif 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://cn.friendshipquiz2022.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif
date: Fri, 01 Dec 2023 13:55:12 GMT

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 166B 0
91 B 23ms
16ms Document
text/html 35.244.159.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cn.friendshipquiz2022.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Fri, 01 Dec 2023 13:55:12 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 7440 52 KB
17 KB 52ms
7ms Document
text/html 23.35.236.188
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.188 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-188.deploy.static.akamaitechnologies.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://cn.friendshipquiz2022.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Fri, 01 Dec 2023 13:55:12 GMT
ETag: "623de86a-cf34"
Expires: Sat, 02 Dec 2023 13:55:14 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding

GET
H2 200 pbjs Show response
sync.quantumdex.io/usersync/ Frame 28BF 5 KB
1 KB 112ms
103ms Document
text/html 2606:4700:10::ac43:2ac9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.quantumdex.io/usersync/pbjs
Requested by: Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a240672bde645e5a05f65efe35df266277c6999e23798fac01a2a93b22e67f80

Request headers

Referer: https://cn.friendshipquiz2022.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 82ebd3916a6965d1-FRA
content-encoding: gzip
content-type: text/html
date: Fri, 01 Dec 2023 13:55:12 GMT
server: cloudflare

GET
H2 200 9.gif
id5-sync.com/s/441/ 43 B
921 B 22ms
8ms Image
image/gif 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/s/441/9.gif?puid=&gdpr=1&gdpr_consent=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Fri, 01 Dec 2023 13:55:11 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 33 B
285 B 37ms
9ms XHR
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

51ea9fe89565220511e5646e418867473999bf6bbe6acb7d98a8ab47ef312d58

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://cn.friendshipquiz2022.com
date: Fri, 01 Dec 2023 13:55:12 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type: application/json;charset=UTF-8

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 9742 46 KB
13 KB 7ms
7ms Script
text/html 184.30.22.30
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.22.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-22-30.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 8e36b3824734aec025abb1460b3c09e13d4113dc016f29238ce3ce5058c61d9f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 13:55:12 GMT
Content-Encoding: gzip
Last-Modified: Thu, 30 Nov 2023 23:38:39 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=35002
Connection: keep-alive
Content-Length: 13236
Expires: Fri, 01 Dec 2023 23:38:34 GMT

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame 9742 7 B
380 B 65ms
9ms XHR
application/json 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: f5982f4f9cc79eb2b489dda8b92e3144
Expires: 0

POST
H2 200 376.json Show response
id5-sync.com/g/v2/ 251 B
541 B 8ms
8ms XHR
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/376.json

Requested by

Host: fdyn.pubwise.io
URL: https://fdyn.pubwise.io/script/a70ee00a-782a-462f-9a44-a562efde54c3/v3/dyn/pws.js?type=fq-2022-desktop

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

0048dcffa805083cb14d8aaab865a2d7ed6f21145cb496f0b58a9212468f23be

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://cn.friendshipquiz2022.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://cn.friendshipquiz2022.com
date: Fri, 01 Dec 2023 13:55:11 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type: application/json;charset=UTF-8

GET
H2 200 async_usersync Show response
ib.adnxs.com/ Frame 7440 0
597 B 6ms
6ms Script
text/html 37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:12 GMT
an-x-request-uuid: de074555-1a4a-48b2-a800-9569fce0aefc
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
cache-control: no-store, no-cache, private
x-proxy-origin: 138.199.38.132; 138.199.38.132; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

setuid
sync.quantumdex.io/ Frame 28BF
Redirect Chain

https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D
https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1&rts=658338266894501610
https://sync.quantumdex.io/setuid?bidder=between&uid=05e846ee-4b96-524f-8a75-38a1ef1cdd61

43 B
94 B

105ms
105ms

Image
image/gif

2606:4700:10::ac43:2ac9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=between&uid=05e846ee-4b96-524f-8a75-38a1ef1cdd61
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Server: 2606:4700:10::ac43:2ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:12 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82ebd3950f3c65d1-FRA
content-length: 43
content-type: image/gif

Redirect headers

location: https://sync.quantumdex.io/setuid?bidder=between&uid=05e846ee-4b96-524f-8a75-38a1ef1cdd61
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0

GET
H2

200

setuid
sync.quantumdex.io/ Frame 28BF
Redirect Chain

https://ssp.disqus.com/redirectuser/?partner=valueimpression&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dzeta-global%26uid%3DBUYERUID
https://sync.quantumdex.io/setuid?bidder=zeta-global&uid=ua-6c0cc20a-c3cc-3925-8f31-b49d9ff2272f

43 B
94 B

103ms
102ms

Image
image/gif

2606:4700:10::ac43:2ac9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=zeta-global&uid=ua-6c0cc20a-c3cc-3925-8f31-b49d9ff2272f
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Server: 2606:4700:10::ac43:2ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:12 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82ebd393fda965d1-FRA
content-length: 43
content-type: image/gif

Redirect headers

location: https://sync.quantumdex.io/setuid?bidder=zeta-global&uid=ua-6c0cc20a-c3cc-3925-8f31-b49d9ff2272f
pragma: no-cache
date: Fri, 01 Dec 2023 13:55:12 GMT
cache-control: no-store
content-length: 0
expires: 0

GET
H2 200 0.gif
id5-sync.com/i/495/ Frame 28BF 43 B
920 B 8ms
7ms Image
image/gif 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/i/495/0.gif?callback=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dinmobi%26uid%3D%7BID5UID%7D

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Fri, 01 Dec 2023 13:55:11 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame 28BF 0
277 B 325ms
26ms Image
text/plain 216.52.2.86
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.86 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 01 Dec 2023 13:55:12 GMT
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT

GET b6931342ce0a4afaad148709b51fe102.gif
cs.admanmedia.com/ Frame 28BF 0
0

GET
H2

200

setuid
sync.quantumdex.io/ Frame 28BF
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=3326913662609740059

43 B
105 B

107ms
107ms

Image
image/gif

2606:4700:10::ac43:2ac9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=3326913662609740059
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Server: 2606:4700:10::ac43:2ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:12 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82ebd3921b5065d1-FRA
content-length: 43
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:12 GMT
an-x-request-uuid: c49c25f1-cb77-47bd-9e5e-2ba9a64db2a8
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=3326913662609740059
x-proxy-origin: 138.199.38.132; 138.199.38.132; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 /
s.ad.smaato.net/c/ Frame 28BF 0
243 B 48ms
20ms Image
text/plain 2600:9000:2190:9800:1b:5138:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ad.smaato.net/c/?adExInit=p&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsmaato%26uid%3D%24UID
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:9800:1b:5138:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:54:40 GMT
via: 1.1 449f2b51e83bf8ba5fa5e65ce60bc276.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: ZRH50-C1
age: 32
x-cache: Hit from cloudfront
cache-control: no-cache, must-revalidate
x-amz-cf-id: 8otu4WLxjgoZW26qv3Qj2TMp1SfYacpRQo4j_r-47CoIL_Hyq8XF1w==

GET
H2 204 v1
match.sharethrough.com/FGMrCMMc/ Frame 28BF 0
35 B 39ms
7ms Image
text/plain 3.68.140.79
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsharethrough%26uid%3D%24UID
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.68.140.79 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-68-140-79.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:12 GMT

GET
H2 200 usermatch Show response
ssum-sec.casalemedia.com/ Frame 8228 2 KB
988 B 35ms
27ms Document
text/html 104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c0a7419945aeecb7558919b2ebfad2da01398da7440e0853ec96d4628e1cc913

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 82ebd392197e5c74-FRA
content-encoding: br
content-type: text/html
date: Fri, 01 Dec 2023 13:55:12 GMT
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eLji%2B4AsJL4JBvUa5DrJTbUkpcEaghoI2QvgdNppkNbmcLP8kvPqLcW2Tm%2FRJ02rZQB%2BwyqGlPaeUu7Fpe%2BiZZd8QKMJTtDkWWhr6n1ehST8LZ1vzuqC49UWpgr2A9K0ytx9a87q61j7LA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2

200

setuid Show response
sync.quantumdex.io/ Frame A5D7
Redirect Chain

https://sync.1rx.io/usersync2/rmphb?gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&us_privacy=${US_PRIVACY}&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%5BRX_UUID%5D
https://sync.quantumdex.io/setuid?bidder=unruly&uid=OPTOUT&us_privacy=

43 B
94 B

101ms
101ms

Document
image/gif

2606:4700:10::ac43:2ac9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.quantumdex.io/setuid?bidder=unruly&uid=OPTOUT&us_privacy=
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 82ebd392ac1c65d1-FRA
content-length: 43
content-type: image/gif
date: Fri, 01 Dec 2023 13:55:12 GMT
server: cloudflare

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-type: text/html
date: Fri, 01 Dec 2023 13:55:12 GMT
etag: OPTOUT
expires: 0
location: https://sync.quantumdex.io/setuid?bidder=unruly&uid=OPTOUT&us_privacy=
pragma: no-cache

GET
H/1.1 200
OK user-sync Show response
sync.adkernel.com/ Frame 2C2F 0
134 B 54ms
15ms Document
text/plain 77.245.57.72
WEBAIR-INTERNET-MTL

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.adkernel.com/user-sync?zone=185416&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dxapads-mw%26uid%3D%7BUID%7D
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store
Connection: close
Content-Length: 0
Date: Fri, 01 Dec 2023 13:55:12 GMT
Server: nginx

GET
H/1.1 200
OK user-sync Show response
sync.adkernel.com/ Frame 2418 0
134 B 71ms
14ms Document
text/plain 77.245.57.72
WEBAIR-INTERNET-MTL

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.adkernel.com/user-sync?zone=148144&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dxapads-mw%26uid%3D%7BUID%7D
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store
Connection: close
Content-Length: 0
Date: Fri, 01 Dec 2023 13:55:12 GMT
Server: nginx

GET
H/1.1 200
OK user-sync Show response
sync.adkernel.com/ Frame 3585 0
134 B 51ms
13ms Document
text/plain 77.245.57.72
WEBAIR-INTERNET-MTL

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.adkernel.com/user-sync?zone=149271&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dxapads-mw%26uid%3D%7BUID%7D
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store
Connection: close
Content-Length: 0
Date: Fri, 01 Dec 2023 13:55:12 GMT
Server: nginx

GET
H2 200 sync-iframe Show response
cs-server-s2s.yellowblue.io/ Frame 69E6 0
368 B 283ms
92ms Document
text/html 44.205.81.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Drise%26uid%3D%7BpartnerId%7D
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 44.205.81.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-205-81-90.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://sync.quantumdex.io/
content-length: 0
content-type: text/html
date: Fri, 01 Dec 2023 13:55:12 GMT
server: istio-envoy
x-envoy-upstream-service-time: 0
x-reason: could not perform CS due to GDPR policy: gdpr is not applied

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame C538 16 KB
6 KB 37ms
10ms Document
text/html 23.43.60.191
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.43.60.191 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-43-60-191.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=36836
content-encoding: gzip
content-length: 5622
content-type: text/html
date: Fri, 01 Dec 2023 13:55:12 GMT
expires: Sat, 02 Dec 2023 00:09:08 GMT
last-modified: Thu, 16 Nov 2023 09:11:44 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 204 /
onetag-sys.com/usync/ Frame 37C4 0
0 29ms
7ms Document
text/plain 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=2bb78272a859ca6

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

ip98.ip-51-75-86.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control: no-store
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK user-sync Show response
sync.adkernel.com/ Frame FF67 0
134 B 49ms
14ms Document
text/plain 77.245.57.72
WEBAIR-INTERNET-MTL

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.adkernel.com/user-sync?zone=184388&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dxap-184388%26uid%3D%7BUID%7D
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store
Connection: close
Content-Length: 0
Date: Fri, 01 Dec 2023 13:55:12 GMT
Server: nginx

GET
H2

200

sync Show response
eb2.3lift.com/ Frame 3441
Redirect Chain

https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID
https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID&ld=1

1 KB
2 KB

8ms
8ms

Document
text/html

13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID&ld=1
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: d1bcdeb1522f5eede28047c94ee62e348e525632fe2769a4621dbbdf25f80259

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 1339
content-type: text/html; charset=utf-8
date: Fri, 01 Dec 2023 13:55:12 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

cache-control: no-cache, no-store, must-revalidate
content-length: 0
date: Fri, 01 Dec 2023 13:55:12 GMT
location: /sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID&ld=1
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 3441 70 B
148 B 33ms
32ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:12 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H2

200

ebda
eb2.3lift.com/ Frame 3441
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_hm=Njg2MDgzNzUwNzE0Nzc3Njg0OTE5
https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=

37 B
139 B

9ms
8ms

Image
image/gif

13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID&ld=1
Protocol: H2
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:12 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:12 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 248
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

xuid
eb2.3lift.com/ Frame 3441
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=0&gdpr_consent=
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEMunVf-Ooe9-gnwczS3Ehlw&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1

37 B
354 B

10ms
10ms

Image
image/gif

13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEMunVf-Ooe9-gnwczS3Ehlw&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID&ld=1
Protocol: H2
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-type: image/gif
date: Fri, 01 Dec 2023 13:55:12 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:12 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEMunVf-Ooe9-gnwczS3Ehlw&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 332
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3441
Redirect Chain

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=Njg2MDgzNzUwNzE0Nzc3Njg0OTE5

170 B
188 B

27ms
27ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=Njg2MDgzNzUwNzE0Nzc3Njg0OTE5

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID&ld=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:12 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=Njg2MDgzNzUwNzE0Nzc3Njg0OTE5
date: Fri, 01 Dec 2023 13:55:12 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 setuid
px.ads.linkedin.com/ Frame 3441 0
646 B 191ms
160ms Image
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=686083750714777684919&dbredirect=true&gdpr=0&consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:11 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 4A34F0841B854AE7AD45FEB9A07C73C1 Ref B: DUS30EDGE0812 Ref C: 2023-12-01T13:55:12Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYLcx377NCPDmTaT1UAkA==

GET
H2 200 686083750714777684919
pr-bh.ybp.yahoo.com/sync/triplelift/ Frame 3441 43 B
426 B 102ms
34ms Image
image/gif 2a05:d018:d29:3601:b946:ae1e:458e:a1ae
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/triplelift/686083750714777684919?gdpr=0&gdpr_consent=

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID&ld=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3601:b946:ae1e:458e:a1ae Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:12 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H2

200

sync
x.bidswitch.net/ Frame 3441
Redirect Chain

https://x.bidswitch.net/sync?ssp=triplelift&user_id=686083750714777684919&gdpr=0&gdpr_consent=${GDPR_CONSENT}
https://x.bidswitch.net/ul_cb/sync?ssp=triplelift&user_id=686083750714777684919&gdpr=0&gdpr_consent=${GDPR_CONSENT}
https://u.ipw.metadsp.co.uk/sync?ssp=bidswitch&bidswitch_ssp_id=triplelift&bsw_user_id=${BSW_USER_UD}&bsw_param=d96b649f-7d68-4f90-a449-ee55e3f2c947&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=
https://x.bidswitch.net/sync?dsp_id=339&expires=14&gdpr=1&gdpr_consent=&user_group=0&user_id=&ssp=triplelift&bsw_param=d96b649f-7d68-4f90-a449-ee55e3f2c947

43 B
145 B

8ms
8ms

Image
image/gif

35.157.81.215
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=339&expires=14&gdpr=1&gdpr_consent=&user_group=0&user_id=&ssp=triplelift&bsw_param=d96b649f-7d68-4f90-a449-ee55e3f2c947
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID&ld=1
Protocol: H2
Server: 35.157.81.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-81-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:12 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

location: https://x.bidswitch.net/sync?dsp_id=339&expires=14&gdpr=1&gdpr_consent=&user_group=0&user_id=&ssp=triplelift&bsw_param=d96b649f-7d68-4f90-a449-ee55e3f2c947
date: Fri, 01 Dec 2023 13:55:12 GMT
cache-control: no-cache, no-store, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 3441 43 B
363 B 48ms
12ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=44&p=75&cp=triplelift&cu=1&gdpr=0&gdpr_consent=&us_privacy=&gpp=${GPP_STRING_28}&gpp_sid=&url=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D2711%26xuid%3D%40%40CRITEO_USERID%40%40%26dongle%3D013b

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID&ld=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:11 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 176180
expires: Fri, 01 Dec 2023 00:00:00 GMT

GET
H2

200

xuid
eb2.3lift.com/ Frame 3441
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3335%26xuid%3D%24UID%26dongle%3D4d58%26gdpr=0%26gdpr_consent=
https://eb2.3lift.com/xuid?mid=3335&xuid=3326913662609740059&dongle=4d58&gdpr=0&gdpr_consent=

37 B
354 B

9ms
9ms

Image
image/gif

13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=3335&xuid=3326913662609740059&dongle=4d58&gdpr=0&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID&ld=1
Protocol: H2
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-type: image/gif
date: Fri, 01 Dec 2023 13:55:12 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:12 GMT
an-x-request-uuid: f5c19021-3455-4454-8ae0-3a0ac82a8479
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://eb2.3lift.com/xuid?mid=3335&xuid=3326913662609740059&dongle=4d58&gdpr=0&gdpr_consent=
x-proxy-origin: 138.199.38.132; 138.199.38.132; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 setuid
ib.adnxs.com/prebid/ Frame 3441 43 B
1 KB 8ms
8ms Image
image/gif 37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/prebid/setuid?bidder=triplelift_native&gdpr=0&gdpr_consent=&uid=686083750714777684919

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID&ld=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:12 GMT
an-x-request-uuid: 41262e38-1a62-40e1-b49b-3fc83036e74e
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 138.199.38.132; 138.199.38.132; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

451

501709.gif
idsync.rlcdn.com/ Frame 8228
Redirect Chain

https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZWnlvny7ywxFNHJUiTd9HgAA%261105&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZWnlvny7ywxFNHJUiTd9HgAA%261105&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=3b263b6fa76a4b7aa5f642bd6608bc44
https://d.turn.com/r/dd/id/L21rdC8xOTcxL2NpZC8xNzQ5ODczMjc1L3QvMg/url/https://i.liadm.com/s/53233?bidder_id=183658&bidder_uuid=$!%7BTURN_UUID%7D
https://i.liadm.com/s/53233?bidder_id=183658&bidder_uuid=3799640567489113041
https://live.rezync.com/sync?c=0aa2530f29e4f4a05b5d5d9bb35d60c2&p=93c1662463a616a7155169889dd99651&pid=3b263b6f-a76a-4b7a-a5f6-42bd6608bc44
https://p.rfihub.com/cm?pub=39342&in=1&userid=56c3b7d2-5349-4388-9e12-966502b5147c%3A1701438913.6661978&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D56c3b7d2-5349-4388-9e12-966502b...
https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5109685631080379783&referrer={encSite}&forward=https%3A%2F%2Fidsync.rlcdn.com%2F501709.gif%3Fpartner_uid%3D56c3b7d2-5349-4388-9e...
https://idsync.rlcdn.com/501709.gif?partner_uid=56c3b7d2-5349-4388-9e12-966502b5147c%3A1701438913.6661978&_=1701438913.6690335

0
98 B

211ms
16ms

Image
text/plain

35.244.174.68

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/501709.gif?partner_uid=56c3b7d2-5349-4388-9e12-966502b5147c%3A1701438913.6661978&_=1701438913.6690335
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: H2
Server: 35.244.174.68 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:14 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

Redirect headers

date: Fri, 01 Dec 2023 13:55:14 GMT
via: 1.1 f891d17fa862cc74a05434e03fa58dca.cloudfront.net (CloudFront)
server: lighttpd/1.4.69
x-amz-cf-pop: FRA56-C2
vary: Cookie
x-cache: Miss from cloudfront
content-type: text/html; charset=utf-8
location: https://idsync.rlcdn.com/501709.gif?partner_uid=56c3b7d2-5349-4388-9e12-966502b5147c%3A1701438913.6661978&_=1701438913.6690335
content-length: 447
x-amz-cf-id: KEeM3YWLYd9EsBZrvMYQ1R0msGRLgZfZpphSIey2Mh1s0MSqzauEfw==

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 8228
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZWnlvny7ywxFNHJUiTd9HgAABFEAAAIB&gpp=&gpp_sid=
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZWnlvny7ywxFNHJUiTd9HgAABFEAAAIB&gpp=&gpp_sid=&dcc=t

43 B
855 B

122ms
122ms

Image
image/gif

52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZWnlvny7ywxFNHJUiTd9HgAABFEAAAIB&gpp=&gpp_sid=&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D

Protocol

HTTP/1.1

Server

52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Dec 2023 13:55:12 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: PWG4BD7MATXDGVNGRC34
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 01 Dec 2023 13:55:12 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: HADCYT9KRJ0EE4BC3RY5
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZWnlvny7ywxFNHJUiTd9HgAABFEAAAIB&gpp=&gpp_sid=&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

usermatchredir
ssum-sec.casalemedia.com/ Frame 8228
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZWnlvny7ywxFNHJUiTd9HgAABFEAAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEAZ9IbPKlLY-Uhre67KPrDI&google_cver=1

43 B
733 B

20ms
20ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEAZ9IbPKlLY-Uhre67KPrDI&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:12 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bqY3VC3Fv7LKUeHR3dlgsZ44yqa99Y7kaXvOW%2B4MNHbbn2kpc5elv%2FAEj9U5QbxEsRmvlPWAtcb43C2hBOJdP2TqINef8%2FoxfV31pAibxiljxi4HYXeI2C5AqFGle9%2BSqAupxVx54w5HXw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82ebd3927fb72c79-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:12 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEAZ9IbPKlLY-Uhre67KPrDI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 364
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 8228 70 B
148 B 33ms
32ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:12 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 8228
Redirect Chain

https://ad.turn.com/r/cs?pid=21
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3799640567489113041

43 B
734 B

26ms
25ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3799640567489113041
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:12 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QAebpYV%2BpVoS3JzzZJh%2By%2B4UyAWDhKnVtE7mK2QskXw9xOQXH0MeFbNEHzvegxyZChJ2swulh4ZMxg9BAx8EOOmEcDuiennoH3UBK7v9f2mTN17lKKtttPdU6xO%2FNBiitVIwjzM36zsCzg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82ebd3956b1c2c79-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3799640567489113041
pragma: no-cache
date: Fri, 01 Dec 2023 13:55:11 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 8228
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=68
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=4A59JtpPX25x5S7VoKkXxorHJoQ

43 B
731 B

20ms
20ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=4A59JtpPX25x5S7VoKkXxorHJoQ
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:12 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G9nnySdOqtfxmQYOJ1CjXP6hNgJO9tNUtQcDPVo9ePqXhhVtdrDoXXsmg4z30dvxAU3dmvIfI9AHLw%2FFB4jACFAJBTVMJbXLGd7tbCqPRICMkRtxZNFqb3K4SYiRSor9cQpNuPNpNVEtrA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82ebd394aa1c2c79-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=4A59JtpPX25x5S7VoKkXxorHJoQ
Date: Fri, 01 Dec 2023 13:55:12 GMT
Connection: keep-alive
Content-Length: 122
Content-Type: text/html; charset=utf-8

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 8228
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=29
https://c1.adform.net/serving/cookie/match?CC=1&party=29
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=7240467649772221518&expiration=1702648512

43 B
737 B

24ms
23ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=7240467649772221518&expiration=1702648512
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:12 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BGlKyH5waen3OkrTYVMqzs7%2FUHA9amzc08vbL0CrF5asp%2BoZtWksIF983xlMZfKlzjDiNJao%2Fc9UQo%2B5ZFWuqyLLhE8NdtqPHCUpHj%2FUzsluibZHKg4J8dRQDqoC1VAs0QPTc7N%2BPWuBpA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82ebd392e82b2c79-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=7240467649772221518&expiration=1702648512
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

demconf.jpg
dpm.demdex.net/ Frame 8228
Redirect Chain

https://dpm.demdex.net/ibs:dpid=23728&dpuuid=ZWnlvny7ywxFNHJUiTd9HgAA%261105?gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=ZWnlvny7ywxFNHJUiTd9HgAA%261105

42 B
717 B

33ms
32ms

Image
image/gif

34.253.135.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=ZWnlvny7ywxFNHJUiTd9HgAA%261105

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D

Protocol

Server

34.253.135.155 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-253-135-155.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

dcs: dcs-prod-irl1-1-v054-022e7ff67.edge-irl1.demdex.com 2 ms
pragma: no-cache
date: Fri, 01 Dec 2023 13:55:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: fbSIyRyVS7s=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs: dcs-prod-irl1-1-v054-047246365.edge-irl1.demdex.com 0 ms
pragma: no-cache
date: Fri, 01 Dec 2023 13:55:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-tid: 0Mx5BF87R6c=
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=ZWnlvny7ywxFNHJUiTd9HgAA%261105
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 setuid
sync.quantumdex.io/ Frame 8228 43 B
94 B 103ms
103ms Image
image/gif 2606:4700:10::ac43:2ac9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=ix&uid=ZWnlvny7ywxFNHJUiTd9HgAABFEAAAIB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:12 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82ebd3925bcb65d1-FRA
content-length: 43
content-type: image/gif

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame C538 0
42 B 43ms
11ms Script
text/plain 198.47.127.19
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=42986880&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:11 GMT
content-length: 0

GET
H3 200 view
ad.doubleclick.net/pcs/ Frame 4EAB 0
0 44ms
44ms Fetch
image/gif 216.58.212.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjst5S9vTL3a-I74KkyTUdB8JMp2WtlzzCV6DTuYR8Y8pzRrBa8cg1p8itVWC1YwJ2z2X5LbDcPo5ufTPM4gWZWQH1x2883Cx54nJyjAiopvxg9DlWCRfpQA60tgNA6pjYYZ-H8p4m_oLyVJUFBEv7HFemAsUX8qxsqC58_Tai7aBBqwnKkiLAxxdZz01XSF1kfdvnQAtcf3795NatmlA7GnwcKN-FSVGuRBFWMFpAF-qM2P5rAZ04DQ7gnSiNpP5K3m4Fc7caYARsxmp-DNyC4TYzepDwtdAoKN39L6DYVbXMMuW9ZN00qxrvtmizR2yykHD5gUSZVLs0DaoiQ4jhBTYNoxCE7T3lXg5PnWx6guO6KiunIcqlqHG7-UmzV4p-ijOjzFjlj3bkIrzqXkXZ63PRZ_rSKnoQJCYgEeJLHO551g0_JR2I_i_vsN2IbWwDTNN5cN7_2u2d3Vj8A9HKD_zmwKMpGVGvR5FiZ_JLL1Sfn-PAmEDMJItD47pWdy_33RJvSbTFFetPZCGDbfjPQiMTKAGzkg7tLugfaao9ZW3s_5mcJ10f_lrs6Pl-fGxVTNeXf9Sm-37ZND7f6ru6LDBBl1PG6bk275rGoj1cPG_lFrfzYWTfZp5iKsa6AAI4YrP3ztcYzZrDrLRIOPqM2cybmS5lZ7EfMtNh7QCpFlBmsqqW79coUVY_uZn6RyEsC3u3hOW4HmQ2dzhyO2hJY7-PTWJdj07f3xXamCiU_nB92VyPjNEp7z-AXLZrewzgTxwzQShIh8hOdLLm46_XhoDXEekQzUJJJIG9JlhAYsWQP63TO4cG3A7GA8yRvGmfXuvEMRsyMl5usBQgV-SlUHkl1jj1kTmM7g3A4ZXKjvBHCsR473ws4by33b72pYlg_ZAJcGLRi3PGhzs9MggB09WMhNJ3TyLhGpn25OdDaB4Ln0-tuGXc6RUCrPMPaHXBvhifC23x1SHwXiRpDzUezHHt1xu2gA2GTjxQsEwlENl847HLnfwcD2ANa1OtgjLi6eHvFsuTL2S3ETmrLQCGKNxb8XaneJTXbpy5acGw2sQS2uCFsXcNV5_aR8oMLnu-12OAFXDDDP9waVs0sdLTcuFZH1EtqUD8m_uDzGFzuGKVTcdKhNk_7eZV9P5q3hojeYYRQ6Fcc63lLx_WVIVk8uiLwNLTAcY1BO4oOlTbbNJ7ctPMECYryGK7ilnz2rdMMV7dM05NKbytDyAaEDmpmWFz1G8u9kFPcXyPwg4tEj0OMJRedxdH0nvOwU60se72y2UFfE4KFMD1WueontqXTGL7KHaQ7DUTZDgqzYtPtarUKE11wnKYS1WD55g9my9Sas972eVwUyQpJsFs6BdxPZDyqNoB5yYNWWfpEPmPg3pKcuH0YLr46pY4wyqHlGGkGJz4ewvThf7BhciT6ZdDmc9KsnfMlk3Q8l9L9WJxg4ZC_qbbwNrNdWN55QstrR9q34cXhjvyI-LiIROIRyFv6Xrg0EvP5I&sai=AMfl-YSr4bV7iPqN15Jm3jfr6EwC-b4tzqjqjRUdxB5igOYXmtsG3o4YCLfdUD4fu6nRqCBMAZKEvPcpRgJG1ZIQAgThBBN5yHVl04GV5gls6LdQQ0I6XJfYBQiut8nWOOnivte0c3qF583hYuNHUqbpaCNpghUOKmBQfdDGNYsSj_JurNSD0Mz9t2rXVaKey0ekxxgl894j8IZ9UFEiwkibE-zV02cdWkGuzuNcvK4AREjvHp8rZUNMmr-MxxVkbK34ck-cyxx3JEesl3dHveLc-S5qA0ERZmW-m-EOGVy1gVksWS4XjmPuenwlm16eCcsAQLO_zZnvWr9R7Y7NOF5J6wKQERY1DzWCzeMGEYp7FGNKqKStc-KI02OA1lkoFx2D59HI9laP6-QJ15BoL1qdzo7A2a6lx8CRa98yrM5i3cLRc5fGJg61Vi1YzFfVKqQs8D18_Lg0PW0AYO8OKt3kZ2sbccqHPtoSkHGJ-sYZ3ONO-F_tHPLMVpGSo_xODXuOKJl2krD9E6RCGw&sig=Cg0ArKJSzFH8pt1Cjj0nEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9sdWZ0aGFuc2EuY29tLGh0dHBzOi8vZXhhY3RhZy5jb20&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=3077&vt=11&dtpt=3038&dett=3&cstd=34&cisv=r20231129.76052&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: cn.friendshipquiz2022.com
URL: https://cn.friendshipquiz2022.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 async_usersync Show response
ib.adnxs.com/ Frame 7440 0
597 B 7ms
7ms Script
text/html 37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:13 GMT
an-x-request-uuid: e6b083e0-8601-4c3c-8441-56fef4a11dc2
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
cache-control: no-store, no-cache, private
x-proxy-origin: 138.199.38.132; 138.199.38.132; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 main.js Show response
s0.2mdn.net/creatives/assets/4703545/ Frame 3A37 3 KB
1 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4703545/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Zey4gjmDmL&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1b2da575466eb30982e08c1020f55bcf2d9565f53bd64c3da87a1d774d75588

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Zey4gjmDmL&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:48:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 403
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1100
x-xss-protection: 0
last-modified: Fri, 05 May 2023 10:07:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Dec 2023 14:03:30 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 3A37 8 KB
6 KB 52ms
52ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

375559ded0103e5f41e29d24160074a91882d175929936a3b71aa1820a419921

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:13 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5960
x-xss-protection: 0

GET
H3 200 728x90_de-de_performance.js Show response
s0.2mdn.net/creatives/assets/4703545/ Frame 3A37 80 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4703545/728x90_de-de_performance.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/main.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e22e6a4c1770831466a702ad01381d6e8ad3facca6587e0f70bd4fe77679b00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Zey4gjmDmL&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:42:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 793
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19260
x-xss-protection: 0
last-modified: Wed, 15 Nov 2023 13:32:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Dec 2023 13:57:00 GMT

GET
H3 200 star_alliance.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 3A37 6 KB
2 KB 19ms
19ms Fetch
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/star_alliance.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/728x90_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

563d8b655debf02dc76ee9cad7e2114692c770d009bfc9ed1f9153eb384593d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Zey4gjmDmL&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:50:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 274
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2334
x-xss-protection: 0
last-modified: Thu, 29 Jun 2023 11:06:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Dec 2023 14:05:39 GMT

GET
H3 200 lh_logotype_single.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 3A37 5 KB
2 KB 17ms
17ms Fetch
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/lh_logotype_single.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/728x90_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7502e785bdc8f7184cab7e278053c49be4458393085eb2fbddabf35b895c310

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Zey4gjmDmL&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:52:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 174
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2151
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 09:41:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Dec 2023 14:07:19 GMT

GET
H3 200 lh_crane.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 3A37 2 KB
1 KB 18ms
18ms Fetch
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/lh_crane.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/728x90_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d2067d4b9b5b9d3003ffa4dc17b44616dc00a543f59eea17df555e959f20b53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Zey4gjmDmL&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:40:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 854
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1311
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 09:41:55 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Dec 2023 13:55:59 GMT

GET
H3 200 NH_D_NA_India-London_728x90.jpg
s0.2mdn.net/creatives/assets/4703548/ Frame 3A37 42 KB
42 KB 19ms
19ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4703548/NH_D_NA_India-London_728x90.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0ae374cbc703a267fa20637afd5ba64dbce95eea34059efb36e134428937d2a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Zey4gjmDmL&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:50:00 GMT
x-content-type-options: nosniff
age: 313
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43256
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 16:18:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Dec 2023 14:05:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 3A37 17 KB
6 KB 63ms
63ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:55:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 01 Dec 2023 13:55:13 GMT

GET
H3 200 LufthansaHeadWeb-Bold.woff2
s0.2mdn.net/creatives/assets/4714589/ Frame 3A37 50 KB
50 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4714589/LufthansaHeadWeb-Bold.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a43c20863b324fe2bec355b5ebdc6566861742f92018f12be1b38fa2c8b7767

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=Zey4gjmDmL&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:43:03 GMT
x-content-type-options: nosniff
age: 730
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51548
x-xss-protection: 0
last-modified: Fri, 18 Nov 2022 11:46:13 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Dec 2023 13:58:03 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 7C02 39 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 10:34:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12027
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 30 Nov 2024 10:34:46 GMT

POST
H/1.1 204
No Content event.png
tpsc-ew1.doubleverify.com/ Frame 6805 0
345 B 41ms
15ms Ping
text/plain 130.211.44.5
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tpsc-ew1.doubleverify.com/event.png?impid=2a3ae260c815449eac8c54d81dba6cf9&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&pltm=1&ee_dp_btreg=7457129&ee_dp_btros_64=0&vdur=94&eoid=19&te_exec=0&msrjs=5017&sdf=67108868&vit=2&isvelg=1&rmi=16&tltms=52&tetms=4&msltms=16&vltms=94&sei=290&vetms=2&tuviims=38&tuviems=134&engms=1&engisel=1&ee_dp_ddtes=2&dvp_dtcov=4&sim=3&ee_dp_rbgms=1&ee_dp_asmm=1&msrcanlm=456&msrcannum=4&ee_dp_tmads=2209&ismms=22&isumms=21&nvr=6&elmtp=6&isbxdms=2121&b0=100&b11=2101&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=3&dvp_vsosnmr=16&lftb=2201&sftb=2201&msrdp=1&naral=192&vct=512&vphgt=1200&vpwdth=1600&chgt=90&cwdth=728&scrhgt=1200&scrwdth=1600&strp=0&advisonl=false&isiabvms=1021&isuiabvms=1021&ispmxpms=1021&engalms=20&engscrlms=121&dvp_pageEng=true&dvp_dpr=1&vstsz=754&ee_dp_cvcmeeid=1&metp=1&meeid=1&ttfurm=3107
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements5017.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 5.44.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
Pragma: no-cache
Date: Fri, 01 Dec 2023 13:55:13 GMT
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true, true
Connection: keep-alive
Expires: 2023-11-30T13:55:13

POST
H3 204 collect
region1.analytics.google.com/g/ 0
17 B 13ms
13ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-9QKBNZJYL1&gtm=45je3bt0v899789978&_p=1701438908651&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1445266296.1701438909&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAg&_s=4&sid=1701438908&sct=1&seg=0&dl=https%3A%2F%2Fcn.friendshipquiz2022.com%2F&dt=2023%E5%B9%B4%E7%9C%9F%E6%9C%8B%E5%8F%8B%E6%A8%99%E7%B1%A4%E6%8C%91%E6%88%B0%E8%B3%BD!%20%E7%8F%BE%E5%9C%A8%E5%B0%B1%E6%8E%A5%E5%8F%97%E9%80%99%E5%80%8B%E6%8C%91%E6%88%B0!&en=page_location&epn.percent_scrolled=90&_et=1&tfd=6730
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-9QKBNZJYL1&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cn.friendshipquiz2022.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 13:55:13 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cn.friendshipquiz2022.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fid.agkn.com
URL: https://fid.agkn.com/f?apiKey=2054351419&r=https%3A%2F%2Fcn.friendshipquiz2022.com%2F

Domain: api.rlcdn.com
URL: https://api.rlcdn.com/api/identity/envelope?pid=109

Domain: cs.admanmedia.com
URL: https://cs.admanmedia.com/b6931342ce0a4afaad148709b51fe102.gif?gdpr=&gdpr_consent=&ccpa=[CCPA]&coppa=[COPPA]&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dillumin%26uid%3D%5BUID%5D

Verdicts & Comments Add Verdict or Comment

212 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

70 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.3lift.com/sync	1970-01-20 18:46:54	Name: sync Value: CgoIoQEQ2-6lrcIxCgoIkQIQ2-6lrcIxCgoItAIQ2-6lrcIxCgoI5gEQ2-6lrcIxCgoIhwIQ2-6lrcIxCgoItwIQ2-6lrcIxCgkIOhDb7qWtwjEKCgiMAhDb7qWtwjEKCQhfENvupa3CMQoJCB8Q2-6lrcIx
i.liadm.com/s	1970-01-20 17:20:30	Name: _li_ss Value: ChAKBgjSARDQFgoGCKIBENAW
.friendshipquiz2022.com/	1970-01-20 16:38:45	Name: _gid Value: GA1.2.399680957.1701438909
.friendshipquiz2022.com/	1970-01-20 16:37:18	Name: _gat_gtag_UA_126527512_27 Value: 1
.friendshipquiz2022.com/	1970-01-20 16:37:18	Name: _gat_gtag_UA_216124835_12 Value: 1
.friendshipquiz2022.com/	1970-01-21 02:13:18	Name: _ga_LT965J6N63 Value: GS1.1.1701438908.1.0.1701438908.0.0.0
.friendshipquiz2022.com/	1970-01-21 02:13:18	Name: _ga Value: GA1.1.1445266296.1701438909
.friendshipquiz2022.com/	1970-01-21 02:13:18	Name: _ga_9QKBNZJYL1 Value: GS1.1.1701438908.1.0.1701438908.60.0.0
cn.friendshipquiz2022.com/	1970-01-20 17:20:30	Name: _pbjs_userid_consent_data Value: 3524755945110770
.friendshipquiz2022.com/	1970-01-21 01:22:54	Name: _sharedid Value: 5a9e0712-8f27-4caf-9658-9bca2b595385
.friendshipquiz2022.com/	1970-01-20 18:46:54	Name: _fbp Value: fb.1.1701438909074.2016244654
.quantumdex.io/	1970-01-20 16:51:42	Name: uid Value: 643f09fd-f31b-419c-9a1b-d27fc05d2057
.gumgum.com/	1970-01-21 01:22:54	Name: cs Value: true
prebid.a-mo.net/	1970-01-20 16:37:19	Name: _Amc_b Value: 0
.prebid.a-mo.net/	1970-01-21 01:22:54	Name: __amc Value: 1_1701438909_1701438909
.rubiconproject.com/	1970-01-21 01:22:54	Name: khaos Value: LPMOSODE-1P-1AFS
.rubiconproject.com/	1970-01-21 01:22:54	Name: audit Value: 1\|naVuGyos1qqXpaMajtYkqHjc0/aJelRdbjRFtGIHH0v8WIacSke7l5UHJAbsQSNUXmdHaN4PBqZ7BbaIRe7bv8RIU3aBMe0BSBx2P3in8zMwZcWySF1TcSKPLRELhl3xIo8tEQuGXfGma+WVcS1g3g==
.pubwise.io/	1970-01-20 17:20:30	Name: pubwise_uuid Value: %7B%22zde_uuid%22%3A%22XUPWUIDC4-fcd4213a-8760-44be-ba15-3bfd047d587f%22%2C%22zdxidn%22%3A11%7D
.doubleclick.net/	1970-01-21 01:58:54	Name: IDE Value: AHWqTUllvJNCFMKL7IB8lVDBWuOnRuW-AYcGsUpcnEGPSs8BfQuyPs60YF1B5EB2QJU
.doubleclick.net/	1970-01-20 16:37:22	Name: DSID Value: NO_DATA
.friendshipquiz2022.com/	1970-01-21 02:13:18	Name: _ga_F1D0DCDYHL Value: GS1.1.1701438908.1.0.1701438910.58.0.0
.friendshipquiz2022.com/	1970-01-21 01:58:54	Name: __gads Value: ID=8b75b4bbfd1e131a:T=1701438909:RT=1701438909:S=ALNI_Mb_HV1nSR8Otd8pIb0CO2qt-vD2ZA
.friendshipquiz2022.com/	1970-01-21 01:58:54	Name: __gpi Value: UID=00000cffc0f9a06d:T=1701438909:RT=1701438909:S=ALNI_MbsiEzot2YskhQI8p3L7JDcIDvQ1g
.adnxs.com/	1970-01-20 18:46:54	Name: uuid2 Value: 3326913662609740059
.casalemedia.com/	1970-01-20 18:46:54	Name: CMPS Value: 1105
.casalemedia.com/	1970-01-21 01:22:54	Name: CMID Value: ZWnlvny7ywxFNHJUiTd9HgAA
.casalemedia.com/	1970-01-20 18:46:54	Name: CMPRO Value: 1105
.doubleclick.net/	1970-01-20 20:56:30	Name: APC Value: AfxxVi6LBsk0hxPbwIWQPjEi4fGV-4qnWuNPrX6JdXwBSH9BQfgKtw
m.exactag.com/	1970-01-20 18:46:54	Name: exactag_new_gk Value: c3619e0768c542588348ffd6e40c106f%7C30.01.2024%2013%3A55%3A10
m.exactag.com/	1970-01-20 20:56:30	Name: exactag_new_uk Value: e53d6f6c01f845ff87ad1297b89229f8%7c
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: c11da862f6b44c05b749056b
.doubleclick.net/	1970-01-20 17:20:30	Name: ar_debug Value: 1
cn.friendshipquiz2022.com/	1970-01-20 16:37:22	Name: _lr_retry_request Value: true
cn.friendshipquiz2022.com/	1970-01-20 17:20:30	Name: _lr_env_src_ats Value: false
cn.friendshipquiz2022.com/	1970-01-20 18:03:42	Name: pbjs-unifiedid Value: %7B%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222023-12-01T13%3A55%3A12%22%7D
.3lift.com/	1970-01-20 18:46:54	Name: tluid Value: 686083750714777684919
.adnxs.com/	1970-01-20 18:46:54	Name: anj Value: dTM7k!M4.gE:2jUF']wIg2IldlE/QL!]taRiy.qp@:os1=2!:F4PUb@z=b1d](_rF4M4.cnO5CQE!w3mg]z?MEeJ<Ex9Y1D$25b?[h'=T66L<_W75B3OoM3O4lG5eIa'3]6ME)OC*nAR#'T!!!Ke-tM#z
.adnxs.com/	1970-01-20 18:46:54	Name: uids Value: eyJ0ZW1wVUlEcyI6eyJ0cmlwbGVsaWZ0X25hdGl2ZSI6eyJ1aWQiOiI2ODYwODM3NTA3MTQ3Nzc2ODQ5MTkiLCJleHBpcmVzIjoiMjAyNC0wMi0yOVQxMzo1NToxMloifX0sImJpcnRoZGF5IjoiMjAyMy0xMi0wMVQxMzo1NToxMloifQ==
.bidswitch.net/	1970-01-21 01:22:54	Name: tuuid Value: d96b649f-7d68-4f90-a449-ee55e3f2c947
.bidswitch.net/	1970-01-21 01:22:54	Name: c Value: 1701438912
.bidswitch.net/	1970-01-21 01:22:54	Name: tuuid_lu Value: 1701438912
.ads.pubmatic.com/	1970-01-20 16:38:45	Name: KCCH Value: YES
.adform.net/	1970-01-20 17:21:57	Name: C Value: 1
.adform.net/	1970-01-20 18:03:42	Name: uid Value: 7240467649772221518
.demdex.net/	1970-01-20 20:56:30	Name: demdex Value: 78400993979973810372340383717252894882
.dpm.demdex.net/	1970-01-20 20:56:30	Name: dpm Value: 78400993979973810372340383717252894882
.linkedin.com/	1970-01-21 01:22:54	Name: bcookie Value: "v=2&49f35d49-9202-48e8-85a4-66c0b21a2c1e"
.linkedin.com/	1970-01-20 20:56:30	Name: li_gc Value: MTswOzE3MDE0Mzg5MTI7MjswMjGGvsKbnEWpinpmIFLkvi8I4ERGPxznuEt73luqzj53iA==
.linkedin.com/	1970-01-20 16:38:45	Name: lidc Value: "b=TGST07:s=T:r=T:a=T:p=T:g=2690:u=1:x=1:i=1701438912:t=1701525312:v=2:sig=AQFr8cDPTbNyynxddffYI942xg5ihZLf"
.disqus.com/	1970-01-21 01:22:54	Name: zeta-ssp-user-id Value: ua-6c0cc20a-c3cc-3925-8f31-b49d9ff2272f
sync.srv.stackadapt.com/	1970-01-21 01:22:54	Name: sa-user-id Value: s%3A0-e00e7d26-da4f-5f6e-71e5-2ed5a0a917c6.1pFXuegY9Oynmcr4km8xIIcLUIR75iin2sfGOywXM9k
.srv.stackadapt.com/	1970-01-21 01:22:54	Name: sa-user-id Value: s%3A0-e00e7d26-da4f-5f6e-71e5-2ed5a0a917c6.1pFXuegY9Oynmcr4km8xIIcLUIR75iin2sfGOywXM9k
sync.srv.stackadapt.com/	1970-01-21 01:22:54	Name: sa-user-id-v2 Value: s%3A4A59JtpPX25x5S7VoKkXxorHJoQ.8HjCmCBedvXROz0L4CpPg5PgW%2FMm3P8zzTxDsl1W1qE
.srv.stackadapt.com/	1970-01-21 01:22:54	Name: sa-user-id-v2 Value: s%3A4A59JtpPX25x5S7VoKkXxorHJoQ.8HjCmCBedvXROz0L4CpPg5PgW%2FMm3P8zzTxDsl1W1qE
sync.srv.stackadapt.com/	1970-01-21 01:22:54	Name: sa-user-id-v3 Value: s%3AAQAKIF7RCE1Fz1KkAj-Zqp35NhOmdWcAtfcSH35EsFNg0KzAEHwYBCDAy6erBjABOgSVjvJGQgQ9KYxP.uPse7DgUbqH2lWdVxLLsuBTTQW93hd0Cwd%2Bc%2FN6lp54
.srv.stackadapt.com/	1970-01-21 01:22:54	Name: sa-user-id-v3 Value: s%3AAQAKIF7RCE1Fz1KkAj-Zqp35NhOmdWcAtfcSH35EsFNg0KzAEHwYBCDAy6erBjABOgSVjvJGQgQ9KYxP.uPse7DgUbqH2lWdVxLLsuBTTQW93hd0Cwd%2Bc%2FN6lp54
.liadm.com/	1970-01-21 02:13:18	Name: lidid Value: 3b263b6f-a76a-4b7a-a5f6-42bd6608bc44
.betweendigital.com/	1970-01-21 01:22:54	Name: dc Value: lux1
.betweendigital.com/	1970-01-21 01:22:54	Name: tuuid Value: 05e846ee-4b96-524f-8a75-38a1ef1cdd61
.betweendigital.com/	1970-01-21 01:22:54	Name: ss Value: 1
.amazon-adsystem.com/	1970-01-20 21:44:02	Name: ad-id Value: AxXZDV4KyUZttls7jbiFTpA
.amazon-adsystem.com/	1970-01-21 02:13:18	Name: ad-privacy Value: 0
.betweendigital.com/	1970-01-21 01:22:54	Name: ut Value: ZWnlwAAMCgiGG0lCqZdAhusOwSDoEWAd1PkRmA==
.turn.com/	1970-01-20 20:56:30	Name: uid Value: 3799640567489113041
.rezync.com/	1970-01-20 20:56:30	Name: zync-uuid Value: 56c3b7d2-5349-4388-9e12-966502b5147c:1701438913.6661978
live.rezync.com/	1970-01-20 20:56:30	Name: sd-session-id Value: eyJfcGVybWFuZW50Ijp0cnVlLCJzZXNzaW9uX2lkIjoiNTZjM2I3ZDItNTM0OS00Mzg4LTllMTItOTY2NTAyYjUxNDdjOjE3MDE0Mzg5MTMuNjY2MTk3OCJ9.ZWnlwQ.RQ1ucAQGbfTfpu6UXqq6Rpk2YJ0
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNjU0sDSzMDUzNjSwMDA2tzS3MBbiM9Q1Nsp3DShJS_YOz_UHAITY2pYlAAAA
.rfihub.com/	1970-01-21 01:58:54	Name: rud Value: H4sIAAAAAAAA_-MSNjU0sDSzMDUzNjSwMDA2tzS3MBbiM9Q1Nsp3DShJS_YOz_UHAITY2pYlAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAA_w3JyxWAMAgEwIvt4MvyWSDlJNqIlZu5zndlcNvKRyXMW9yqpF-oNBlDV8BzT-TAqYbdJNFZP_98HrI6AAAA
.rfihub.com/	1970-01-21 01:58:54	Name: eud Value: H4sIAAAAAAAA_1XJuRGAMAwF0QqIXIcYf92iHBsaIiSkUsgYwn17tjCfMmJnMtEilUyqA0zlbp2HQWNuiI53FWR1d1Tk1ZYPk_v9bzwAYTI9WgAAAA

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://cn.friendshipquiz2022.com/ Message: Access to XMLHttpRequest at 'https://fid.agkn.com/f?apiKey=2054351419&r=https%3A%2F%2Fcn.friendshipquiz2022.com%2F' from origin 'https://cn.friendshipquiz2022.com' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
network	error	URL: https://fid.agkn.com/f?apiKey=2054351419&r=https%3A%2F%2Fcn.friendshipquiz2022.com%2F Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://cn.friendshipquiz2022.com/ Message: Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=109' from origin 'https://cn.friendshipquiz2022.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://api.rlcdn.com/api/identity/envelope?pid=109 Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://idsync.rlcdn.com/501709.gif?partner_uid=56c3b7d2-5349-4388-9e12-966502b5147c%3A1701438913.6661978&_=1701438913.6690335 Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	ALLOW_FROM http://dc2-staging.holagames.io, ALLOW_FROM https://dc2-staging.holagames.io

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acdn.adnxs.com
ad.doubleclick.net
ad.turn.com
ads.betweendigital.com
ads.pubmatic.com
ap.lijit.com
api.pubwise.io
api.rlcdn.com
c1.adform.net
c39f614ea0bd7c7ade6276ef6bbdbb8c.safeframe.googlesyndication.com
cdn.doubleverify.com
cdn.flashtalking.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
cn.friendshipquiz2022.com
connect.facebook.net
contextual.media.net
cs-server-s2s.yellowblue.io
cs.admanmedia.com
d.turn.com
dis.criteo.com
dpm.demdex.net
dsum-sec.casalemedia.com
eb2.3lift.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fdyn.pubwise.io
fid.agkn.com
fonts.googleapis.com
fonts.gstatic.com
g2.gumgum.com
googleads.g.doubleclick.net
gum.criteo.com
hb.yellowblue.io
i.liadm.com
ib.adnxs.com
id.a-mx.com
id.crwdcntrl.net
id5-sync.com
idsync.rlcdn.com
image6.pubmatic.com
img.friendshipquiz2022.com
img.holaquiz.com
img.realtest.me
lb.eu-1-id5-sync.com
lexicon.33across.com
live.rezync.com
m.exactag.com
match.adsrvr.org
match.sharethrough.com
mp.4dex.io
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
pbs.pubwise.io
pr-bh.ybp.yahoo.com
prebid.a-mo.net
prebid.media.net
pubwise-d.openx.net
px.ads.linkedin.com
region1.analytics.google.com
region1.google-analytics.com
s.ad.smaato.net
s.amazon-adsystem.com
s0.2mdn.net
script.4dex.io
secure.flashtalking.com
securepubads.g.doubleclick.net
servedby.flashtalking.com
ssc-cms.33across.com
ssc.33across.com
ssp.disqus.com
ssum-sec.casalemedia.com
stats.g.doubleclick.net
superal.github.io
sync.1rx.io
sync.adkernel.com
sync.pubwise.io
sync.quantumdex.io
sync.srv.stackadapt.com
sync.teads.tv
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
tps.doubleverify.com
tpsc-ew1.doubleverify.com
u.ipw.metadsp.co.uk
u.openx.net
us-u.openx.net
useast.quantumdex.io
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
api.rlcdn.com
cs.admanmedia.com
fid.agkn.com
104.18.36.155
13.248.245.213
13.32.27.83
130.211.34.132
130.211.44.5
131.153.158.209
139.178.67.5
142.250.186.66
145.40.97.67
151.101.130.217
162.19.138.117
162.19.138.119
178.250.1.9
184.30.22.30
188.42.34.65
193.0.160.131
198.47.127.19
2.16.97.41
2001:4860:4802:32::36
2001:4860:4802:34::36
213.202.235.10
216.52.2.86
216.58.212.134
23.197.128.137
23.32.184.20
23.32.184.38
23.35.236.188
23.43.60.191
2600:9000:2190:9800:1b:5138:8a40:93a1
2602:803:c003:200::44
2606:4700:10::ac43:2ac9
2606:4700:20::681a:8e1
2606:4700:20::681a:c79
2606:4700:20::ac43:4898
2606:4700:20::ac43:4937
2606:4700:20::ac43:4bf1
2606:4700:4400::6812:22b2
2606:4700::6811:180e
2606:50c0:8001::153
2620:1ec:21::14
2a00:1450:4001:808::2001
2a00:1450:4001:808::2002
2a00:1450:4001:80b::2001
2a00:1450:4001:80b::2002
2a00:1450:4001:80f::2008
2a00:1450:4001:810::2003
2a00:1450:4001:811::2004
2a00:1450:4001:812::2013
2a00:1450:4001:813::2003
2a00:1450:4001:827::2003
2a00:1450:4001:82a::200a
2a00:1450:4001:82a::200e
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2006
2a00:1450:400c:c0c::9b
2a02:2638:3::c
2a02:26f0:480:15::213:7e47
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
2a05:d018:d29:3601:b946:ae1e:458e:a1ae
3.33.220.150
3.68.140.79
3.69.155.84
34.120.63.153
34.149.20.76
34.232.187.54
34.253.135.155
34.255.245.69
35.157.81.215
35.210.239.72
35.244.159.8
35.244.174.68
35.244.193.51
37.157.6.233
37.252.171.85
44.205.81.90
44.206.51.168
46.228.164.11
46.228.164.13
46.228.174.117
51.75.86.98
52.30.181.208
52.46.130.91
54.216.79.244
54.221.120.232
67.202.105.22
69.173.144.165
77.245.57.72
0048dcffa805083cb14d8aaab865a2d7ed6f21145cb496f0b58a9212468f23be
01feb2124a8ed47a12ee5bb7305dfaaa4d615f60a47c487e55d0a306cd4e26fc
04682722d7b228d153dbf1ca953940f30843864c0285972e6030bbcee309d790
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
09b186dc119230c8ab2c806d31bcc8dd4a0a2ba347165f35156422307b8e10ff
0a43c20863b324fe2bec355b5ebdc6566861742f92018f12be1b38fa2c8b7767
0ae374cbc703a267fa20637afd5ba64dbce95eea34059efb36e134428937d2a3
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e
0e22e6a4c1770831466a702ad01381d6e8ad3facca6587e0f70bd4fe77679b00
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
0efe4f242ffcd666285267dc3f5b0910bbb397559071764769e967f760e5150e
0f0215b545d433a392f578cc36dc8ecf84539bdd4aac5f5b8bcf116beb009aea
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1adb10c9a5878dd4306d66ff94ae27a07cbe47f57b34dec9a807e5d2d426eee0
1af8189c0a005cdfcd47482d36288517428abf24dd6dff2a84b98e2f5729e3cf
1b737b0525dd5b7d5263333545c1bcf47becde1d6b5d17a438b0cb4ba2604f94
1e8255905b241808d05b885ad24ef9b55debdcf9362004c7fa53c2a6814d569e
257b7f77931c8219281a4151064b6a82fa6fa167591dbc6c066aea5f65d03022
26305a08644b4f51b55812cf0ecf879c22da303a365b3d2769baa1b54c028c4d
295f0eeddb27fe87d2b476aa26baa47e5ffc0f0dee23dca0e2179a220f004c42
2a7e4bf63bc70f8c050d0d52aea5b15dddaaf64fd51036cd996130cbb5f58b14
2b366228a37137c0904b937602dfcba4f827337cf8f100b104234635f9d7574f
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2db8a0a3e12473188d443ef7099794647d646e7f000173a4d80efe5e1c77157a
2dcdc932ef9d1ab987c479b1fb592eacfe61500f6d43359f318f5d79776ce1f5
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
375559ded0103e5f41e29d24160074a91882d175929936a3b71aa1820a419921
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3b6dfeb59f7464899e64068a09afaa80fdae61e9767a041f9bc60aae5362c599
3d2067d4b9b5b9d3003ffa4dc17b44616dc00a543f59eea17df555e959f20b53
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
4255bacb0aa796ba5ea21355c688198863422015a69d2cf8913ebc871bb08971
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
43c9555701d17579571d962cfee37868f4769995820a96abf451623b0528c92c
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
442b640b55f08adab45026546c08b9dddb05de589ddeb5ad7a9c28b219192614
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bff8e4514921bff17a1e78597fd0c2e7ecee686846e3403c809a1df2a79c61f
4ce2c84c474fb80b33e347ae6f356796021d6fd42e88a6352fc6e9ca0b22bd63
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f2eb4153b5650d718847c96f2c727d4684a930961c256ffe21da3e2a81be522
51c012cf2461bf8b29f345373366183c7fd121579b6178e942be0b61d8c7da14
51ea9fe89565220511e5646e418867473999bf6bbe6acb7d98a8ab47ef312d58
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
562a90e48abfcf078bcb8e187e981487912ae93feea123f1782f9f20896851ea
563d8b655debf02dc76ee9cad7e2114692c770d009bfc9ed1f9153eb384593d1
57f6d3807b91f5746bee342a67bb053029f637f59ed6afee9f224ab8ef394757
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5efeb7fce5704344f6f4b94d54662363451fc28c9532d6009d855658aade1b92
6197a4123dfc798c91a85e5e1fde08a54770adfcdfd7300ff70dd26459cea817
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b
63e6f24715518dd6a3520f0b6d768b24ce278787b788154d6fbccc10ac062c1b
66f5781f587f8005892713ebe3cd1c91cc9727d6bdd3c676a6761b944c1754a6
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6e4d3266d1899da97717c9737a31a9e6539bc595dbe5504e933c9a8c37bd89cf
6e5f38456e85c91724979e7df314dc38b568bed6a75d0fa42c5c76bd94c07ad7
737473b145a0fb2d97963ba71104b42ea59d434e17d43de3db67ddffc24200ac
77b47b7a038f38916adbe760bc262fe2aa75e9f2a0d67621d19ad74e41acdb39
798b2b4e370e6505dfbb408bb1d9fa0d2b33123315f4a3e49c31943d465fe5e8
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628
835d49bdfa132d644e036b39835f57377103a593ed3049ce81f1ece34fba0577
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86900319055f822123338c1e323f1f1ed695be64a7db58a6631c36cf035a744e
893dfc6a97255b3a7dde5cea214ce45a2eb28a08e3bad48cdd44a6597710cc2e
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e36b3824734aec025abb1460b3c09e13d4113dc016f29238ce3ce5058c61d9f
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652
8f481b5bcd63b5520e8565327a241ca70e6ae72543151dff2373f5d29bd2431f
913fa99c4c2195e32fef6a798876939243dcffd0f083057cc5ece914ff02994c
92b095a78bd2239b1ef158151eeeba1c4f53da5310a2f13b4af35391bbfd9407
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
95bb3eaf0e9d9efc5a8970687a2b17e905537b2beaa1dcd787ad02c705243def
967708adb7f0c1d0e157c84b612535a7dc1bf2f17cb6482e34ec4565daa406a2
9a03674bfe83fe09eee7aae6106943918be73a009be21468c2bdb1b4ce958fdc
9c20edcd95e8e4b77510bb79edc12ce9bb7e29f37eed3efcfb77c03191d6f892
9cbc98e8f827f5bf7d7b3f9892a103449f680023978df5e642725f280888d982
9f6e245ec73203f99ecb888db309a2bdaf91f8696c1cebaa94e477a953fab30a
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a01d4697c573f58e7767751f7e71fff08322f15c98d2f11ec8c2f8bee36c9ef1
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a185501e6494aabce4dbbe996abd879f6793d605c5525aead8346f1632de300a
a240672bde645e5a05f65efe35df266277c6999e23798fac01a2a93b22e67f80
a5270b4442df921b38b1241f7152a12f1cc932633bae9ec745515477369e4939
a6c1d708c813d74cce955af0a64f9e2e1bf9030fa8a95fcb147756dd25fee633
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a6df8215439f8c1a4f31e4407a93cdb72cfc12b525cc378678ad717f8451325d
a7c103dcd91c8435d96ab66b6295a26231dd992c08ea1ec4532fb561f162c2a8
a84cb06c27b7617c81b075bdb123e0e63e8da1b70feee763f86899a4fc3f3623
a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ac7c82b8bb1d0f85cd4e112e5789568360d256d2f3200aabab6f9d1dbce9663c
ad0c0144b9f6cbd37c5d1531fbfffa610d35aaa7ff43b64dbebc6a458208801a
adaba1a1d73fff1bbde3db9d87855112f40fa0d67555ad3014fb9df0a8586b86
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b033f59e4ffeaa6f3e4f2e839c035a14811d5469d3f772eda6056d7d5782c53f
b0a6c1fbdc65aa3a8dbf6da640512e24dd965b922f85c4d300763132e388b7d2
b13a816e34126e36b42e0941b193a1dd48063d37a41dbe41899fd1ea888be195
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b17c86c98ccc2958f0dec3bc102b020e6cb575b14f72d754fb3b485190fe8fac
b5a816d74686d4c8dc5a9fbd3f3b34761227ef7d42c7dc6d82dcb5735ad7a57d
b67ad968ba3668562f331df45b73501e17c7c166bcf7e5443c33633cbc9d5783
ba67e5d2e5db0a26ca087c9a9bcdf1ca76a909b0e00de8b692c187c98bfa82e1
baf28ddd2dcf0a7ea32052eb7a066df465ef72054ec9d90ac2cdb981006dcb70
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bbbf189ee0fd46edc91bdc96aeac86c78c35c8d497ecd9a786ef318ccb62e985
be9ba5044c34fe26e410721da1a816bfa6a97d5240a003423d74b0f890e854a9
c03d773dc1e1f956cde7fe63c78d64efa28ec457089224dfea4df757e47818dc
c0a7419945aeecb7558919b2ebfad2da01398da7440e0853ec96d4628e1cc913
c1b2da575466eb30982e08c1020f55bcf2d9565f53bd64c3da87a1d774d75588
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c3b04b64fa45af19c92cb704fcc1d0856c477060fa78815c7a0f050dd714feb7
c40357d87c7a7f2c344dd2542718c072e6c6df2ad7c5c9ffb008a81696dc31ab
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c72c5cdb8ee97ed1e23f49f9cc0884c795f9c70e85a566453d9701f12cebfe9f
c936bca314b30e3c48bbad667c920cac28e3e43b72f5f372c706e885a0aa2743
ce6a9938f990b4b22489339f7fcc181d6c16a4cf0891b74e4b1abe1bfc90462e
cf9c6fa44989dd4c596f901f16c35fe611d383f46754231f92457dffa58ca006
d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d1bcdeb1522f5eede28047c94ee62e348e525632fe2769a4621dbbdf25f80259
d5bee46776e28c81c5683a7abe06e70d07f8f1a106d5948031a515859387d7ea
d7502e785bdc8f7184cab7e278053c49be4458393085eb2fbddabf35b895c310
d7fee07b08f21a5a9c385220b8e279007527e8bfb32434d53da04727600362ba
db668b70fd0021a224a50338fc80f62881fc5e678e84987ff62785d86ab3f320
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd048bc7a6651d25b265c16eb7d1a670d7d5532a317c669e27546df53de6f524
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e04a40af8692b8e76780c014a3f5ad8d55d98fe8a6cd671bbebd32413117888d
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
e9d326d143e17ce184ce94bd819a52c092a13b2cea37cac67fc423984914562c
eb0fd579388b546353dbf540497787a7fd40b983b99391a764706b984545667d
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ed2a554b4e67b7fb75be198b6f6a81d20c06987015f6c32a5ba704d6fc70b16e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5531aacc62eaa1fa42ddbb52866ea4c11ed4d07926eb8675c85bcc963ea4000
f59f5cdad1043d40faa8065096c35e8d0bfe04f545030bacbfac6471364c62d0
f5a1358bce26ba1080892d68986a6585f6604dcba6bfd26af426bb59461e3fd9
f75ada33b07cb31e16a0a0d3325961a22dc9526edb49bff04c31d7b7611f7025
f8757ec93adfe3dcfc33ad9f5ae28aca9dd843f87e015c41cde2adaf108d5d91
fc8c22ccf4a82536089f1ff43435905611c36795617cff7ad378e6545260461d

cn.friendshipquiz2022.com Open in urlscan Pro 2606:4700:20::ac43:4898 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

261 Requests

90 %HTTPS

39 %IPv6

64 Domains

98 Subdomains

77 IPs

10 Countries

3401 kBTransfer

8992 kBSize

70 Cookies

4 Outgoing links

Page URL History

Redirected requests

261 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

cn.friendshipquiz2022.com Open in urlscan Pro
2606:4700:20::ac43:4898 Public Scan

Screenshot
Live screenshot

Full Image

261
Requests

90 %
HTTPS

39 %
IPv6

64
Domains

98
Subdomains

77
IPs

10
Countries

3401 kB
Transfer

8992 kB
Size

70
Cookies

261 HTTP transactions
3 data transactions