www.teamblind.com Open in urlscan Pro
99.84.156.98 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://links98.mixmaxusercontent.com/5edee1868f49b1002047f083/l/K3Vr4tqU3qt2twZdX?messageId=QLvIy7WqbxhzAZxrS&rn=&re=ISbvNmLzV2YyV3bz...
Effective URL:
https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=em...
Submission: On April 15 via api (April 15th 2021, 8:07:21 pm UTC) from US

Summary HTTP 338 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 55 IPs in 10 countries across 40 domains to perform 338 HTTP transactions. The main IP is 99.84.156.98, located in United States and belongs to AMAZON-02, US. The main domain is www.teamblind.com.
TLS certificate: Issued by Amazon on February 10th 2021. Valid for: a year.

This is the only time www.teamblind.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	18.210.203.176 18.210.203.176	14618 (AMAZON-AES) (AMAZON-AES)
38	99.84.156.98 99.84.156.98	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	52.219.16.231 52.219.16.231	16509 (AMAZON-02) (AMAZON-02)
13	99.84.155.72 99.84.155.72	16509 (AMAZON-02) (AMAZON-02)
9	52.42.113.144 52.42.113.144	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:10c... 2a02:26f0:10c:58e::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2.18.234.190 2.18.234.190	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	52.217.18.110 52.217.18.110	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
2	70.42.32.159 70.42.32.159	13789 (INTERNAP-...) (INTERNAP-BLK3)
1	2620:119:50e3... 2620:119:50e3:101::6cae:b45	14413 (LINKEDIN) (LINKEDIN)
2	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
12	99.84.156.54 99.84.156.54	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c0d::9c	15169 (GOOGLE) (GOOGLE)
7	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
45	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
7	2600:9000:215... 2600:9000:2156:ee00:18:69f:d880:93a1	16509 (AMAZON-02) (AMAZON-02)
14	13.124.92.103 13.124.92.103	16509 (AMAZON-02) (AMAZON-02)
3	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
15	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
2	178.250.0.165 178.250.0.165	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
6	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
26	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
23	2a02:26f0:10c... 2a02:26f0:10c:59c::4469	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
10 27	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
4 10	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
5 8	37.252.173.22 37.252.173.22	29990 (ASN-APPNEX) (ASN-APPNEX)
2	3.126.239.96 3.126.239.96	16509 (AMAZON-02) (AMAZON-02)
2	213.254.244.16 213.254.244.16	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
22	213.254.244.14 213.254.244.14	36062 (DOUBLE-VE...) (DOUBLE-VERIFY)
2	142.250.186.102 142.250.186.102	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:827::2006	15169 (GOOGLE) (GOOGLE)
6	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
2	66.155.71.149 66.155.71.149	13768 (COGECO-PEER1) (COGECO-PEER1)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
2 2	3.126.158.103 3.126.158.103	16509 (AMAZON-02) (AMAZON-02)
1 1	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
2 2	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
3 3	72.251.249.9 72.251.249.9	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1	2620:116:800d... 2620:116:800d:21:51e4:db4b:4436:b305	16509 (AMAZON-02) (AMAZON-02)
1 1	169.50.137.190 169.50.137.190	36351 (SOFTLAYER) (SOFTLAYER)
1	52.17.19.0 52.17.19.0	16509 (AMAZON-02) (AMAZON-02)
2 2	185.86.137.121 185.86.137.121	201081 (SMARTADSE...) (SMARTADSERVER)
1 1	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1 2	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
1	34.96.105.8 34.96.105.8	15169 (GOOGLE) (GOOGLE)
2 2	37.157.6.242 37.157.6.242	198622 (ADFORM) (ADFORM)
1	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
6	213.254.244.22 213.254.244.22	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
1	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
338	55

1 18.210.203.176 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-210-203-176.compute-1.amazonaws.com

links98.mixmaxusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 99.84.156.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-156-98.txl52.r.cloudfront.net

www.teamblind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.219.16.231 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: s3-ap-northeast-1-r-w.amazonaws.com

teamblindstatics.s3.ap-northeast-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 99.84.155.72 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-155-72.txl52.r.cloudfront.net

d2u3dcdbebyaiu.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 52.42.113.144 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-42-113-144.us-west-2.compute.amazonaws.com

uswwwnotifier.teamblind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10c:58e::25ea (Düsseldorf, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.234.190 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-190.deploy.static.akamaitechnologies.com

amplify.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.217.18.110 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 70.42.32.159 (United States)

ASN13789 (INTERNAP-BLK3, US)
PTR: ny.outbrain.com

tr.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:119:50e3:101::6cae:b45 (United States)

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 99.84.156.54 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-156-54.txl52.r.cloudfront.net

compass.adop.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0d::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

45 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:83:face:b00c:0:25de (United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:9000:2156:ee00:18:69f:d880:93a1 (United States)

ASN16509 (AMAZON-02, US)

adopdmp.adop.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 13.124.92.103 (Incheon, Korea, Republic Of)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com

data.adop.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.165 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.par.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a02:26f0:10c:59c::4469 (Düsseldorf, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn3.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 142.250.185.98 (United States) 10 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2.18.234.21 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 37.252.173.22 (Frankfurt am Main, Germany) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.239.96 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-239-96.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.254.244.16 (United States)

ASN3257 (GTT-BACKBONE GTT, US)

rtb2.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 213.254.244.14 (United States)

ASN36062 (DOUBLE-VERIFY, US)

tps.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps20520.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps20519.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps20226.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps20239.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps20234.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.102 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:827::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.155.71.149 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.158.103 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-158-103.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::8000 (United Kingdom) 1 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.253.211 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 72.251.249.9 (Amsterdam, Netherlands) 3 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:51e4:db4b:4436:b305 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.50.137.190 (United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: be.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.17.19.0 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-19-0.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.137.121 (France) 2 redirects

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.126.56.137 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.0.160.129 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.242 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 213.254.244.22 (United States)

ASN3257 (GTT-BACKBONE GTT, US)

tps20246.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps20241.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
71	googlesyndication.com pagead2.googlesyndication.com dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com tpc.googlesyndication.com 23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com ade.googlesyndication.com	434 KB
53	doubleverify.com cdn.doubleverify.com cdn3.doubleverify.com rtb2.doubleverify.com tps.doubleverify.com tps20520.doubleverify.com tps20519.doubleverify.com tps20226.doubleverify.com tps20239.doubleverify.com tps20234.doubleverify.com tps20246.doubleverify.com tps20241.doubleverify.com	534 KB
50	doubleclick.net 10 redirects googleads.g.doubleclick.net stats.g.doubleclick.net securepubads.g.doubleclick.net cm.g.doubleclick.net ad.doubleclick.net googleads4.g.doubleclick.net	432 KB
47	teamblind.com www.teamblind.com uswwwnotifier.teamblind.com	974 KB
33	adop.cc compass.adop.cc adopdmp.adop.cc data.adop.cc	84 KB
16	googletagservices.com www.googletagservices.com	389 KB
13	cloudfront.net d2u3dcdbebyaiu.cloudfront.net	485 KB
12	2mdn.net s0.2mdn.net	390 KB
10	casalemedia.com 4 redirects dsum-sec.casalemedia.com	9 KB
8	adnxs.com 5 redirects ib.adnxs.com	8 KB
7	google.com adservice.google.com www.google.com	642 B
5	google.de adservice.google.de www.google.de	638 B
3	lijit.com 3 redirects ap.lijit.com	2 KB
3	criteo.com bidder.criteo.com gum.criteo.com	444 B
3	criteo.net static.criteo.net	38 KB
3	google-analytics.com www.google-analytics.com	19 KB
3	outbrain.com amplify.outbrain.com tr.outbrain.com	4 KB
2	adform.net 2 redirects c1.adform.net	1 KB
2	rfihub.com 1 redirects p.rfihub.com a.rfihub.com	2 KB
2	smartadserver.com 2 redirects ssbsync.smartadserver.com	765 B
2	openx.net 2 redirects rtb.openx.net	767 B
2	yahoo.com 2 redirects pr-bh.ybp.yahoo.com ups.analytics.yahoo.com	2 KB
2	bidswitch.net 2 redirects x.bidswitch.net	1 KB
2	sitescout.com pixel-sync.sitescout.com	382 B
2	agkn.com d.agkn.com	1 KB
2	facebook.com www.facebook.com	276 B
2	facebook.net connect.facebook.net	96 KB
2	amazonaws.com teamblindstatics.s3.ap-northeast-1.amazonaws.com s3.amazonaws.com	23 KB
1	blismedia.com tr.blismedia.com	135 B
1	gstatic.com fonts.gstatic.com	19 KB
1	googleapis.com fonts.googleapis.com	1 KB
1	adsrvr.org match.adsrvr.org	265 B
1	simpli.fi 1 redirects um.simpli.fi	703 B
1	quantserve.com cms.quantserve.com	463 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com	480 B
1	googleadservices.com partner.googleadservices.com	642 B
1	linkedin.com px.ads.linkedin.com	611 B
1	licdn.com snap.licdn.com	2 KB
1	googletagmanager.com www.googletagmanager.com	52 KB
1	mixmaxusercontent.com 1 redirects links98.mixmaxusercontent.com	714 B
338	40

	Domain	Requested by
38	www.teamblind.com	www.teamblind.com
37	pagead2.googlesyndication.com	www.teamblind.com pagead2.googlesyndication.com securepubads.g.doubleclick.net dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net 23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com ad.doubleclick.net www.googletagservices.com
27	cm.g.doubleclick.net	10 redirects googleads.g.doubleclick.net 23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com www.teamblind.com dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
27	tpc.googlesyndication.com	securepubads.g.doubleclick.net dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net 23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com ad.doubleclick.net pagead2.googlesyndication.com
21	cdn.doubleverify.com	dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com googleads.g.doubleclick.net www.teamblind.com cdn.doubleverify.com 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com ad.doubleclick.net
16	www.googletagservices.com	pagead2.googlesyndication.com compass.adop.cc securepubads.g.doubleclick.net dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com cdn.doubleverify.com www.googletagservices.com 23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
14	data.adop.cc	compass.adop.cc www.teamblind.com
13	d2u3dcdbebyaiu.cloudfront.net	www.teamblind.com
12	s0.2mdn.net	www.teamblind.com 23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com s0.2mdn.net ad.doubleclick.net 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
12	compass.adop.cc	www.teamblind.com compass.adop.cc
10	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
9	uswwwnotifier.teamblind.com	www.teamblind.com
8	ib.adnxs.com	5 redirects googleads.g.doubleclick.net
8	googleads.g.doubleclick.net	pagead2.googlesyndication.com dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com www.teamblind.com 23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
7	adopdmp.adop.cc	compass.adop.cc
6	googleads4.g.doubleclick.net	www.teamblind.com ad.doubleclick.net
6	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net
5	tps.doubleverify.com	cdn.doubleverify.com
4	tps20519.doubleverify.com	6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
4	tps20520.doubleverify.com	dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
4	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
4	adservice.google.de	pagead2.googlesyndication.com securepubads.g.doubleclick.net
3	tps20241.doubleverify.com	cdn.doubleverify.com
3	tps20246.doubleverify.com	cdn.doubleverify.com
3	tps20234.doubleverify.com	cdn.doubleverify.com
3	tps20239.doubleverify.com	cdn.doubleverify.com
3	tps20226.doubleverify.com	cdn.doubleverify.com
3	ap.lijit.com	3 redirects
3	static.criteo.net	compass.adop.cc www.teamblind.com
3	www.google.com	www.teamblind.com dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com 23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com
3	www.google-analytics.com	www.teamblind.com www.google-analytics.com
2	c1.adform.net	2 redirects
2	ssbsync.smartadserver.com	2 redirects
2	rtb.openx.net	2 redirects
2	x.bidswitch.net	2 redirects
2	pixel-sync.sitescout.com	23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
2	ad.doubleclick.net	www.googletagservices.com
2	rtb2.doubleverify.com	cdn.doubleverify.com
2	cdn3.doubleverify.com	cdn.doubleverify.com
2	d.agkn.com	dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
2	6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	bidder.criteo.com	static.criteo.net
2	www.facebook.com	www.teamblind.com connect.facebook.net
2	tr.outbrain.com	amplify.outbrain.com www.teamblind.com
2	connect.facebook.net	www.teamblind.com connect.facebook.net
1	ade.googlesyndication.com
1	gum.criteo.com	static.criteo.net
1	tr.blismedia.com	6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
1	a.rfihub.com	6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
1	p.rfihub.com	1 redirects
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	s0.2mdn.net
1	ups.analytics.yahoo.com	1 redirects
1	match.adsrvr.org	dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
1	um.simpli.fi	1 redirects
1	cms.quantserve.com	dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
1	pr-bh.ybp.yahoo.com	1 redirects
1	gcm.ctnsnet.com	1 redirects
1	www.google.de	www.teamblind.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	px.ads.linkedin.com	www.teamblind.com
1	s3.amazonaws.com	www.teamblind.com
1	amplify.outbrain.com	www.teamblind.com
1	snap.licdn.com	www.googletagmanager.com
1	teamblindstatics.s3.ap-northeast-1.amazonaws.com	www.teamblind.com
1	www.googletagmanager.com	www.teamblind.com
1	links98.mixmaxusercontent.com	1 redirects
338	70

This site contains links to these domains. Also see Links.

Domain
www.rooftopslushie.com
www.facebook.com
instagram.com
twitter.com
medium.com
us.teamblind.com
news.ycombinator.com

Subject Issuer	Validity	Valid
teamblind.com Amazon	`2021-02-10` - `2022-03-11`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.s3-ap-northeast-1.amazonaws.com DigiCert Baltimore CA-2 G2	`2020-08-27` - `2021-09-01`	a year	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2021-02-22` - `2022-02-21`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
*.outbrain.com DigiCert SHA2 Secure Server CA	`2020-03-09` - `2021-06-08`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-02-10` - `2021-05-10`	3 months	crt.sh
s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2020-08-04` - `2021-08-09`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-01-06` - `2021-07-05`	6 months	crt.sh
*.adop.cc Amazon	`2020-10-24` - `2021-11-22`	a year	crt.sh
*.googleadservices.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.google.de GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
www.google.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
www.google.de GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-04-14` - `2021-07-12`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-04-14` - `2021-07-12`	3 months	crt.sh
*.googleusercontent.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.doubleverify.com DigiCert SHA2 Secure Server CA	`2021-01-10` - `2022-01-17`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.agkn.com RapidSSL RSA CA 2018	`2020-07-25` - `2022-09-18`	2 years	crt.sh
*.doubleclick.net GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.sitescout.com RapidSSL RSA CA 2018	`2020-01-15` - `2022-02-02`	2 years	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.rfihub.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-18` - `2022-06-18`	2 years	crt.sh
tr.blismedia.com GTS CA 1D2	`2021-03-03` - `2021-06-01`	3 months	crt.sh

This page contains 45 frames:

Primary Page: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Frame ID: ABB6196E9E70DA3C40BFA59CE93E4D25
Requests: 88 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210413/r20190131/zrt_lookup.html
Frame ID: F892CA0BC252AFE8438C95D8A0935295
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&adk=1812271804&adf=3025194257&lmt=1618517219&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.teamblind.com%2Fpost%2Ffull-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7%3Futm_source%3Dmixmax%26utm_medium%3Demail%26utm_campaign%3Dtrending%26utm_content%3Dwho%2527shiring%26utm_content%3Dexplainationgme&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618517218985&bpp=6&bdt=1082&idt=179&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=366572638195&frm=20&pv=2&ga_vid=1620706719.1618517219&ga_sid=1618517219&ga_hid=1886702275&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079&oid=3&pvsid=2689970682305708&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&dtd=198
Frame ID: DA791311353330AAAB9EAE81D4F5E437
Requests: 1 HTTP requests in this frame

Frame: https://compass.adop.cc/RE/474d5ace-ea34-4e47-bde6-b87fddf21d92?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=474d5ace-ea34-4e47-bde6-b87fddf21d92&type=re&loc=&rnd=eTB&percentage=false&size_width=728&size_height=90&
Frame ID: 6377A1FC45294AD0F5D6DB774FAC319B
Requests: 5 HTTP requests in this frame

Frame: https://compass.adop.cc/RE/c4f33366-ecd8-4dca-a7ed-3a8756afe75d?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=c4f33366-ecd8-4dca-a7ed-3a8756afe75d&type=re&loc=&rnd=9VU&percentage=false&size_width=728&size_height=90&
Frame ID: 07B1231F097D69AD2E28DE88A084ADD2
Requests: 5 HTTP requests in this frame

Frame: https://compass.adop.cc/RE/cbfa48e2-a6cd-4433-8ac4-ba40ae05cb0c?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=cbfa48e2-a6cd-4433-8ac4-ba40ae05cb0c&type=re&loc=&rnd=t5r&percentage=false&size_width=160&size_height=600&
Frame ID: C47D9DEDBC4F2895D12D4E37CB7B480A
Requests: 5 HTTP requests in this frame

Frame: https://compass.adop.cc/RE/52fce88e-1ea1-4a0e-b29c-442d551e5a48?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=52fce88e-1ea1-4a0e-b29c-442d551e5a48&type=re&loc=&rnd=G9D&percentage=false&size_width=728&size_height=90&
Frame ID: 38CE486EEAF8ED555D386C44C2E40A35
Requests: 9 HTTP requests in this frame

Frame: https://compass.adop.cc/RD/787308ee-7ead-4a7a-85c9-ed795ccd976b?over-size=auto&over-size-w=null&over-size-h=null&over-zone=%7B%22468x60%22%3A%22b18156ad-ce0f-417a-986c-c5369b0194b3%22%2C%22728x90%22%3A%22787308ee-7ead-4a7a-85c9-ed795ccd976b%22%7D&adop-zone=f269fcc7-40e7-447d-bbd4-ade6f4ee075f&size_width=728&size_height=90&type=rs&loc=&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=&
Frame ID: 9DED6F8C4E68C2C0CFCFFF73DBFFE0AD
Requests: 15 HTTP requests in this frame

Frame: https://compass.adop.cc/RE/c43b3ec1-d378-4c3d-8caf-6a6f1edfa27f?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=c43b3ec1-d378-4c3d-8caf-6a6f1edfa27f&type=re&loc=&rnd=bpI&percentage=false&size_width=160&size_height=600&
Frame ID: E0908D94E47F22732022310F3FD51919
Requests: 15 HTTP requests in this frame

Frame: https://compass.adop.cc/assets/js/adop/adop.js?v=14
Frame ID: 88FC5D77A7FC5569A5B548448F16204B
Requests: 1 HTTP requests in this frame

Frame: https://compass.adop.cc/RD/47dd25ee-f82d-4382-984e-e860109a0124?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=47dd25ee-f82d-4382-984e-e860109a0124&type=js&loc=&size_width=728&size_height=90&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=&
Frame ID: BE4222B047BD1CAEA275D4444340340E
Requests: 15 HTTP requests in this frame

Frame: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Frame ID: 61008C34A8BBB2F4A772358B6CC1806B
Requests: 30 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COXQcRCUpr-RAhjA9aigATAB&v=APEucNWENkHyt49a-P-rDHRMEShNpVeBjhSfxqhF8km6K9qtxqWDNVOT0XlQYl9UXStzLk8PjrSwCYKTdMAdrrooDtIKxb2p2_ZiDWw7A_lksGLstLQ_zDY10HVNkdVBO8tIPnFrZcPL5ns2Ultab7tg7DnHTRoIl6Ll1A69ntv7ILx6nkMofd0Pg9jlib5g-p2Wb-DgDUYopx307e4izMTt17PgK32WcQ
Frame ID: F29A11C031857B3312F7511013A5EAA7
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: CAF7C6C128241DFFB0A67442E9FA11E0
Requests: 2 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements1165.js
Frame ID: 61135586E5A5C238BD778425385CCBD8
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8086508FD9C88F3AAE5ED3B2B7B12725
Requests: 3 HTTP requests in this frame

Frame: https://cdn3.doubleverify.com/bst2tv3.html
Frame ID: 085E4B2CCAD672A76DB4B73EC95405C9
Requests: 1 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-match6.js
Frame ID: 82E8773162F329FACFF1CD8003ED4777
Requests: 1 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/t2tv7.html
Frame ID: 2D19B04E629269659B6F38E53F467493
Requests: 1 HTTP requests in this frame

Frame: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Frame ID: 0F690C54A49AC6336040F8B0558F919F
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIT8cxCYy3sYt63YowEwAQ&v=APEucNUsPNZNvcwR7V_vMPTtwoHWm_A29KoaTlxGK5FpAlGTv_QXK9ZvnGnrRJq_0UDP2GwEZO0ZcFeBxOLLuT4hpaQOYlWULxLHN3IxDgGb25OhmgE2cImji6Rp4Va4o5y3npy3xOV_PCX6CqxljSC5LxssMLRpdnRROK0NkRAi1F4ZF8cG1hVR68AIzOUhV-raXCOWVlrReG0rqgRLAft5hujTw0Yndg
Frame ID: 05899504C1C0FD43E836A8BEF270F682
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 04F1EDD45229E42FB693408C8B681C75
Requests: 2 HTTP requests in this frame

Frame: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4
Frame ID: 984922DBCD87AFCBBB7A7927CCC005BA
Requests: 28 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COXQcRDc2YSLAhilqNWiATAB&v=APEucNW84jQkw5XQiy8qZUci6nzWjV-c6pY7-kax3ddqdEd0WbkE0C5Y849brNO3WPNHaJ4O7GHhHpDIKUXjt9tgP9fn3aeP0NPT11Xt-EKtOGJc3Xttmg_spe1DoBuXdtyWRMDEG55oyxy2elFYMdcY6Du5Z14bIF2O4OWci6UeIAJ8TqiBQhpFcCTQwAMzdW9OPa80kSmHG9htrcDwkg2bRPOUswilLw
Frame ID: A328C28D371E8B4D2D44DE25BF4C1F24
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 99E7B8054CF4A948485AD8BBE0BA1E84
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 4D005D32135397BDDC72A4002517BDA4
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: A91495F0EA5C8DB5CC1BE16AC56FA5EF
Requests: 3 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements1165.js
Frame ID: 084819C2706D21DCF4A543EBC1F0C900
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 8A972C696DF47E49BED08506515747DC
Requests: 9 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements1165.js
Frame ID: E98C65F7B1F083157405B7BC33FCCED0
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 80728C3637DBBEAEE2F673D76EA3BE2A
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: A4287D726CCBA1B9218C321399FE6856
Requests: 3 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/t2tv7.html
Frame ID: 59C338ED95CF5FC76B683D0696F8807F
Requests: 1 HTTP requests in this frame

Frame: https://cdn3.doubleverify.com/bst2tv3.html
Frame ID: 8D97951F614633B34A990CA4EE8C78FE
Requests: 1 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-match6.js
Frame ID: 4D9426C5CBCDFDBE28587233252DA675
Requests: 1 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/t2tv7.html
Frame ID: 7F0FF1F0540EC85A3EB38EDB9AB7F582
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/8219976/1617792613789/index.html
Frame ID: F4DDA383176A1FB2D50ED81C0E64C92E
Requests: 8 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements1165.js
Frame ID: 1E559B6712DDB223E7B7117E909738A0
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: A2E92421CBC8A87E0063A339198365BF
Requests: 8 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements1165.js
Frame ID: F58E578B9F8CF783CADF1361C56C3139
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 373A8D9D2469FBE7579A2D3862AD9AE8
Requests: 3 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/t2tv7.html
Frame ID: 2E71D8B0ADF32EB28286FA084006B516
Requests: 1 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/t2tv7.html
Frame ID: E13A1A1685F01A0E2E2B41FA6E2652EC
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=www.teamblind.com
Frame ID: 04473D0DF1C6CF88D0C6C73D9A467B52
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 0662924C40CBEFBA7B5D56EB14F2FCAA
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://links98.mixmaxusercontent.com/5edee1868f49b1002047f083/l/K3Vr4tqU3qt2twZdX?messageId=QLvIy7WqbxhzAZxrS&rn=... HTTP 302
https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=... Page URL

Detected technologies

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Amazon Cloudfront (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

338
Requests

100 %
HTTPS

47 %
IPv6

40
Domains

70
Subdomains

55
IPs

10
Countries

3990 kB
Transfer

12028 kB
Size

12
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://www.rooftopslushie.com/
Title: Rooftop Slushie BI Rooftop Slushie Get Referrals to FAANG

Search URL Search Domain Scan URL

URL: https://www.facebook.com/BlindApp
Title: Facebook

Search URL Search Domain Scan URL

URL: https://instagram.com/teamblind
Title: Instagram

Search URL Search Domain Scan URL

URL: https://twitter.com/TeamBlind
Title: Twitter

Search URL Search Domain Scan URL

URL: https://medium.com/@BlindApp
Title: Medium

Search URL Search Domain Scan URL

URL: https://us.teamblind.com/setting/privacy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://us.teamblind.com/setting/term
Title: Terms

Search URL Search Domain Scan URL

URL: https://news.ycombinator.com/submitlink?u=https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme&t=Full%20explanation%20of%20the%20GME,%20RH,%20and%20Citadel%20debacle
Title: hacker news

Search URL Search Domain Scan URL

URL: https://news.ycombinator.com/item?id=25950659.
Title: https://news.ycombinator.com/item?id=25950659.

Search URL Search Domain Scan URL

URL: https://medium.com/@teamblind
Title: Medium

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://links98.mixmaxusercontent.com/5edee1868f49b1002047f083/l/K3Vr4tqU3qt2twZdX?messageId=QLvIy7WqbxhzAZxrS&rn=&re=ISbvNmLzV2YyV3bzVmchdmchRHQu92cuh2bq5mI&sc=false HTTP 302
https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 158

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELtmbL4PHcWZrgzLBUdPP1s&google_cver=1

Request Chain 159

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YHic5ijBKizM4SkU48VleQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELtmbL4PHcWZrgzLBUdPP1s&google_cver=1

Request Chain 160

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOaqqDEUzQu46RuODLL_u9k&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEOaqqDEUzQu46RuODLL_u9k%26google_cver%3D1

Request Chain 161

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzYxNjU3ODg4OTIzMzE4NzIwMQ%3D%3D

Request Chain 200

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECZ1nDDgYoXSiL9qBFPl9KM&google_cver=1

Request Chain 201

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YHic5ijBKizM4SkU48VleQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECZ1nDDgYoXSiL9qBFPl9KM&google_cver=1

Request Chain 202

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOYKI12jR9PP_5vE93Mi3d4&google_cver=1

Request Chain 203

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjU1ODkwNzA3MDIyMDc3NDQ3OA%3D%3D

Request Chain 234

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECZ1nDDgYoXSiL9qBFPl9KM&google_cver=1

Request Chain 235

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YHic5ijBKizM4SkU48VleQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECZ1nDDgYoXSiL9qBFPl9KM&google_cver=1

Request Chain 236

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOYKI12jR9PP_5vE93Mi3d4&google_cver=1

Request Chain 237

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjU1ODkwNzA3MDIyMDc3NDQ3OA%3D%3D

Request Chain 243

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEF_Qr3CMrs5VdZ2_6V8kYmo&google_cver=1&google_push=AQvitULQ86fWfYR47FYiobwpn2xFY8KPHs0ODGECDmTh0zjPD7eW16eV13dm0eVcwzeyOtUDaKYmTlgFkXFVDHezY7iTpyJ7h3mpsg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AQvitULQ86fWfYR47FYiobwpn2xFY8KPHs0ODGECDmTh0zjPD7eW16eV13dm0eVcwzeyOtUDaKYmTlgFkXFVDHezY7iTpyJ7h3mpsg&google_hm=80utJWhAQLCqWnPnIlVvSsk

Request Chain 244

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESECZAzA442lZ4rag5c0CGaPs&google_cver=1&google_push=AQvitULDzn7SEA7uEkwUnByx0bh6-l2nr96PZD3Bqzib6NwvfE8In-vNO7D8psE7nI8j2xUylh7vlXH-ra3_n7JgZnZ2ZbUrn5A7EQ HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESECZAzA442lZ4rag5c0CGaPs&google_cver=1&google_push=AQvitULDzn7SEA7uEkwUnByx0bh6-l2nr96PZD3Bqzib6NwvfE8In-vNO7D8psE7nI8j2xUylh7vlXH-ra3_n7JgZnZ2ZbUrn5A7EQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AQvitULDzn7SEA7uEkwUnByx0bh6-l2nr96PZD3Bqzib6NwvfE8In-vNO7D8psE7nI8j2xUylh7vlXH-ra3_n7JgZnZ2ZbUrn5A7EQ&google_hm=WxtKV7KETMygn_RrNh4OYg==

Request Chain 245

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESENJwxKylWXT31IJLyliy5pg&google_cver=1&google_push=AQvitUKdK_Bv0Hsat11aOLv1mZmqKV1PXimd31Cn-Y307D10UmQHfcENSJuS52DJ-zfG74chfNmO-YhZ0qUGicxLbBmdI4sjeSDw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUKdK_Bv0Hsat11aOLv1mZmqKV1PXimd31Cn-Y307D10UmQHfcENSJuS52DJ-zfG74chfNmO-YhZ0qUGicxLbBmdI4sjeSDw&google_hm=NzcwMzYxMzA4NzU1MTQyMTI0MQ%3D%3D

Request Chain 246

https://rtb.openx.net/sync/dds?google_gid=CAESENzumT9bklWqePZd-CAX6dM&google_cver=1&google_push=AQvitUIqPA6Lan0AMWkj-zCUCDMrIlifXQvZYkL4wjnoKEtyWrnyIxe_Ckx2jxFHCllVQ27vzrE0jT5g0gOjaSduJ-D__XTxFEo4ew HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESENzumT9bklWqePZd-CAX6dM&google_cver=1&google_push=AQvitUIqPA6Lan0AMWkj-zCUCDMrIlifXQvZYkL4wjnoKEtyWrnyIxe_Ckx2jxFHCllVQ27vzrE0jT5g0gOjaSduJ-D__XTxFEo4ew&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIqPA6Lan0AMWkj-zCUCDMrIlifXQvZYkL4wjnoKEtyWrnyIxe_Ckx2jxFHCllVQ27vzrE0jT5g0gOjaSduJ-D__XTxFEo4ew&google_hm=oeNmmxzkxeMR-AMSldu8KQ==

Request Chain 247

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEPsCgDE-iFnaysaTxdY7bI0&google_cver=1&google_push=AQvitUI_xKHQokAvWMYLX5VqGT0gTkkIkx8KmlEBjtiE54OMJtHSu8PyxrBosooLRtl_VpNSOTwwEwhaCYhmUTG_Tv1hN-zngEOL HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEPsCgDE-iFnaysaTxdY7bI0&google_cver=1&google_push=AQvitUI_xKHQokAvWMYLX5VqGT0gTkkIkx8KmlEBjtiE54OMJtHSu8PyxrBosooLRtl_VpNSOTwwEwhaCYhmUTG_Tv1hN-zngEOL&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AQvitUI_xKHQokAvWMYLX5VqGT0gTkkIkx8KmlEBjtiE54OMJtHSu8PyxrBosooLRtl_VpNSOTwwEwhaCYhmUTG_Tv1hN-zngEOL&google_hm=69c6658fc7621916306cfc80

Request Chain 260

https://um.simpli.fi/gp_match?google_gid=CAESEFDju4L7fMZeXpoqO13o6PY&google_cver=1&google_push=AQvitUKcK2LiOKtbFjN2LzJ7rpa4teX4vjnpVpnifPQ-r4Srm6zA0ttgs5U8xcu9oB_jREuwLyzsbIA-a35XI1nJV4W4t9w1O0Au HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=8A31A042950D48848F229C054D661691&google_push=AQvitUKcK2LiOKtbFjN2LzJ7rpa4teX4vjnpVpnifPQ-r4Srm6zA0ttgs5U8xcu9oB_jREuwLyzsbIA-a35XI1nJV4W4t9w1O0Au

Request Chain 264

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEBa3Qk56eMC22H0caqXSzzk&google_cver=1&google_push=AQvitUL5jv_Hs8gi4AQwIHGU5SRTVc451mADgvB1PC8RiNhcDc0A4iql-gYf_2uDCPQphoTISauqwLeXSjm6LqjiZ9SqD_7hns_p HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AQvitUL5jv_Hs8gi4AQwIHGU5SRTVc451mADgvB1PC8RiNhcDc0A4iql-gYf_2uDCPQphoTISauqwLeXSjm6LqjiZ9SqD_7hns_p&google_hm=MjA2MDY3ODg4NDQ5Mjg2NzUxNQ%3D%3D

Request Chain 265

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEAJTwFrRifQPqErPv03mpeE&google_cver=1&google_push=AQvitULMWZ71IPmH5CMSmQwGocTRhNeKE7Ax-Fu-_cjaGQOZQcTjhI7UXik5098CPotr8QEXC5Li5dUhM42w7ymG7wdS0tMMQAiR HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS0yX1FzS3JSRTJ1SHhfYUU5XzR6QkhLWHFlM2I3R3kucX5B&google_push=AQvitULMWZ71IPmH5CMSmQwGocTRhNeKE7Ax-Fu-_cjaGQOZQcTjhI7UXik5098CPotr8QEXC5Li5dUhM42w7ymG7wdS0tMMQAiR

Request Chain 303

https://p.rfihub.com/cm?in=1&pub=445&google_gid=CAESEOOVZZSy0bMzsHbljfBhGgI&google_cver=1&google_push=AQvitUJOnk4Xa3vkd2RhO2xMi_vI7zP1gt_eIqfPtGiOmo4j5kl_VE7zNynYky2RNgmQweusHyEYBP63WmyqTXkjucLuyf7JizQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AQvitUJOnk4Xa3vkd2RhO2xMi_vI7zP1gt_eIqfPtGiOmo4j5kl_VE7zNynYky2RNgmQweusHyEYBP63WmyqTXkjucLuyf7JizQ&google_hm=MTAwMTcyOTc5NDE5MzMyMDI5MA== HTTP 302
https://a.rfihub.com/cm?pub=445&google_error=5

Request Chain 305

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKESIukbvoHw7LVJxpTfY14&google_cver=1&google_push=AQvitULBZUW3-ntYA4QIbK4Eih2fdqKh_NmuvY6UWJli-HtmnAnXNSue6-ucObOZTixB7qmbO0pTdsxRk7Uf5TJSbVgWQh1qe_k HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEKESIukbvoHw7LVJxpTfY14&google_cver=1&google_push=AQvitULBZUW3-ntYA4QIbK4Eih2fdqKh_NmuvY6UWJli-HtmnAnXNSue6-ucObOZTixB7qmbO0pTdsxRk7Uf5TJSbVgWQh1qe_k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjM5NDA3ODMwMzQ2NDcyMjk3Mw&google_push=AQvitULBZUW3-ntYA4QIbK4Eih2fdqKh_NmuvY6UWJli-HtmnAnXNSue6-ucObOZTixB7qmbO0pTdsxRk7Uf5TJSbVgWQh1qe_k

Request Chain 306

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEIZboDpQNj12VRwdezEYT8o&google_cver=1&google_push=AQvitULdj8-igxcdEs6iZGZNxTVLYKS3cDCLOWoUeqTBhbhyi-Nsgp08wCno5NKaeWfvelnFJjjVXvJy-evFiAjmvV0Lv09TbYk HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AQvitULdj8-igxcdEs6iZGZNxTVLYKS3cDCLOWoUeqTBhbhyi-Nsgp08wCno5NKaeWfvelnFJjjVXvJy-evFiAjmvV0Lv09TbYk&google_hm=69c6658fc7621916306cfc80

Request Chain 307

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEPUKEdbjQ9iaPgpUzzjEmlM&google_cver=1&google_push=AQvitUJPklXFgSCO1c35CgeyuHU07OxjCAD_HOLl-O1w4DmheT-Qv31UJbqb1Roe-qpP-ewOG3buhz68kZymeTtzGuT8yGsTIsE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AQvitUJPklXFgSCO1c35CgeyuHU07OxjCAD_HOLl-O1w4DmheT-Qv31UJbqb1Roe-qpP-ewOG3buhz68kZymeTtzGuT8yGsTIsE&google_hm=MjA2MDY3ODg4NDQ5Mjg2NzUxNQ%3D%3D

338 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7 Show response
www.teamblind.com/post/
Redirect Chain

https://links98.mixmaxusercontent.com/5edee1868f49b1002047f083/l/K3Vr4tqU3qt2twZdX?messageId=QLvIy7WqbxhzAZxrS&rn=&re=ISbvNmLzV2YyV3bzVmchdmchRHQu92cuh2bq5mI&sc=false
https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainatio...

217 KB
38 KB

1405ms
1327ms

Document
text/html

99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

fcaa388452305a1fbfa2305fa10aa3739704956fc0b82a20bafa76cbd3ed68ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.teamblind.com
:scheme: https
:path: /post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Thu, 15 Apr 2021 20:06:57 GMT
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=5184000; includeSubDomains
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: same-origin
x-xss-protection: 1; mode=block
etag: "3659e-WpEmsTBvFJxX6HucBGaP5wWRYAc"
accept-ranges: none
vary: Accept-Encoding
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL52-C1
x-amz-cf-id: oH3cWnXMpMzjYBnMnAiuiAXW15uSRTQHy_aUGDPUFQG8lxWKarGjWA==

Redirect headers

date: Thu, 15 Apr 2021 20:06:56 GMT
content-type: text/html; charset=utf-8
content-length: 478
location: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
x-robots-tag: noindex, nofollow
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=7200
content-security-policy: frame-ancestors 'self' https://*.mixmax.com chrome-extension://ocpljaamllnldhepankaeljmeeeghnid chrome-extension://iepajgdflhljdlfldkfbikiiaiahimjl https://mail.google.com https://inbox.google.com https://*.force.com https://*.salesforce.com; frame-src; report-uri /csp-violation
referrer-policy: no-referrer
cache-control: no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0
x-ratelimit-limit: 100
x-ratelimit-reset: 1618603593
x-ratelimit-remaining: 94
vary: Accept, Accept-Encoding

GET
H2 200 c6b3bcfbca640f0cf2b1.js Show response
www.teamblind.com/_nuxt/ 8 KB
3 KB 36ms
35ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

d94fd083706070305d8283c037e8d06e82cd891d2100d313073226114ebb481a

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/c6b3bcfbca640f0cf2b1.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:11:53 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212104
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:32 GMT
x-frame-options: SAMEORIGIN
etag: W/"20be-178ca7f229d"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: Pz30TugWuUZxgWKdySbbWABBPC9YxR5U7QisvJRTxMzg2mD4oakKUQ==

GET
H2 200 af446fab3a380652e754.js Show response
www.teamblind.com/_nuxt/ 191 KB
66 KB 67ms
65ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/af446fab3a380652e754.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

1b441c58d9eca505d906bae067895b62fdfc6916fcedaf35dff03badbad6bb57

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/af446fab3a380652e754.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:11:53 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212104
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:43 GMT
x-frame-options: SAMEORIGIN
etag: W/"2facd-178ca7f4c5b"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: 0nkb3PMyj0k-iw6dk9HZf1PuFz9ugWekcXfJUopzkgvbmLHBHYtddw==

GET
H2 200 c15ae5eeabcffb56ce7a.js Show response
www.teamblind.com/_nuxt/ 1 MB
385 KB 83ms
81ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/c15ae5eeabcffb56ce7a.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

6fb69481ea7b123e0f401570d39621586a0213ead61855be488ab5aeb945b5b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/c15ae5eeabcffb56ce7a.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:11:53 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212104
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:36 GMT
x-frame-options: SAMEORIGIN
etag: W/"169799-178ca7f3221"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: M-XOKLsKmEsLxH3r88ljeZ2ITs7zOORl2X_UUUoG1vDNm9acCKEgdA==

GET
H2 200 7e434926e2c070fb4d99.css
www.teamblind.com/_nuxt/ 896 KB
113 KB 42ms
41ms Stylesheet
text/css 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/7e434926e2c070fb4d99.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

ae7d05618d5b0db7b893212ff02b6f0ff33c4a0dfc9184f008c5b6def805d0ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/7e434926e2c070fb4d99.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:11:53 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212104
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:32 GMT
x-frame-options: SAMEORIGIN
etag: W/"dfff8-178ca7f2095"
x-download-options: noopen
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: MNx2ptT7t_SROpYM67RFeL9SNGIvlufJS3MKQpLG5FaSRuu6NGmD1A==

GET
H2 200 630732b05e14a94bcf9d.js Show response
www.teamblind.com/_nuxt/ 328 KB
82 KB 75ms
74ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/630732b05e14a94bcf9d.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

53280905b2db2aa2c72a68c4dc4c3e63d640fc581343f26842e830ed8866206c

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/630732b05e14a94bcf9d.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:11:53 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212104
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:34 GMT
x-frame-options: SAMEORIGIN
etag: W/"52187-178ca7f295d"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: Cs99Mm4Gd_oQa2Le3vl45WU2er91bZT6FlobXDboYl6Kp0L3xu19bw==

GET
H2 200 92082029542712d22845.js Show response
www.teamblind.com/_nuxt/ 80 KB
20 KB 104ms
103ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/92082029542712d22845.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

32200079af3431dac0a17d4fc12fefa2f8f598be001d9b36cf0f4c76fca4ed3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/92082029542712d22845.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:11:53 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212104
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:38 GMT
x-frame-options: SAMEORIGIN
etag: W/"14145-178ca7f37d5"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: NTWuq1kbt26tttRlPMOsyxNq0t7I8r_a7FXuHAKLoQlb3mpZLdhonQ==

GET
H2 200 0c450cef490b6b08b6a1.css
www.teamblind.com/_nuxt/ 285 B
739 B 74ms
73ms Stylesheet
text/css 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/0c450cef490b6b08b6a1.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

d7272d71b8b5e6750cd47d2d26bf7a8ec8c531f8aff15297c9101491bea4c26f

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/0c450cef490b6b08b6a1.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 04 Apr 2021 00:38:55 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 1020482
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 03 Apr 2021 23:39:25 GMT
x-frame-options: SAMEORIGIN
etag: W/"11d-1789a1b0549"
x-download-options: noopen
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: YSdTFOUtl5G1ijFHux6WhCnuS3ytBMO0lDKRZt0aRnoaMmzRnIAb5g==

GET
H2 200 afe86dc7d98057e5ed34.js Show response
www.teamblind.com/_nuxt/ 17 KB
5 KB 106ms
105ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/afe86dc7d98057e5ed34.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

dc2127679b8d871e3955b5209a0bbce29a6088e0ce0bb633984f98c2f3220b05

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/afe86dc7d98057e5ed34.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:11:53 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212104
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:53 GMT
x-frame-options: SAMEORIGIN
etag: W/"432a-178ca7f729b"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: gIkOLAirEL-QniKiRsJj8w-qRzfuvCybUu_CTDayel1pyHVwMpkF-A==

GET
H2 200 swiper.min.css
www.teamblind.com/swiper/css/ 19 KB
4 KB 474ms
473ms Stylesheet
text/css 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/swiper/css/swiper.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

5f07d43571a20235b2506061c9729d91179d32b8b3c75123aa8fcd45e60d7541

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /swiper/css/swiper.min.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:06:58 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
x-amz-cf-pop: TXL52-C1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 15 Apr 2021 18:54:41 GMT
x-frame-options: SAMEORIGIN
etag: W/"4d42-178d6e2a6e8"
x-download-options: noopen
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: uW72H9ITz8-mfpqFR5LhMlS0OgT7eYTgwgTB5YbO5WX7qr3T6w8ZeQ==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 145 KB
52 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KS76Q2H&l=dataLayer

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b8c57089189642eacb35c295bef554bdccb819ed773936e496c17334bfd478e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:06:57 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53504
x-xss-protection: 0
last-modified: Thu, 15 Apr 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 15 Apr 2021 20:06:57 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 134 KB
48 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca5c5368c6273b25608c7ba90b914072355b10df231585a4b2cd1e6408760f92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:06:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48579
x-xss-protection: 0
server: cafe
etag: 39710060509122384
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 15 Apr 2021 20:06:57 GMT

GET
H2 200 stickybits.min.js Show response
www.teamblind.com/js/ 6 KB
3 KB 192ms
189ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/js/stickybits.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

cec04fe7936fce4f9e63fd026c4466f66deda2e5fa9e1b6aac3bfbb18d787b04

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /js/stickybits.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:06:58 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
x-amz-cf-pop: TXL52-C1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:34 GMT
x-frame-options: SAMEORIGIN
etag: W/"1744-178ca7f28cd"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: a1rskNoGX6SiQEPE6nhHhReJxUwAXSlFd9-TB7R_eG3vKN-E5oCi7w==

GET
H2 200 swiper.min.js Show response
www.teamblind.com/swiper/js/ 125 KB
33 KB 480ms
477ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/swiper/js/swiper.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

b9c90c601bc81ad71ed8be557ff9b095de5aae947926e84011e2728cf65250a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /swiper/js/swiper.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:06:58 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
x-amz-cf-pop: TXL52-C1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:36 GMT
x-frame-options: SAMEORIGIN
etag: W/"1f3be-178ca7f322d"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: ykB2m0v3k6C8wt6SNAnylyE9bY2Now8dBXGB4wDTyCpbGvycv6OEcw==

GET
H2 200 iscroll.js Show response
www.teamblind.com/js/ 54 KB
13 KB 477ms
475ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/js/iscroll.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

2dea8a79d16c66887e8e766c7e8249d4828dc753e637f254600d2db24654d303

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /js/iscroll.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:06:58 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
x-amz-cf-pop: TXL52-C1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 15 Apr 2021 18:54:20 GMT
x-frame-options: SAMEORIGIN
etag: W/"d740-178d6e25560"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: rc-slzdSInsmu0--Dt9xen4Zmq8Eq9eGk9NVnlvx26gU5LwrN_Wo2g==

GET
H/1.1 200
OK logo_f0e9d7fa.png
teamblindstatics.s3.ap-northeast-1.amazonaws.com/img/companyPage/ 9 KB
10 KB 1039ms
280ms Image
image/png 52.219.16.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://teamblindstatics.s3.ap-northeast-1.amazonaws.com/img/companyPage/logo_f0e9d7fa.png
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.219.16.231 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-ap-northeast-1-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: d07e79e862add2cf902bd1cbfdfbfa356b5c36bbe569fa017dd7c0baa5790a30

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 20:06:59 GMT
Last-Modified: Thu, 26 Dec 2019 02:44:58 GMT
Server: AmazonS3
x-amz-request-id: NRTDV68TWKBBXAVV
ETag: "2f5203d12a82e36752115b503f74e580"
Content-Type: image/png
x-amz-version-id: jPqs1XgeoNNznqgtMm70DXtQjJPrYT0q
Accept-Ranges: bytes
Content-Length: 9615
x-amz-id-2: 6NMXfKGPE3/E83Azv1/3n6LuHTkBxhUA+qiTVwSe/g3GPOdNkuuFXbV865CZrD01ES0ToLNP9Ns=

GET
H2 200 logo_100219.jpg
d2u3dcdbebyaiu.cloudfront.net/img/companyPage/ 5 KB
6 KB 96ms
32ms Image
image/jpeg 99.84.155.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2u3dcdbebyaiu.cloudfront.net/img/companyPage/logo_100219.jpg
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.155.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-155-72.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9fda17a1f3f9bfaef174418e93302fa68dcaff37546a25d286fb3a066168e49f

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 00:08:55 GMT
via: 1.1 458f29e42261f01e7368474593f44b66.cloudfront.net (CloudFront)
last-modified: Fri, 13 Dec 2019 02:18:43 GMT
server: AmazonS3
age: 1281483
etag: "7049ae9dad4b6ec315aa07277e89fb88"
x-cache: Hit from cloudfront
x-amz-version-id: AITtcY5SGTGGkjF0lFC7FqdXeXf828t9
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-type: image/jpeg
content-length: 5528
x-amz-cf-id: TvMQvuJRC9vJAiqROmxtsYiLv85CgJysbET79WilsHvVgCzdKr3aUw==

GET
H2 200 logo_109165.jpg
d2u3dcdbebyaiu.cloudfront.net/img/companyPage/ 10 KB
10 KB 100ms
35ms Image
image/jpeg 99.84.155.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2u3dcdbebyaiu.cloudfront.net/img/companyPage/logo_109165.jpg
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.155.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-155-72.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 13d8d24d56ed11238a516563650af59e3537d6460229c777bdb43ae6e8fa33cd

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 05:07:30 GMT
via: 1.1 458f29e42261f01e7368474593f44b66.cloudfront.net (CloudFront)
last-modified: Wed, 06 May 2020 06:00:09 GMT
server: AmazonS3
age: 5410768
etag: "4bec68e3f8b72dc14adfb7b2de630b4b"
x-cache: Hit from cloudfront
x-amz-version-id: HMlSZa6NKjSk0PmaYBKGyPsrJOf5GD_N
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-type: image/jpeg
content-length: 10102
x-amz-cf-id: D_gC7R5SeSp-74nZrX6xOgh7RG_OIBES5iAmO9318SYsW-6fAz5fNw==

GET
H2 200 blind-logo.png
d2u3dcdbebyaiu.cloudfront.net/img/www/ 3 KB
4 KB 35ms
34ms Image
image/png 99.84.155.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2u3dcdbebyaiu.cloudfront.net/img/www/blind-logo.png
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/7e434926e2c070fb4d99.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.155.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-155-72.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3688ea0b958780bd7c481db25d847cdc7027b0ca122d532d9bbf000579bf3164

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 07 Mar 2021 18:36:29 GMT
via: 1.1 458f29e42261f01e7368474593f44b66.cloudfront.net (CloudFront)
last-modified: Wed, 18 Nov 2020 07:12:44 GMT
server: AmazonS3
age: 3375030
etag: "acf72d94070ecea25cd61702ade8304a"
x-cache: Hit from cloudfront
x-amz-version-id: f.TdYbeUaaCBlQB02PXbl3VTOiaYhQfk
cache-control: s-max-age=7776000, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-type: image/png
content-length: 3551
x-amz-cf-id: nqs28PFTNLzpyf_ZRTiAhVfGAbOcEk4ULV-LuAMq0nlgo1rwLcCVuw==

GET
H2 200 sp-union-onboard.png
d2u3dcdbebyaiu.cloudfront.net/img/www/ 179 KB
180 KB 35ms
34ms Image
image/png 99.84.155.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2u3dcdbebyaiu.cloudfront.net/img/www/sp-union-onboard.png?time=sep20201
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/7e434926e2c070fb4d99.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.155.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-155-72.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 98fb894f615476d2c142ab2b8dfb56035ecd9e58393bbb3feb8f067f5490d5f4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 07 Mar 2021 18:36:29 GMT
via: 1.1 458f29e42261f01e7368474593f44b66.cloudfront.net (CloudFront)
last-modified: Wed, 23 Dec 2020 07:14:35 GMT
server: AmazonS3
age: 3375029
etag: "2a7576b463332089f02fdfb341f21d77"
x-cache: Hit from cloudfront
x-amz-version-id: CJlsVrXZjEshXbBzLxYNWg3QtTb7oKp8
cache-control: s-max-age=7776000, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-type: image/png
content-length: 183225
x-amz-cf-id: Pg1npiWeuXgpw7jS3BIlMyCYPl9CfAmjjOnvambilC8HK6bpLX_xzQ==

GET
H2 200 bg-gradation.png
d2u3dcdbebyaiu.cloudfront.net/img/www/ 1 KB
1 KB 65ms
65ms Image
image/png 99.84.155.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2u3dcdbebyaiu.cloudfront.net/img/www/bg-gradation.png
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/7e434926e2c070fb4d99.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.155.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-155-72.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c1e484c08f5ca34c45c51c5e73a54369fea83e13a0fd54e880dc5841e8d89d92

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 02 Mar 2021 18:34:19 GMT
via: 1.1 458f29e42261f01e7368474593f44b66.cloudfront.net (CloudFront)
last-modified: Wed, 18 Nov 2020 07:12:44 GMT
server: AmazonS3
age: 3807160
etag: "8679a9ebcd8fcc895cead4fac9dd5d2f"
x-cache: Hit from cloudfront
x-amz-version-id: 6_hR0ANysrShYf7gVh_n6rJbcXlFnDiQ
cache-control: s-max-age=7776000, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-type: image/png
content-length: 1082
x-amz-cf-id: npAKs0jeTo9FWCUh4yrySNea1AWJP7Ihxly4AtYlMBPcH9G5FM9dvA==

GET
H2 200 bg-gradation-xs.png
d2u3dcdbebyaiu.cloudfront.net/img/www/ 6 KB
7 KB 61ms
61ms Image
image/png 99.84.155.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2u3dcdbebyaiu.cloudfront.net/img/www/bg-gradation-xs.png
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/7e434926e2c070fb4d99.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.155.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-155-72.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 53b12bb0978b2dc52d02ff9c820c4ec89fb32acf07b86737eb7d731f5841c272

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 12:53:48 GMT
via: 1.1 458f29e42261f01e7368474593f44b66.cloudfront.net (CloudFront)
last-modified: Wed, 18 Nov 2020 07:12:44 GMT
server: AmazonS3
age: 3913991
etag: "6842e1866c518de6ff9d6d91ee004747"
x-cache: Hit from cloudfront
x-amz-version-id: 8au3HjyIVNwPPW_7QSKrVfkA4JSOITob
cache-control: s-max-age=7776000, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-type: image/png
content-length: 6598
x-amz-cf-id: 94wXUm0A6x1HBtYP7XOGZyHZD3m8UbivZP5I3pjl7FkCpjiYjatSLg==

GET
H2 200 sp-company.png
d2u3dcdbebyaiu.cloudfront.net/img/www/ 26 KB
26 KB 59ms
59ms Image
image/png 99.84.155.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2u3dcdbebyaiu.cloudfront.net/img/www/sp-company.png
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/7e434926e2c070fb4d99.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.155.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-155-72.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4634a8b80b516b7224c93c4e2170929d261e6f46277040da4fccfa10179e1428

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 21 Mar 2021 21:10:00 GMT
via: 1.1 458f29e42261f01e7368474593f44b66.cloudfront.net (CloudFront)
last-modified: Wed, 18 Nov 2020 07:12:46 GMT
server: AmazonS3
age: 2156219
etag: "ea19f9358cb9ba1e8cfdc2fe06537e62"
x-cache: Hit from cloudfront
x-amz-version-id: _4iQSIsqKM2QMOhF.h0225ZGx6BvR9hp
cache-control: s-max-age=7776000, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-type: image/png
content-length: 26283
x-amz-cf-id: B9MuoEr1XX7KaZE2MimWZBOq0dC1f86cPoEGr42GALSiVLyqbjYl8A==

GET
H2 200 sp-cmp.png
d2u3dcdbebyaiu.cloudfront.net/img/www/ 233 KB
234 KB 62ms
61ms Image
image/png 99.84.155.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2u3dcdbebyaiu.cloudfront.net/img/www/sp-cmp.png?time=oct2020
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/7e434926e2c070fb4d99.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.155.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-155-72.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9b7a85aa81026897ad8e44045b19deda17aaa6edb8ac44318377d17ec57bb753

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 07 Mar 2021 21:07:04 GMT
via: 1.1 458f29e42261f01e7368474593f44b66.cloudfront.net (CloudFront)
last-modified: Wed, 24 Feb 2021 07:45:52 GMT
server: AmazonS3
age: 3365995
etag: "7f60ef1323e16b5d3e7cebbb5f0e38cc"
x-cache: Hit from cloudfront
x-amz-version-id: FsEU.s8ZTtz_sf8v2D9wZyF6.8WSDNXp
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-type: image/png
content-length: 238533
x-amz-cf-id: GWf7fCt0i2q-RLCqsRok_-74HJyO4NzpaV4fT8KvHT3WBaU0tRYZ2A==

GET
H2 200 / Show response
uswwwnotifier.teamblind.com/socket.io/ 101 B
613 B 536ms
178ms XHR
application/octet-stream 52.42.113.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://uswwwnotifier.teamblind.com/socket.io/?EIO=3&transport=polling&t=NZN9DL1
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c15ae5eeabcffb56ce7a.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.42.113.144 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-42-113-144.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: fe58c8a357e8f05d088e7046505c903d241444f23b06740bacc414532e6cd48c

Request headers

Accept: */*
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: https://www.teamblind.com
date: Thu, 15 Apr 2021 20:06:59 GMT
access-control-allow-credentials: true
content-length: 101
content-type: application/octet-stream

GET
H2 200 / Show response
uswwwnotifier.teamblind.com/socket.io/ 101 B
610 B 519ms
179ms XHR
application/octet-stream 52.42.113.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://uswwwnotifier.teamblind.com/socket.io/?EIO=3&transport=polling&t=NZN9DLN
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c15ae5eeabcffb56ce7a.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.42.113.144 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-42-113-144.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: edc568237e683ce7291b503fabd667ba40efecde7dda0309e1f6a6e31d3c5699

Request headers

Accept: */*
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: https://www.teamblind.com
date: Thu, 15 Apr 2021 20:06:59 GMT
access-control-allow-credentials: true
content-length: 101
content-type: application/octet-stream

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 10ms
9ms Script
application/x-javascript 2a02:26f0:10c:58e::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KS76Q2H&l=dataLayer
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:58e::25ea Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 20:06:58 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=69505
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

GET
H/1.1 200
OK obtp.js Show response
amplify.outbrain.com/cp/ 7 KB
3 KB 120ms
21ms Script
application/x-javascript 2.18.234.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://amplify.outbrain.com/cp/obtp.js
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-190.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: e15eca5878352d8972f4e93b9aed80e34860514c23bfe9ee0a01767a291cf28a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 20:06:58 GMT
Content-Encoding: gzip
Last-Modified: Mon, 22 Mar 2021 12:03:44 GMT
Server: AkamaiNetStorage
ETag: "c43e7f1b0459d05cce32768dd16af59b:1616414624.063318"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=1200
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2864
Expires: Thu, 15 Apr 2021 20:26:58 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 92 KB
24 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9ddca568ff519cd935a816baec6f7bfce459656ec5022ec2ba6a6225891022eb

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23960
x-fb-rlafr: 0
pragma: public
x-fb-debug: D8F1eApCtevH+dePTBSkoMl2AxiKMceu+H/T+OxxL0YTqVRQEpNftU4WKpcXaaRpspQB9CprD7azo/ZQfAVlqg==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Thu, 15 Apr 2021 20:06:58 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK trackpush.min.js Show response
s3.amazonaws.com/cdn.aimtell.com/trackpush/ 46 KB
13 KB 411ms
113ms Script
text/javascript 52.217.18.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/cdn.aimtell.com/trackpush/trackpush.min.js
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.18.110 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 0d706be32ab771038880beeb037bbe46a7310f00e4cb993112ae5194a2bc49a2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 20:07:00 GMT
Content-Encoding: gzip
Last-Modified: Tue, 13 Apr 2021 22:04:58 GMT
Server: AmazonS3
x-amz-request-id: RMH66CEECDW7AXMY
ETag: "7c470f6f9dee49c6093f99bb32c445bc"
Content-Type: text/javascript
Cache-Control: max-age=86400
Accept-Ranges: bytes
Content-Length: 12955
x-amz-id-2: fKwhbR1Xt0Oa+hjWPCtNHzA5oWC+2xy153pZgI3vGQZ4W6vDut/8tlC0IRq+zwFqcyvwJmWKQl8=

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/630732b05e14a94bcf9d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 19 Mar 2021 19:22:18 GMT
server: Golfe2
age: 809
date: Thu, 15 Apr 2021 19:53:29 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19463
expires: Thu, 15 Apr 2021 21:53:29 GMT

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210413/r20190131/ 222 KB
83 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210413/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4146116731128638&plah=www.teamblind.com&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

99fcd335db15dc4bc00ae60c1c2e70a332743edf8b7e36d39efb1f9a22fb65ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:06:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84687
x-xss-protection: 0
server: cafe
etag: 14512549901555226033
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 15 Apr 2021 20:06:58 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210413/r20190131/ Frame F892 10 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210413/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210413/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 15 Apr 2021 14:43:24 GMT
expires: Thu, 29 Apr 2021 14:43:24 GMT
content-type: text/html; charset=UTF-8
etag: 10446291943670460780
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4644
x-xss-protection: 0
age: 19414
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 tcSamples Show response
www.teamblind.com/api/salary/ 698 B
2 KB 485ms
483ms XHR
application/json 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/api/salary/tcSamples

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/af446fab3a380652e754.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

34bdd0318860430860853f8e2000dc329cb5f4f2938e259a9efab81ced5f0fe6

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.teamblind.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _gcl_au=1.1.1426247164.1618517219
content-length: 358
:path: /api/salary/tcSamples
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json;charset=UTF-8
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: application/json, text/plain, */*
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Thu, 15 Apr 2021 20:06:59 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: TXL52-C1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
content-length: 698
x-xss-protection: 1; mode=block
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
etag: W/"2ba-R9LJTTbajW4WtBIAnaO2xyRyoVs"
x-download-options: noopen
strict-transport-security: max-age=5184000; includeSubDomains
content-type: application/json; charset=utf-8
set-cookie: bl_session=eyJub3dJbk1pbnV0ZXMiOjI2OTc1Mjg2LCJwdWJLZXkiOiItLS0tLUJFR0lOIFBVQkxJQyBLRVktLS0tLVxuTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUExaFZUeVhRWThDSWNOMGRpYXVWYlxuK2VtaDgyb1ZnOTdidkZPdlRteFpYeDkrNVlwOTdlYmlKNW12V0tueVIraU9FKytoM2U5amZBdVU2UjZVaksrSlxudGRQZjJBM2pNNWNXaXJWcFlSa3ZoeURpV3E5bkoyUFl1cTFUVDJUUjJFSGxpaEFDNEdyWUh2dldBU29CZnBUalxuRjVYcUNaL1A5NU9EYzRuU1lRcGFOekV1dFdPS3RsS1N0cDVXLzBEREg0RDB4eFlpQW9wZ0dTV1c5MURUS0FwV1xuSGtBWDFIZ1Uvcm92N3FLOFNOUk1Ud1BISUdhSXh3Z0JUcUZUS3BNMGNpUjVBejZ1b3JVdDh5T0FYb0JiM20zRlxuQ0tOR3V4ak85TlJqVDVwNmhocThGYVM3YmdlbllqclFXQ1hsMG9xM3FmMXFMai9HVmJCOVlQUy9DOHpZRHRBcVxuendJREFRQUJcbi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLVxuIiwia2V5IjoicVpMSElaNE0iLCJ6bCI6IlVNOFlzV1NlZDRlWG04ZnpMb1JBREp3MjU0OWZlMDFqbVlEelNET0o0bllRdElLaVNTM1dZNm9XV05XN05aSVRaakhXcXlmNU5FS0dQOUFQZEtZcGhxYU5GM1prMW5yMjRiQ0Fsazd6UXFQMjhXdGZpQThKVlh4WnBLcWEzVHRaaWNqQnBid3FaWUpWeWhjWDVzZkZYcDdaWE03SjJSUXlNbkdDSEJSR2V0ZXZ5dVpCOEozWEdhNkFrNGpjRzBRc0xNMVlTcnBwb0lxRzNHWEdqV2Q2ZVVVZlBubE9HWEU3UGltVFJxYXNwL1Q1OGhpb1lTRnY2RjFEdTRZL240Nkd2NkZsa0NXMU4yY2ZpOWYrZktEVXMxUmc2cUhMYXRCMTFXSEpkYXVVT0J2NTEvNm1LZzJhMVdva2p0ZnpXZlRuUjFQcG1YOVlieDdKMktTa2Z6WnBrUT09In0=; path=/; expires=Thu, 29 Apr 2021 20:06:59 GMT; httponly bl_session.sig=eZZqj-lMp-zzsqw1JbqAKWTmDh0; path=/; expires=Thu, 29 Apr 2021 20:06:59 GMT; httponly
x-amz-cf-id: eTyBHJHtyVsuO5FhQu-4_9bvd1R5ZgZYDWsb7-6vjMt3sICY_pi4tA==

GET
H/1.1 200
OK cachedClickId Show response
tr.outbrain.com/ 35 B
239 B 367ms
109ms Script
application/javascript 70.42.32.159
INTERNAP-BLK3

General

Check archive.org

Show headers Download Go to

Full URL: https://tr.outbrain.com/cachedClickId?marketerId=00036f62ef463ea29a8544928b83649d57
Requested by: Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.159 , United States, ASN13789 (INTERNAP-BLK3, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: 1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 20:06:59 GMT
content-encoding: gzip
X-TraceId: bdd116adaa762abc419a1ec20cd02d8e
Content-Length: 56
Content-Type: application/javascript

GET
H/1.1 200
OK unifiedPixel
tr.outbrain.com/ 43 B
256 B 376ms
94ms Image
image/gif 70.42.32.159
INTERNAP-BLK3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.outbrain.com/unifiedPixel?marketerId=00036f62ef463ea29a8544928b83649d57&obApiVersion=1.1&obtpVersion=1.4.1&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.teamblind.com%2Fpost%2Ffull-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7%3Futm_source%3Dmixmax%26utm_medium%3Demail%26utm_campaign%3Dtrending%26utm_content%3Dwho%2527shiring%26utm_content%3Dexplainationgme&optOut=false&bust=09369836761947337
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.159 , United States, ASN13789 (INTERNAP-BLK3, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: 33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 20:06:59 GMT
Cache-Control: no-cache
X-TraceId: 81c3982ed4a901c9cbd8dd3a74257d63
content-encoding: gzip
Content-Length: 60
Content-Type: image/gif;

GET
H2 200 collect
px.ads.linkedin.com/ 0
611 B 399ms
141ms Image
application/javascript 2620:119:50e3:101::6cae:b45
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=471108&time=1618517219106&url=https%3A%2F%2Fwww.teamblind.com%2Fpost%2Ffull-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7%3Futm_source%3Dmixmax%26utm_medium%3Demail%26utm_campaign%3Dtrending%26utm_content%3Dexplainationgme
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:119:50e3:101::6cae:b45 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:06:59 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-proto: http/2
x-li-pop: prod-eda6
content-type: application/javascript
content-length: 0
x-li-uuid: Lz4H99UgdhbAJkk/NCsAAA==

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 13ms
13ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j89&a=1886702275&t=pageview&_s=1&dl=https%3A%2F%2Fwww.teamblind.com%2Fpost%2Ffull-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7%3Futm_source%3Dmixmax%26utm_medium%3Demail%26utm_campaign%3Dtrending%26utm_content%3Dwho%2527shiring%26utm_content%3Dexplainationgme&dp=%2Fpost%2Ffull-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7%3Futm_source%3Dmixmax%26utm_medium%3Demail%26utm_campaign%3Dtrending%26utm_content%3Dwho%2527shiring%26utm_content%3Dexplainationgme&ul=en-us&de=UTF-8&dt=Full%20explanation%20of%20the%20GME%2C%20RH%2C%20and%20Citadel%20debacle%20-%20Blind&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDACEABBAAAAC~&jid=75629577&gjid=489194452&cid=1620706719.1618517219&tid=UA-44450149-4&_gid=1928693589.1618517219&_r=1&_slc=1&z=877808233

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:06:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.teamblind.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 14ms
13ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j89&a=1886702275&t=pageview&_s=1&dl=https%3A%2F%2Fwww.teamblind.com%2Fpost%2Ffull-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7%3Futm_source%3Dmixmax%26utm_medium%3Demail%26utm_campaign%3Dtrending%26utm_content%3Dwho%2527shiring%26utm_content%3Dexplainationgme&dp=%2Fpost%2Ffull-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7%3Futm_source%3Dmixmax%26utm_medium%3Demail%26utm_campaign%3Dtrending%26utm_content%3Dwho%2527shiring%26utm_content%3Dexplainationgme&ul=en-us&de=UTF-8&dt=Full%20explanation%20of%20the%20GME%2C%20RH%2C%20and%20Citadel%20debacle%20-%20Blind&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDACEABBAAAAC~&jid=645216507&gjid=2120292116&cid=1620706719.1618517219&tid=UA-169230122-5&_gid=1928693589.1618517219&_r=1&_slc=1&z=718355141

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:06:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.teamblind.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 172618923088387 Show response
connect.facebook.net/signals/config/ 254 KB
72 KB 10ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/172618923088387?v=2.9.39&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a3c7456ae6bd6bc3fb2f7a7c10452e8539643a7bf9c46456e72679c94db8796c

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 74003
x-fb-rlafr: 0
pragma: public
x-fb-debug: xesXV0IAebmjucKLt0v/iIzi9+jXbgodRg6hrqcu1OnRBV2+5PJXaAXg7xak3mbH2KsD6y1MfUD6xZo/UMBauw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
date: Thu, 15 Apr 2021 20:06:59 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 adopJ.js Show response
compass.adop.cc/assets/js/adop/ 3 KB
2 KB 107ms
39ms Script
application/javascript 99.84.156.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/assets/js/adop/adopJ.js?v=14
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/af446fab3a380652e754.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-54.txl52.r.cloudfront.net
Software: /
Resource Hash: 04b2c3919eab959d0535139f9decd6b513be3d0356379bdb42e7fedc0ac32667

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:06:36 GMT
content-encoding: gzip
last-modified: Wed, 03 Jun 2020 07:46:29 GMT
age: 23
etag: W/"5ed75555-d79"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
cache-control: max-age=600
x-amz-cf-pop: TXL52-C1
content-length: 1938
x-amz-cf-id: ufurDnbwFlajpWaPyfB5d5iGavfE12q8MjjhPA1ZuDs2LhbbbJIzOg==
expires: Thu, 15 Apr 2021 20:16:36 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
90 B 13ms
13ms XHR
text/plain 2a00:1450:400c:c0d::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j89&tid=UA-44450149-4&cid=1620706719.1618517219&jid=75629577&gjid=489194452&_gid=1928693589.1618517219&_u=YGDACEAABAAAAC~&z=159749408

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0d::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 15 Apr 2021 20:06:59 GMT
content-type: text/plain
access-control-allow-origin: https://www.teamblind.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 203 B
642 B 120ms
51ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.teamblind.com&callback=_gfp_s_&client=ca-pub-4146116731128638

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210413/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4146116731128638&plah=www.teamblind.com&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

219d1535e2b21dfba0bfcd06627390f28ef2edae88dd4ed4711565dec0ce1e10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:06:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 193
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 15ms
14ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.teamblind.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 15 Apr 2021 20:06:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 15ms
15ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.teamblind.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 15 Apr 2021 20:06:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DA79 54 B
56 B 103ms
101ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4146116731128638&output=html&adk=1812271804&adf=3025194257&lmt=1618517219&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.teamblind.com%2Fpost%2Ffull-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7%3Futm_source%3Dmixmax%26utm_medium%3Demail%26utm_campaign%3Dtrending%26utm_content%3Dwho%2527shiring%26utm_content%3Dexplainationgme&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618517218985&bpp=6&bdt=1082&idt=179&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=366572638195&frm=20&pv=2&ga_vid=1620706719.1618517219&ga_sid=1618517219&ga_hid=1886702275&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079&oid=3&pvsid=2689970682305708&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&dtd=198

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

166a4ec3cb90d525f7f744c7616c01b36bebd6dcecd486c8f5be14ccc0a7b3da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-4146116731128638&output=html&adk=1812271804&adf=3025194257&lmt=1618517219&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.teamblind.com%2Fpost%2Ffull-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7%3Futm_source%3Dmixmax%26utm_medium%3Demail%26utm_campaign%3Dtrending%26utm_content%3Dwho%2527shiring%26utm_content%3Dexplainationgme&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618517218985&bpp=6&bdt=1082&idt=179&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=366572638195&frm=20&pv=2&ga_vid=1620706719.1618517219&ga_sid=1618517219&ga_hid=1886702275&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079&oid=3&pvsid=2689970682305708&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&dtd=198
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 15 Apr 2021 20:06:59 GMT
server: cafe
content-length: 34
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 15-Apr-2021 20:21:59 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 15 Apr 2021 20:06:59 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74e1cf077493c33fe895c7ce5732cda76b195e2d357d928f094bc3367cc7a75f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:06:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1618423639646658"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28266
x-xss-protection: 0
expires: Thu, 15 Apr 2021 20:06:59 GMT

GET
H2 400 / Show response
uswwwnotifier.teamblind.com/socket.io/ 41 B
498 B 178ms
178ms XHR
application/json 52.42.113.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://uswwwnotifier.teamblind.com/socket.io/?EIO=3&transport=polling&t=NZN9DTv&sid=lLkJbBhfYmYxi4B0Bjwe
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c15ae5eeabcffb56ce7a.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.42.113.144 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-42-113-144.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 8acac48bc106c4eae580c08071597f9dafab96d959deff65bec44514da907b1d

Request headers

Accept: */*
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: https://www.teamblind.com
date: Thu, 15 Apr 2021 20:06:59 GMT
access-control-allow-credentials: true
content-type: application/json

GET
H2 200 / Show response
uswwwnotifier.teamblind.com/socket.io/ 5 B
517 B 179ms
179ms XHR
application/octet-stream 52.42.113.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://uswwwnotifier.teamblind.com/socket.io/?EIO=3&transport=polling&t=NZN9DTx&sid=iq_gWGUXeoa-nWIGmFRJ
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c15ae5eeabcffb56ce7a.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.42.113.144 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-42-113-144.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 25d989b3ed89abc5bb5a814c257dc57619d7f45908013cd08aa508c22e4f6a0a

Request headers

Accept: */*
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: https://www.teamblind.com
date: Thu, 15 Apr 2021 20:06:59 GMT
access-control-allow-credentials: true
content-length: 5
content-type: application/octet-stream

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
111 B 29ms
28ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j89&tid=UA-44450149-4&cid=1620706719.1618517219&jid=75629577&_u=YGDACEAABAAAAC~&z=1384935052

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:06:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 29ms
29ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j89&tid=UA-44450149-4&cid=1620706719.1618517219&jid=75629577&_u=YGDACEAABAAAAC~&z=1384935052

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:06:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
261 B 6ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=172618923088387&ev=PageView&dl=https%3A%2F%2Fwww.teamblind.com%2Fpost%2Ffull-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7%3Futm_source%3Dmixmax%26utm_medium%3Demail%26utm_campaign%3Dtrending%26utm_content%3Dwho%2527shiring%26utm_content%3Dexplainationgme&rl=&if=false&ts=1618517219214&sw=1600&sh=1200&v=2.9.39&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1618517219212.1122135450&it=1618517219142&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:06:59 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Thu, 15 Apr 2021 20:06:59 GMT

GET
H2 200 c945bdf7ec430fe8339a.js Show response
www.teamblind.com/_nuxt/ 54 KB
16 KB 52ms
50ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/c945bdf7ec430fe8339a.js

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

96b6681f28903bd40dea8277fd55e57ae37b4eda06dc3e68150f81fe3b032bce

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/c945bdf7ec430fe8339a.js
pragma: no-cache
cookie: _gcl_au=1.1.1426247164.1618517219; _ga=GA1.2.1620706719.1618517219; _gid=GA1.2.1928693589.1618517219; _gat=1; _gat_company=1; _fbp=fb.1.1618517219212.1122135450
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:11:54 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212104
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:51 GMT
x-frame-options: SAMEORIGIN
etag: W/"d7b8-178ca7f69ff"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: a2LC2dmNxuhpob7-q_G8YYwjDD3_9lui_BNPUBjN14j6HEop9kVOwA==

GET
H2 200 eca3529c80e91b1d06c0.js Show response
www.teamblind.com/_nuxt/ 215 B
743 B 52ms
51ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/eca3529c80e91b1d06c0.js

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

1dfedaa4297bda780ac46ebab35b55e8fe26415a2f84ce832ffff0736df5284c

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/eca3529c80e91b1d06c0.js
pragma: no-cache
cookie: _gcl_au=1.1.1426247164.1618517219; _ga=GA1.2.1620706719.1618517219; _gid=GA1.2.1928693589.1618517219; _gat=1; _gat_company=1; _fbp=fb.1.1618517219212.1122135450
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:11:55 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212104
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:35 GMT
x-frame-options: SAMEORIGIN
etag: W/"d7-178ca7f2edf"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: Fr7erp4R4kLfAbIZXOv68RFQwdZ6Klf8G-LaN6lK8edwsaTMfOYxfw==

GET
H2 200 76d9f12a96a0481865c9.js Show response
www.teamblind.com/_nuxt/ 32 KB
10 KB 37ms
37ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/76d9f12a96a0481865c9.js

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

6166176f087dcb2e34b8ab4aac5f3ceab876353aaeb4f701b140868fc62ef8cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/76d9f12a96a0481865c9.js
pragma: no-cache
cookie: _gcl_au=1.1.1426247164.1618517219; _ga=GA1.2.1620706719.1618517219; _gid=GA1.2.1928693589.1618517219; _gat=1; _gat_company=1; _fbp=fb.1.1618517219212.1122135450
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:12:47 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212052
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:56 GMT
x-frame-options: SAMEORIGIN
etag: W/"812f-178ca7f7f83"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: 8MlcNziaIYDz2IXYvDUE09QXnaIPBiV9xzIUgCe_MJOg7C6iuSzZ7g==

GET
H2 200 3edc3777e4c0cbb2c76c.js Show response
www.teamblind.com/_nuxt/ 73 KB
19 KB 38ms
37ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/3edc3777e4c0cbb2c76c.js

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

49f7dca11b1d6ec82fb96142bf05e5588fd6a6276ea79a9b56af916c29838f65

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/3edc3777e4c0cbb2c76c.js
pragma: no-cache
cookie: _gcl_au=1.1.1426247164.1618517219; _ga=GA1.2.1620706719.1618517219; _gid=GA1.2.1928693589.1618517219; _gat=1; _gat_company=1; _fbp=fb.1.1618517219212.1122135450
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:11:55 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212104
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:37 GMT
x-frame-options: SAMEORIGIN
etag: W/"1240d-178ca7f3685"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: a1j0xF54InZojPrGjd4sCVbIsd4P3em0q9ISZX5jgFRtxDZHhFh10A==

GET
H2 200 6b3b5679b79359cf5f60.js Show response
www.teamblind.com/_nuxt/ 174 KB
53 KB 41ms
40ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/6b3b5679b79359cf5f60.js

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

ebd74ccd61864d807768b9d61cf9f71c5e175a4ec83fdc0fe78d7daa229c8ffc

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/6b3b5679b79359cf5f60.js
pragma: no-cache
cookie: _gcl_au=1.1.1426247164.1618517219; _ga=GA1.2.1620706719.1618517219; _gid=GA1.2.1928693589.1618517219; _gat=1; _gat_company=1; _fbp=fb.1.1618517219212.1122135450
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:11:54 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212104
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:33 GMT
x-frame-options: SAMEORIGIN
etag: W/"2b76d-178ca7f23f5"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: nsKtAZLkJwHx1fTcX09bAdy-fFHfrXo1uHBLcHs7U2Bj3uB_WFF98w==

GET
H2 200 fa7a203f99c8d9d241e1.js Show response
www.teamblind.com/_nuxt/ 59 KB
11 KB 33ms
33ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/fa7a203f99c8d9d241e1.js

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

9a6593db707489a4b3966aa68899741fd3ea0ef0c20f65250fbadfed8e83d22f

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/fa7a203f99c8d9d241e1.js
pragma: no-cache
cookie: _gcl_au=1.1.1426247164.1618517219; _ga=GA1.2.1620706719.1618517219; _gid=GA1.2.1928693589.1618517219; _gat=1; _gat_company=1; _fbp=fb.1.1618517219212.1122135450
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:12:47 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212052
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:37 GMT
x-frame-options: SAMEORIGIN
etag: W/"eadb-178ca7f35ed"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: UBy2cW4DgxagPPqMMq2Lkfk8wJecUJhIYImAoig39RV3h6SwqjVIXg==

GET
H2 200 0e4338761429b4eb16ac.css
www.teamblind.com/_nuxt/ 0
579 B 42ms
41ms Stylesheet
text/css 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/0e4338761429b4eb16ac.css

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/0e4338761429b4eb16ac.css
pragma: no-cache
cookie: _gcl_au=1.1.1426247164.1618517219; _ga=GA1.2.1620706719.1618517219; _gid=GA1.2.1928693589.1618517219; _gat=1; _gat_company=1; _fbp=fb.1.1618517219212.1122135450
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Feb 2021 01:58:52 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 5767687
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 05 Feb 2021 04:44:13 GMT
x-frame-options: SAMEORIGIN
etag: W/"0-17770813b18"
x-download-options: noopen
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: VVIWm6XqcAqX0VcFC1MY58L0DIZzwMJAa6WQqTrvoh8meUeoo9AFvA==

GET
H2 200 3e8aa9aa2ca83f8ed7d1.js Show response
www.teamblind.com/_nuxt/ 18 KB
6 KB 34ms
34ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/3e8aa9aa2ca83f8ed7d1.js

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

cad3d12505a78bcab262663591b8a66cb6c8353aa7c97fcc7b80155a29075ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/3e8aa9aa2ca83f8ed7d1.js
pragma: no-cache
cookie: _gcl_au=1.1.1426247164.1618517219; _ga=GA1.2.1620706719.1618517219; _gid=GA1.2.1928693589.1618517219; _gat=1; _gat_company=1; _fbp=fb.1.1618517219212.1122135450
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:12:47 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212052
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:31 GMT
x-frame-options: SAMEORIGIN
etag: W/"460f-178ca7f1cdd"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: oZlYYuWQdvRCV05KDDH2JrYUnNoJpM_0HDLZtX5rBYjLb2sH1-QxnQ==

GET
H2 200 e7d373feff01774a2bdc.css
www.teamblind.com/_nuxt/ 868 B
913 B 46ms
46ms Stylesheet
text/css 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/e7d373feff01774a2bdc.css

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

20039be919968b930cff518868ad1ef9ded693de4a14d265aa2ff7a3f7254498

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/e7d373feff01774a2bdc.css
pragma: no-cache
cookie: _gcl_au=1.1.1426247164.1618517219; _ga=GA1.2.1620706719.1618517219; _gid=GA1.2.1928693589.1618517219; _gat=1; _gat_company=1; _fbp=fb.1.1618517219212.1122135450
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 03 Apr 2021 06:34:16 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 1085563
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 31 Mar 2021 02:19:43 GMT
x-frame-options: SAMEORIGIN
etag: W/"364-1788614565b"
x-download-options: noopen
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: iagg2DmfV31kHdKuMj-Swfk_wEU2e3HbtCOrtTpmwGVR2yrJYCTBhg==

GET
H2 200 efe06874fc31a240fcca.js Show response
www.teamblind.com/_nuxt/ 12 KB
5 KB 37ms
36ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/efe06874fc31a240fcca.js

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

4ce43b5281d10d1f3023c8caddb4402c0d5ab46aee3db71ad264939305d5a178

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/efe06874fc31a240fcca.js
pragma: no-cache
cookie: _gcl_au=1.1.1426247164.1618517219; _ga=GA1.2.1620706719.1618517219; _gid=GA1.2.1928693589.1618517219; _gat=1; _gat_company=1; _fbp=fb.1.1618517219212.1122135450
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:12:47 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212052
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:41 GMT
x-frame-options: SAMEORIGIN
etag: W/"3139-178ca7f445f"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: jOjbXzkDFXJhEfBDbv-pUpwx9Beebyb-Xrwquf96nCq5OMj06SYHgw==

GET
H2 200 bc6b08e2ffb8d1573eef.js Show response
www.teamblind.com/_nuxt/ 11 KB
4 KB 33ms
33ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/bc6b08e2ffb8d1573eef.js

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

472dc749acd81926fc743a1c840a99c0ed3c255fc062dec09b0ffa569b52aa00

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/bc6b08e2ffb8d1573eef.js
pragma: no-cache
cookie: _gcl_au=1.1.1426247164.1618517219; _ga=GA1.2.1620706719.1618517219; _gid=GA1.2.1928693589.1618517219; _gat=1; _gat_company=1; _fbp=fb.1.1618517219212.1122135450
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:18:58 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 211681
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:43 GMT
x-frame-options: SAMEORIGIN
etag: W/"2d20-178ca7f4d03"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: nUNjqMdXQkYQwh5gee6WVwtW71jqPT_C0KIOVG-THzYrcO5pUroZbw==

GET
H2 200 15554803253c99968b5d.js Show response
www.teamblind.com/_nuxt/ 12 KB
4 KB 32ms
31ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/15554803253c99968b5d.js

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

613b31e17ab2a749e393f68251fd890dfc7b8df27d6349cb17334aa6ede7f28b

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/15554803253c99968b5d.js
pragma: no-cache
cookie: _gcl_au=1.1.1426247164.1618517219; _ga=GA1.2.1620706719.1618517219; _gid=GA1.2.1928693589.1618517219; _gat=1; _gat_company=1; _fbp=fb.1.1618517219212.1122135450
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:12:48 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212051
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:36 GMT
x-frame-options: SAMEORIGIN
etag: W/"2fb4-178ca7f2fd1"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: LwW6z5Z9ucRuEeFkPjbkrOhn2SVvlPwuCgJyZIAixGGCsKgWpLUzQw==

GET
H2 200 f1d46d8e7ad62731ec63.js Show response
www.teamblind.com/_nuxt/ 43 KB
13 KB 32ms
32ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/f1d46d8e7ad62731ec63.js

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

b6846c26f2d487e6b10fc3addd1dcd73dfa35578b39c1180fa57c1618d3d6013

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/f1d46d8e7ad62731ec63.js
pragma: no-cache
cookie: _gcl_au=1.1.1426247164.1618517219; _ga=GA1.2.1620706719.1618517219; _gid=GA1.2.1928693589.1618517219; _gat=1; _gat_company=1; _fbp=fb.1.1618517219212.1122135450
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:12:48 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212051
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:53 GMT
x-frame-options: SAMEORIGIN
etag: W/"aa9f-178ca7f7207"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: ZE4oIUFBdNJjdIOw1b-zIzKz-rXhydmu9rnaV1_MsyAhK9wfoEO9dg==

GET
H2 200 667cd15069cbccd7ae04.js Show response
www.teamblind.com/_nuxt/ 3 KB
1 KB 32ms
31ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/667cd15069cbccd7ae04.js

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

da1febf9bfaf1967fcbc91dd2ed2a84f86df03aebb879714db3a87967b8f56f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/667cd15069cbccd7ae04.js
pragma: no-cache
cookie: _gcl_au=1.1.1426247164.1618517219; _ga=GA1.2.1620706719.1618517219; _gid=GA1.2.1928693589.1618517219; _gat=1; _gat_company=1; _fbp=fb.1.1618517219212.1122135450; __gads=ID=39e8417a4bdbbc56-229a1bc68da70066:T=1618517219:RT=1618517219:S=ALNI_MYYZaME-7InMtKaQ4YHkZPe_wS2Pg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:12:48 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212051
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:54 GMT
x-frame-options: SAMEORIGIN
etag: W/"a39-178ca7f7547"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: gs3qu7F0jBsHNMQN_3FgB1oJSCtnUPy51UwBQrZScYKAqNpYBb-xww==

GET
H2 200 fe562ebd2e4e545800e8.js Show response
www.teamblind.com/_nuxt/ 8 KB
3 KB 34ms
33ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/fe562ebd2e4e545800e8.js

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

a131c13741a159b975b0fe5c57ed1bb636d7191a624dc066e475ae042e4c1f64

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/fe562ebd2e4e545800e8.js
pragma: no-cache
cookie: _gcl_au=1.1.1426247164.1618517219; _ga=GA1.2.1620706719.1618517219; _gid=GA1.2.1928693589.1618517219; _gat=1; _gat_company=1; _fbp=fb.1.1618517219212.1122135450; __gads=ID=39e8417a4bdbbc56-229a1bc68da70066:T=1618517219:RT=1618517219:S=ALNI_MYYZaME-7InMtKaQ4YHkZPe_wS2Pg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:12:48 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212051
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:35 GMT
x-frame-options: SAMEORIGIN
etag: W/"1f1b-178ca7f2ddf"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: Bs4zGa-gTOICG5U1fgzVTdt5KH83wbn7dMiQElWlGqBiW9EsccslpA==

GET
H2 200 b14337cf6a09ba8ad3bb.js Show response
www.teamblind.com/_nuxt/ 19 KB
5 KB 34ms
34ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/b14337cf6a09ba8ad3bb.js

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

074a51b3011aa6b78ebe9c4862a4e5582e35c1046eb1d789c8b99e34ea8cbdd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/b14337cf6a09ba8ad3bb.js
pragma: no-cache
cookie: _gcl_au=1.1.1426247164.1618517219; _ga=GA1.2.1620706719.1618517219; _gid=GA1.2.1928693589.1618517219; _gat=1; _gat_company=1; _fbp=fb.1.1618517219212.1122135450; __gads=ID=39e8417a4bdbbc56-229a1bc68da70066:T=1618517219:RT=1618517219:S=ALNI_MYYZaME-7InMtKaQ4YHkZPe_wS2Pg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:11:55 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212104
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:56 GMT
x-frame-options: SAMEORIGIN
etag: W/"4af5-178ca7f80e3"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: _4WzXngj91MsgqU2KTszNVVDjs_dpnsSrr4Y56c-O3Hi2KoJG-3TUg==

GET
H2 200 557393fdbaf44fcc631c.js Show response
www.teamblind.com/_nuxt/ 1 KB
1 KB 37ms
37ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/557393fdbaf44fcc631c.js

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

ebdca285c848e8ea65777d7005c5e9a0bad20d802142bd91c2747ea762f2b1ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/557393fdbaf44fcc631c.js
pragma: no-cache
cookie: _gcl_au=1.1.1426247164.1618517219; _ga=GA1.2.1620706719.1618517219; _gid=GA1.2.1928693589.1618517219; _gat=1; _gat_company=1; _fbp=fb.1.1618517219212.1122135450; __gads=ID=39e8417a4bdbbc56-229a1bc68da70066:T=1618517219:RT=1618517219:S=ALNI_MYYZaME-7InMtKaQ4YHkZPe_wS2Pg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:11:54 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212104
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:52 GMT
x-frame-options: SAMEORIGIN
etag: W/"4f5-178ca7f7117"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: krDC54GYB9Nbjgn7MRMk1RoyJjRcY7GnaFl5wTbMAbGLEXhXsl_3gA==

GET
H2 200 df7d4498a385afabc1c3.css
www.teamblind.com/_nuxt/ 175 B
697 B 37ms
37ms Stylesheet
text/css 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/df7d4498a385afabc1c3.css

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

6a3696975c783c5019b7f4e0eed0595e74670023da3b94e828adf9b77ff2b99d

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/df7d4498a385afabc1c3.css
pragma: no-cache
cookie: _gcl_au=1.1.1426247164.1618517219; _ga=GA1.2.1620706719.1618517219; _gid=GA1.2.1928693589.1618517219; _gat=1; _gat_company=1; _fbp=fb.1.1618517219212.1122135450
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 06:12:53 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 3333245
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Mon, 08 Mar 2021 00:19:45 GMT
x-frame-options: SAMEORIGIN
etag: W/"af-1780f344017"
x-download-options: noopen
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: i2CZ_xBNQ86QdGmnM2TKzb8elunhN3NXjj2aukok7VMIfpiauEA2zA==

GET
H2 200 1ce3a7b95b9eafaae095.js Show response
www.teamblind.com/_nuxt/ 28 KB
7 KB 33ms
32ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/1ce3a7b95b9eafaae095.js

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

34bd88854d8b0eb5be11fc8fbe2c1e3ca118a24b88a6d9e8510ca370e799f374

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/1ce3a7b95b9eafaae095.js
pragma: no-cache
cookie: _gcl_au=1.1.1426247164.1618517219; _ga=GA1.2.1620706719.1618517219; _gid=GA1.2.1928693589.1618517219; _gat=1; _gat_company=1; _fbp=fb.1.1618517219212.1122135450; __gads=ID=39e8417a4bdbbc56-229a1bc68da70066:T=1618517219:RT=1618517219:S=ALNI_MYYZaME-7InMtKaQ4YHkZPe_wS2Pg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:11:54 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212104
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:34 GMT
x-frame-options: SAMEORIGIN
etag: W/"70aa-178ca7f28fd"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: chtjgXfNgCRI0hqBmizM3PA_YgchRoV4FoY5Lp79rmPOigqLY55NQw==

GET
H2 200 4ca33a56b3437a8b7a62.js Show response
www.teamblind.com/_nuxt/ 20 KB
5 KB 33ms
33ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/4ca33a56b3437a8b7a62.js

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

9f98af25136d691914cb644e8621ef6ef17f52d47abb1a828fadb1ce3867f42c

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/4ca33a56b3437a8b7a62.js
pragma: no-cache
cookie: _gcl_au=1.1.1426247164.1618517219; _ga=GA1.2.1620706719.1618517219; _gid=GA1.2.1928693589.1618517219; _gat=1; _gat_company=1; _fbp=fb.1.1618517219212.1122135450; __gads=ID=39e8417a4bdbbc56-229a1bc68da70066:T=1618517219:RT=1618517219:S=ALNI_MYYZaME-7InMtKaQ4YHkZPe_wS2Pg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:11:55 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212104
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:44 GMT
x-frame-options: SAMEORIGIN
etag: W/"5037-178ca7f503b"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: h54AN76Z6iUW4CjBH6AAb3YRwGyg88zd58lZywVWSs1wkbkImOAUTg==

GET
H2 200 df25a6e90537a80804c7.js Show response
www.teamblind.com/_nuxt/ 51 KB
14 KB 35ms
34ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/df25a6e90537a80804c7.js

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

7ec5836e36d08e44e48f7c03716bb2da5d1cdf0b26e8c205baf764eebb7fcfd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/df25a6e90537a80804c7.js
pragma: no-cache
cookie: _gcl_au=1.1.1426247164.1618517219; _ga=GA1.2.1620706719.1618517219; _gid=GA1.2.1928693589.1618517219; _gat=1; _gat_company=1; _fbp=fb.1.1618517219212.1122135450; __gads=ID=39e8417a4bdbbc56-229a1bc68da70066:T=1618517219:RT=1618517219:S=ALNI_MYYZaME-7InMtKaQ4YHkZPe_wS2Pg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:11:55 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212104
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:47 GMT
x-frame-options: SAMEORIGIN
etag: W/"cbb2-178ca7f5ce7"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: zMP9zd6oK8VmXqOPbw5WYsR0mvkJGYIHSbLJED3kcOOmqMe-HJYong==

GET
H2 200 df99a81df463dd034928.js Show response
www.teamblind.com/_nuxt/ 36 KB
10 KB 34ms
33ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/df99a81df463dd034928.js

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

7b4c2bf3f3ac9dd6facfbb6252788c8201a97f1ee9c6fad66326d662d395a7ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/df99a81df463dd034928.js
pragma: no-cache
cookie: _gcl_au=1.1.1426247164.1618517219; _ga=GA1.2.1620706719.1618517219; _gid=GA1.2.1928693589.1618517219; _gat=1; _gat_company=1; _fbp=fb.1.1618517219212.1122135450; __gads=ID=39e8417a4bdbbc56-229a1bc68da70066:T=1618517219:RT=1618517219:S=ALNI_MYYZaME-7InMtKaQ4YHkZPe_wS2Pg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:11:55 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212104
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:32 GMT
x-frame-options: SAMEORIGIN
etag: W/"8f85-178ca7f1fd9"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: oAkQhsgKWT9tWi-1OK4iAAric8kT9bYKL-qZbbxUFBcG-ingq6y-4Q==

GET
H2 200 fc2de0d16269c1c0c96c.js Show response
www.teamblind.com/_nuxt/ 27 KB
6 KB 32ms
31ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/fc2de0d16269c1c0c96c.js

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

68ab8f9b3d4ac03fc0a526843c8f50dc2b6c98d9950f517447f8f56018b393f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/fc2de0d16269c1c0c96c.js
pragma: no-cache
cookie: _gcl_au=1.1.1426247164.1618517219; _ga=GA1.2.1620706719.1618517219; _gid=GA1.2.1928693589.1618517219; _gat=1; _gat_company=1; _fbp=fb.1.1618517219212.1122135450; __gads=ID=39e8417a4bdbbc56-229a1bc68da70066:T=1618517219:RT=1618517219:S=ALNI_MYYZaME-7InMtKaQ4YHkZPe_wS2Pg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:11:54 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212104
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:54 GMT
x-frame-options: SAMEORIGIN
etag: W/"6b5a-178ca7f7887"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: VyEFt4ml1SQiWqRtf9toX1V9pQXakhUYM6bmwBrOyKjwbJU2vDD0lA==

GET
H2 200 f0ad1197e847e913db92.js Show response
www.teamblind.com/_nuxt/ 13 KB
5 KB 33ms
33ms Script
application/javascript 99.84.156.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.teamblind.com/_nuxt/f0ad1197e847e913db92.js

Requested by

Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c6b3bcfbca640f0cf2b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-98.txl52.r.cloudfront.net

Software

Resource Hash

d719d335250de336d88b878985a732ec3f0b499b46564acbae5bebab2e320e33

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/f0ad1197e847e913db92.js
pragma: no-cache
cookie: _gcl_au=1.1.1426247164.1618517219; _ga=GA1.2.1620706719.1618517219; _gid=GA1.2.1928693589.1618517219; _gat=1; _gat_company=1; _fbp=fb.1.1618517219212.1122135450; __gads=ID=39e8417a4bdbbc56-229a1bc68da70066:T=1618517219:RT=1618517219:S=ALNI_MYYZaME-7InMtKaQ4YHkZPe_wS2Pg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.teamblind.com
referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 09:12:21 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
age: 212078
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
strict-transport-security: max-age=5184000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 13 Apr 2021 09:10:39 GMT
x-frame-options: SAMEORIGIN
etag: W/"33dc-178ca7f3c49"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: 6mkMke4W3Aee85PRV-VP6ZbiDjTk5iL-e09dXpIObLKPpn3tfKz0qw==

GET
H2 200 / Show response
uswwwnotifier.teamblind.com/socket.io/ 4 B
516 B 818ms
818ms XHR
application/octet-stream 52.42.113.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://uswwwnotifier.teamblind.com/socket.io/?EIO=3&transport=polling&t=NZN9DWn&sid=iq_gWGUXeoa-nWIGmFRJ
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c15ae5eeabcffb56ce7a.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.42.113.144 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-42-113-144.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: a9a2f1dd042cb6f1eded53dc0a1c66ed8694fc093dc3520cdac1a541d615d474

Request headers

Accept: */*
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: https://www.teamblind.com
date: Thu, 15 Apr 2021 20:07:00 GMT
access-control-allow-credentials: true
content-length: 4
content-type: application/octet-stream

POST
H2 400 / Show response
uswwwnotifier.teamblind.com/socket.io/ 41 B
498 B 178ms
178ms XHR
application/json 52.42.113.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://uswwwnotifier.teamblind.com/socket.io/?EIO=3&transport=polling&t=NZN9DWp&sid=lLkJbBhfYmYxi4B0Bjwe
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c15ae5eeabcffb56ce7a.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.42.113.144 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-42-113-144.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 8acac48bc106c4eae580c08071597f9dafab96d959deff65bec44514da907b1d

Request headers

Accept: */*
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.teamblind.com
date: Thu, 15 Apr 2021 20:06:59 GMT
access-control-allow-credentials: true
content-type: application/json

GET
H2 200 474d5ace-ea34-4e47-bde6-b87fddf21d92 Show response
compass.adop.cc/RE/ Frame 6377 2 KB
1 KB 292ms
291ms Script
text/html 99.84.156.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/RE/474d5ace-ea34-4e47-bde6-b87fddf21d92?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=474d5ace-ea34-4e47-bde6-b87fddf21d92&type=re&loc=&rnd=eTB&percentage=false&size_width=728&size_height=90&
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-54.txl52.r.cloudfront.net
Software: /
Resource Hash: f31fe92c2b78d3cbfabbe34b05b7c7d6aba7127e15178f3cafb98cc4c0fd9d1c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:06:59 GMT
via: 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL52-C1
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 722
x-amz-cf-id: qOX4hKSEdw_jrrLsJ8fWXs0iQsRtyTd79mZ0hL7iuGYZ9XaV2tiLgQ==

GET
H2 200 c4f33366-ecd8-4dca-a7ed-3a8756afe75d Show response
compass.adop.cc/RE/ Frame 07B1 2 KB
1 KB 798ms
797ms Script
text/html 99.84.156.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/RE/c4f33366-ecd8-4dca-a7ed-3a8756afe75d?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=c4f33366-ecd8-4dca-a7ed-3a8756afe75d&type=re&loc=&rnd=9VU&percentage=false&size_width=728&size_height=90&
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-54.txl52.r.cloudfront.net
Software: /
Resource Hash: d5fb8d1ad9708db8272c7da7aa795a4bf6cc3784afffcdd11b84c0707760996f

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:00 GMT
via: 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL52-C1
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 814
x-amz-cf-id: vyhzyp-tR12_ccugiZU9IM83H3W9vMBR0d6C_TGegfLOV7BZ6nffFg==

GET
H2 200 cbfa48e2-a6cd-4433-8ac4-ba40ae05cb0c Show response
compass.adop.cc/RE/ Frame C47D 2 KB
1 KB 803ms
798ms Script
text/html 99.84.156.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/RE/cbfa48e2-a6cd-4433-8ac4-ba40ae05cb0c?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=cbfa48e2-a6cd-4433-8ac4-ba40ae05cb0c&type=re&loc=&rnd=t5r&percentage=false&size_width=160&size_height=600&
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-54.txl52.r.cloudfront.net
Software: /
Resource Hash: 8f1925cead7a157cc194d449223e5a94ff63257f67f020507779e8fefcf5e027

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:00 GMT
via: 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL52-C1
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 721
x-amz-cf-id: HpEAiZHVp6K6s5iOUaQgbEOQujmwKX6VvgxJlCs3o4zlZxsOAAzMMA==

GET
H2 200 ico-logo-amazon.png
d2u3dcdbebyaiu.cloudfront.net/img/www/icon/ 3 KB
3 KB 40ms
38ms Image
image/png 99.84.155.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2u3dcdbebyaiu.cloudfront.net/img/www/icon/ico-logo-amazon.png
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.155.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-155-72.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6a91d2c8e11934ec55a15d7a22b9dc32a1428b8a98241ba84b297a4edb8e6f20

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 10:17:51 GMT
via: 1.1 458f29e42261f01e7368474593f44b66.cloudfront.net (CloudFront)
last-modified: Wed, 18 Nov 2020 07:12:48 GMT
server: AmazonS3
age: 3664148
etag: "04581e68d5670f56d5c1ee1428e86134"
x-cache: Hit from cloudfront
x-amz-version-id: y7lC2I9xJir3tnAbWKu0CBtSJ78_UdOo
cache-control: s-max-age=7776000, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-type: image/png
content-length: 2595
x-amz-cf-id: Byc28M4PM9yonGrm7DRbC3vQsqVL67cxpmPp8QhJM8QhCJK2Cl9nAw==

GET
H2 200 ico-logo-google.png
d2u3dcdbebyaiu.cloudfront.net/img/www/icon/ 3 KB
4 KB 40ms
38ms Image
image/png 99.84.155.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2u3dcdbebyaiu.cloudfront.net/img/www/icon/ico-logo-google.png
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.155.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-155-72.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a90b2ad56322cc76f001a774145f0603fd0a364f0472538e916cd9e6d7dc3ce6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Feb 2021 01:09:52 GMT
via: 1.1 458f29e42261f01e7368474593f44b66.cloudfront.net (CloudFront)
last-modified: Wed, 18 Nov 2020 07:12:48 GMT
server: AmazonS3
age: 6029828
etag: "652002d8ac568b91a89ad8c538279488"
x-cache: Hit from cloudfront
x-amz-version-id: IfqHwbbfjW0RUF171ox_Spzq6y0JXTiU
cache-control: s-max-age=7776000, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-type: image/png
content-length: 3416
x-amz-cf-id: AgRdHR1UjME0IZCK7nNpXwveOzjAqf9a-PKTvhn557mtr7jEvOkvsA==

GET
H2 200 ico-logo-microsoft.png
d2u3dcdbebyaiu.cloudfront.net/img/www/icon/ 2 KB
2 KB 47ms
46ms Image
image/png 99.84.155.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2u3dcdbebyaiu.cloudfront.net/img/www/icon/ico-logo-microsoft.png
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.155.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-155-72.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 455b1caff0664a32ffc448ada91ef26315a17335812b2b4d881c4765ee19c04c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 01:08:25 GMT
via: 1.1 458f29e42261f01e7368474593f44b66.cloudfront.net (CloudFront)
last-modified: Wed, 18 Nov 2020 07:12:48 GMT
server: AmazonS3
age: 5684315
etag: "9f0267302ffc5dcc2cad345b5323a1c9"
x-cache: Hit from cloudfront
x-amz-version-id: 8AKeppPsYSQl3dMU6C33JsLH_DXH804a
cache-control: s-max-age=7776000, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-type: image/png
content-length: 1558
x-amz-cf-id: FUceoq71OAAUtPIqzbhn4P6wFMpG1_2OxiAQDBdVeXT1y5zYF7D6NA==

GET
H2 200 ico-logo-oracle.png
d2u3dcdbebyaiu.cloudfront.net/img/www/icon/ 5 KB
6 KB 39ms
38ms Image
image/png 99.84.155.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2u3dcdbebyaiu.cloudfront.net/img/www/icon/ico-logo-oracle.png
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.155.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-155-72.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 132135db68b691f135b7a4b204749287cae61fc557d9bab5bad2727b3ed938f3

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 05:00:42 GMT
via: 1.1 458f29e42261f01e7368474593f44b66.cloudfront.net (CloudFront)
last-modified: Wed, 18 Nov 2020 07:12:48 GMT
server: AmazonS3
age: 1263978
etag: "2a10edfdd36d3d8ebad576b24094f76c"
x-cache: Hit from cloudfront
x-amz-version-id: OFIxMKJ3dy0.Z3KQj6vKp8x0z9nFCfdv
cache-control: s-max-age=7776000, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-type: image/png
content-length: 5562
x-amz-cf-id: lCK_1W15M29OYezVawQswNEC-0SE79UP2IRYeMyX7QkK6zBAaPGRGg==

GET
H2 200 ico-logo-yahoo.png
d2u3dcdbebyaiu.cloudfront.net/img/www/icon/ 2 KB
3 KB 46ms
46ms Image
image/png 99.84.155.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2u3dcdbebyaiu.cloudfront.net/img/www/icon/ico-logo-yahoo.png
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.155.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-155-72.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 93a95660fef2314044a7f8512cb4020aad4c6393e0b962a9ca8fdfe0af1dce34

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 03 Apr 2021 00:38:24 GMT
via: 1.1 458f29e42261f01e7368474593f44b66.cloudfront.net (CloudFront)
last-modified: Wed, 18 Nov 2020 07:12:48 GMT
server: AmazonS3
age: 1106916
etag: "42097080ea1cb65e5b6af670583104f9"
x-cache: Hit from cloudfront
x-amz-version-id: c.GjwQa31soVcsL1kbKXswYgvdp96_HC
cache-control: s-max-age=7776000, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-type: image/png
content-length: 2513
x-amz-cf-id: 2YBTtKOatxILrVWcEE6SRdHR_jYAXVyt7jSJP-EWYi4ZCR12DeFuaw==

POST
H3-29 200 /
www.facebook.com/tr/ 0
15 B 13ms
6ms Ping
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryjGhG00sAuLB692s3

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Thu, 15 Apr 2021 20:06:59 GMT
content-type: text/plain
access-control-allow-origin: https://www.teamblind.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i

GET
H2 200 adop_sdk_p3.2.1.min.js Show response
adopdmp.adop.cc/ Frame 6377 19 KB
8 KB 41ms
6ms Script
application/javascript 2600:9000:2156:ee00:18:69f:d880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/474d5ace-ea34-4e47-bde6-b87fddf21d92?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=474d5ace-ea34-4e47-bde6-b87fddf21d92&type=re&loc=&rnd=eTB&percentage=false&size_width=728&size_height=90&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ee00:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Feb 2021 02:00:27 GMT
content-encoding: gzip
last-modified: Tue, 28 Jan 2020 07:27:14 GMT
server: AmazonS3
age: 6026793
etag: W/"beb7e40d14c2bdc6a039fcdbe887d780"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 632ee301c4920b52f2463aa9e978c57f.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: XqLVx0fwGQA07nOVhg2ymbV1BvetpzE9cs9mbPUBgrv8QGgkIsdTMQ==

GET
H/1.1 200
OK collect.php Show response
data.adop.cc/ Frame 6377 2 B
96 B 1174ms
293ms Script
text/plain 13.124.92.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://data.adop.cc/collect.php?log=com_imp&dt=20210415200659&aid=c5b077fe-442f-4999-8ad4-6a8242c070c8&zid=474d5ace-ea34-4e47-bde6-b87fddf21d92&r=hMhi
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/474d5ace-ea34-4e47-bde6-b87fddf21d92?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=474d5ace-ea34-4e47-bde6-b87fddf21d92&type=re&loc=&rnd=eTB&percentage=false&size_width=728&size_height=90&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H2 200 adopJ.js Show response
compass.adop.cc/assets/js/adop/ Frame 6377 3 KB
2 KB 30ms
30ms Script
application/javascript 99.84.156.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/assets/js/adop/adopJ.js?v=14
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/474d5ace-ea34-4e47-bde6-b87fddf21d92?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=474d5ace-ea34-4e47-bde6-b87fddf21d92&type=re&loc=&rnd=eTB&percentage=false&size_width=728&size_height=90&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-54.txl52.r.cloudfront.net
Software: /
Resource Hash: 04b2c3919eab959d0535139f9decd6b513be3d0356379bdb42e7fedc0ac32667

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:06:36 GMT
content-encoding: gzip
last-modified: Wed, 03 Jun 2020 07:46:29 GMT
age: 23
etag: W/"5ed75555-d79"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
cache-control: max-age=600
x-amz-cf-pop: TXL52-C1
content-length: 1938
x-amz-cf-id: id0Yvd4d2NXDkGTYDtsT1pvKyUKxt6FCrVjwx-lDCUX5X7TxO4MPhw==
expires: Thu, 15 Apr 2021 20:16:36 GMT

GET
H2 200 / Show response
uswwwnotifier.teamblind.com/socket.io/ 101 B
610 B 178ms
178ms XHR
application/octet-stream 52.42.113.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://uswwwnotifier.teamblind.com/socket.io/?EIO=3&transport=polling&t=NZN9DhK
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c15ae5eeabcffb56ce7a.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.42.113.144 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-42-113-144.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 41127f26377bf4e71f1d329d3cb41acb455a0589da47bfc5b76c3d97491c81da

Request headers

Accept: */*
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: https://www.teamblind.com
date: Thu, 15 Apr 2021 20:07:00 GMT
access-control-allow-credentials: true
content-length: 101
content-type: application/octet-stream

GET
H2 200 / Show response
uswwwnotifier.teamblind.com/socket.io/ 5 B
516 B 178ms
178ms XHR
application/octet-stream 52.42.113.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://uswwwnotifier.teamblind.com/socket.io/?EIO=3&transport=polling&t=NZN9Dk8&sid=4yC2AVoM8laVZNT6mFRT
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c15ae5eeabcffb56ce7a.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.42.113.144 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-42-113-144.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 25d989b3ed89abc5bb5a814c257dc57619d7f45908013cd08aa508c22e4f6a0a

Request headers

Accept: */*
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: https://www.teamblind.com
date: Thu, 15 Apr 2021 20:07:00 GMT
access-control-allow-credentials: true
content-length: 5
content-type: application/octet-stream

GET
H2 200 adop_sdk_p3.2.1.min.js Show response
adopdmp.adop.cc/ Frame 07B1 19 KB
8 KB 8ms
7ms Script
application/javascript 2600:9000:2156:ee00:18:69f:d880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/c4f33366-ecd8-4dca-a7ed-3a8756afe75d?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=c4f33366-ecd8-4dca-a7ed-3a8756afe75d&type=re&loc=&rnd=9VU&percentage=false&size_width=728&size_height=90&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ee00:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Feb 2021 02:00:27 GMT
content-encoding: gzip
last-modified: Tue, 28 Jan 2020 07:27:14 GMT
server: AmazonS3
age: 6026794
etag: W/"beb7e40d14c2bdc6a039fcdbe887d780"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 632ee301c4920b52f2463aa9e978c57f.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: PdhO1xB3I5cqYEB2MjY1CSyiT1iPebeg1dKjqarBnW4s4XnG7n3wVA==

GET
H/1.1 200
OK collect.php Show response
data.adop.cc/ Frame 07B1 2 B
96 B 954ms
293ms Script
text/plain 13.124.92.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://data.adop.cc/collect.php?log=com_imp&dt=20210415200700&aid=d236c104-57ca-4211-aa7f-d0ac14753a4d&zid=c4f33366-ecd8-4dca-a7ed-3a8756afe75d&r=W351
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/c4f33366-ecd8-4dca-a7ed-3a8756afe75d?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=c4f33366-ecd8-4dca-a7ed-3a8756afe75d&type=re&loc=&rnd=9VU&percentage=false&size_width=728&size_height=90&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H2 200 adop.js Show response
compass.adop.cc/assets/js/adop/ Frame 07B1 3 KB
2 KB 41ms
41ms Script
application/javascript 99.84.156.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/assets/js/adop/adop.js?v=14
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/c4f33366-ecd8-4dca-a7ed-3a8756afe75d?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=c4f33366-ecd8-4dca-a7ed-3a8756afe75d&type=re&loc=&rnd=9VU&percentage=false&size_width=728&size_height=90&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-54.txl52.r.cloudfront.net
Software: /
Resource Hash: b0bc5e3662f35ed2dc29a0687c30b85ed673275ad4ebcc2e5d6422316db85b50

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:05:53 GMT
content-encoding: gzip
last-modified: Thu, 18 Jun 2020 04:56:42 GMT
age: 94
etag: W/"5eeaf40a-b3e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
cache-control: max-age=600
x-amz-cf-pop: TXL52-C1
content-length: 1564
x-amz-cf-id: fSBf69PrdqT6vapB6qS7Kmdmz0c9fD0jkFzVX2Sooj3JMfRziUhv9Q==
expires: Thu, 15 Apr 2021 20:15:26 GMT

GET
H2 200 adop_sdk_p3.2.1.min.js Show response
adopdmp.adop.cc/ Frame C47D 19 KB
8 KB 10ms
10ms Script
application/javascript 2600:9000:2156:ee00:18:69f:d880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/cbfa48e2-a6cd-4433-8ac4-ba40ae05cb0c?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=cbfa48e2-a6cd-4433-8ac4-ba40ae05cb0c&type=re&loc=&rnd=t5r&percentage=false&size_width=160&size_height=600&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ee00:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Feb 2021 02:00:27 GMT
content-encoding: gzip
last-modified: Tue, 28 Jan 2020 07:27:14 GMT
server: AmazonS3
age: 6026794
etag: W/"beb7e40d14c2bdc6a039fcdbe887d780"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 632ee301c4920b52f2463aa9e978c57f.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: tREV2aILL5q4_zsTk_n3mOLDJN5X3gdxaCOZlcLP-rPJIF33MxsI0w==

GET
H/1.1 200
OK collect.php Show response
data.adop.cc/ Frame C47D 2 B
96 B 1107ms
282ms Script
text/plain 13.124.92.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://data.adop.cc/collect.php?log=com_imp&dt=20210415200700&aid=46e1536d-dc00-4526-bc83-694d95095d7d&zid=cbfa48e2-a6cd-4433-8ac4-ba40ae05cb0c&r=UeXc
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/cbfa48e2-a6cd-4433-8ac4-ba40ae05cb0c?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=cbfa48e2-a6cd-4433-8ac4-ba40ae05cb0c&type=re&loc=&rnd=t5r&percentage=false&size_width=160&size_height=600&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H2 200 adopJ.js Show response
compass.adop.cc/assets/js/adop/ Frame C47D 3 KB
2 KB 30ms
30ms Script
application/javascript 99.84.156.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/assets/js/adop/adopJ.js?v=14
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/cbfa48e2-a6cd-4433-8ac4-ba40ae05cb0c?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=cbfa48e2-a6cd-4433-8ac4-ba40ae05cb0c&type=re&loc=&rnd=t5r&percentage=false&size_width=160&size_height=600&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-54.txl52.r.cloudfront.net
Software: /
Resource Hash: 04b2c3919eab959d0535139f9decd6b513be3d0356379bdb42e7fedc0ac32667

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:06:36 GMT
content-encoding: gzip
last-modified: Wed, 03 Jun 2020 07:46:29 GMT
age: 24
etag: W/"5ed75555-d79"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
cache-control: max-age=600
x-amz-cf-pop: TXL52-C1
content-length: 1938
x-amz-cf-id: sR1pMHwSPZYw-Me6vcBVTBkUlt4YbVn5XUpBH1fYDmjD_nChkY93dg==
expires: Thu, 15 Apr 2021 20:16:36 GMT

GET
H2 200 / Show response
uswwwnotifier.teamblind.com/socket.io/ 4 B
517 B 636ms
636ms XHR
application/octet-stream 52.42.113.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://uswwwnotifier.teamblind.com/socket.io/?EIO=3&transport=polling&t=NZN9Dmy&sid=4yC2AVoM8laVZNT6mFRT
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/_nuxt/c15ae5eeabcffb56ce7a.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.42.113.144 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-42-113-144.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: a9a2f1dd042cb6f1eded53dc0a1c66ed8694fc093dc3520cdac1a541d615d474

Request headers

Accept: */*
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: https://www.teamblind.com
date: Thu, 15 Apr 2021 20:07:00 GMT
access-control-allow-credentials: true
content-length: 4
content-type: application/octet-stream

GET
H/1.1 200
OK collect.php
data.adop.cc/ Frame 6377 2 B
96 B 488ms
283ms Image
text/plain 13.124.92.103
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwNDE1MjAwNjU5IiwiY3RyeSI6IkRLIiwiYWNpZCI6IkRLLTIxMDQxNTIwMDY1OS0yZjc1ZWIyMmQ5N2M0NGY2IiwibmV0IjoiIiwid2d0IjoiODAiLCJvcmQiOiIyLzQiLCJ6aWQiOiI0NzRkNWFjZS1lYTM0LTRlNDctYmRlNi1iODdmZGRmMjFkOTIiLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImJyb3ciOiJDaHJvbWUiLCJkZXYiOiJkZXNrdG9wIiwib3MiOiJXaW5kb3dzIiwiaXAiOiIxOTUuMTgxLjE3My4yMDEiLCJmbG9jIjoiaHR0cHM6Ly93d3cudGVhbWJsaW5kLmNvbS9wb3N0L2Z1bGwtZXhwbGFuYXRpb24tb2YtdGhlLWdtZS1yaC1hbmQtY2l0YWRlbC1kZWJhY2xlLXFic3ViZ3o3P3V0bV9zb3VyY2U9bWl4bWF4JnV0bV9tZWRpdW09ZW1haWwmdXRtX2NhbXBhaWduPXRyZW5kaW5nJnV0bV9jb250ZW50PXdobyUyN3NoaXJpbmcmdXRtX2NvbnRlbnQ9ZXhwbGFpbmF0aW9uZ21lIiwiY2R0IjoiMjEwNDE1MjAwNjU5Iiwid2QiOiJZIiwicGIiOiJOIiwicHQiOiJodHRwcyIsImxvZyI6ImJhc2ljIn0%3D
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H2 200 52fce88e-1ea1-4a0e-b29c-442d551e5a48 Show response
compass.adop.cc/RE/ Frame 38CE 4 KB
2 KB 315ms
315ms Script
text/html 99.84.156.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/RE/52fce88e-1ea1-4a0e-b29c-442d551e5a48?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=52fce88e-1ea1-4a0e-b29c-442d551e5a48&type=re&loc=&rnd=G9D&percentage=false&size_width=728&size_height=90&
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-54.txl52.r.cloudfront.net
Software: /
Resource Hash: 9dc4d51f4ccf537a31e9b2791d9d1b7f35334a19ce7b316100a658cfc4a5027d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:01 GMT
via: 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL52-C1
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 1453
x-amz-cf-id: Y7vnyzHhLGCv-Nljqs8z-He6VgACEyF8cVpP39YYVmq4uhVNTF07XA==

GET
H/1.1 200
OK collect.php
data.adop.cc/ Frame 07B1 2 B
96 B 293ms
293ms Image
text/plain 13.124.92.103
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwNDE1MjAwNzAwIiwiY3RyeSI6IkRLIiwiYWNpZCI6IkRLLTIxMDQxNTIwMDcwMC1mNjZmZjAwODJhYjQ0N2I0IiwibmV0IjoiIiwid2d0IjoiNjUiLCJvcmQiOiI0LzQiLCJ6aWQiOiJjNGYzMzM2Ni1lY2Q4LTRkY2EtYTdlZC0zYTg3NTZhZmU3NWQiLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImJyb3ciOiJDaHJvbWUiLCJkZXYiOiJkZXNrdG9wIiwib3MiOiJXaW5kb3dzIiwiaXAiOiIxOTUuMTgxLjE3My4yMDEiLCJmbG9jIjoiaHR0cHM6Ly93d3cudGVhbWJsaW5kLmNvbS9wb3N0L2Z1bGwtZXhwbGFuYXRpb24tb2YtdGhlLWdtZS1yaC1hbmQtY2l0YWRlbC1kZWJhY2xlLXFic3ViZ3o3P3V0bV9zb3VyY2U9bWl4bWF4JnV0bV9tZWRpdW09ZW1haWwmdXRtX2NhbXBhaWduPXRyZW5kaW5nJnV0bV9jb250ZW50PXdobyUyN3NoaXJpbmcmdXRtX2NvbnRlbnQ9ZXhwbGFpbmF0aW9uZ21lIiwiY2R0IjoiMjEwNDE1MjAwNzAwIiwid2QiOiJZIiwicGIiOiJOIiwicHQiOiJodHRwcyIsImxvZyI6ImJhc2ljIn0%3D
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H/1.1 200
OK collect.php
data.adop.cc/ Frame C47D 2 B
96 B 281ms
281ms Image
text/plain 13.124.92.103
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwNDE1MjAwNzAwIiwiY3RyeSI6IkRLIiwiYWNpZCI6IkRLLTIxMDQxNTIwMDcwMC0xMGViMDM5N2EwN2U0ZDY3IiwibmV0IjoiIiwid2d0IjoiMTAwIiwib3JkIjoiMi8yIiwiemlkIjoiY2JmYTQ4ZTItYTZjZC00NDMzLThhYzQtYmE0MGFlMDVjYjBjIiwidWEiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvODkuMC40Mzg5LjcyIFNhZmFyaS81MzcuMzYiLCJicm93IjoiQ2hyb21lIiwiZGV2IjoiZGVza3RvcCIsIm9zIjoiV2luZG93cyIsImlwIjoiMTk1LjE4MS4xNzMuMjAxIiwiZmxvYyI6Imh0dHBzOi8vd3d3LnRlYW1ibGluZC5jb20vcG9zdC9mdWxsLWV4cGxhbmF0aW9uLW9mLXRoZS1nbWUtcmgtYW5kLWNpdGFkZWwtZGViYWNsZS1xYnN1Ymd6Nz91dG1fc291cmNlPW1peG1heCZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jYW1wYWlnbj10cmVuZGluZyZ1dG1fY29udGVudD13aG8lMjdzaGlyaW5nJnV0bV9jb250ZW50PWV4cGxhaW5hdGlvbmdtZSIsImNkdCI6IjIxMDQxNTIwMDcwMCIsIndkIjoiWSIsInBiIjoiTiIsInB0IjoiaHR0cHMiLCJsb2ciOiJiYXNpYyJ9
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H2 200 787308ee-7ead-4a7a-85c9-ed795ccd976b Show response
compass.adop.cc/RD/ Frame 9DED 3 KB
3 KB 290ms
290ms Document
text/html 99.84.156.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/RD/787308ee-7ead-4a7a-85c9-ed795ccd976b?over-size=auto&over-size-w=null&over-size-h=null&over-zone=%7B%22468x60%22%3A%22b18156ad-ce0f-417a-986c-c5369b0194b3%22%2C%22728x90%22%3A%22787308ee-7ead-4a7a-85c9-ed795ccd976b%22%7D&adop-zone=f269fcc7-40e7-447d-bbd4-ade6f4ee075f&size_width=728&size_height=90&type=rs&loc=&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=&
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-54.txl52.r.cloudfront.net
Software: /
Resource Hash: 63491c0480e03922f0cccc1f9f459c0264a37ab65ad3639a327cb0c930851176

Request headers

:method: GET
:authority: compass.adop.cc
:scheme: https
:path: /RD/787308ee-7ead-4a7a-85c9-ed795ccd976b?over-size=auto&over-size-w=null&over-size-h=null&over-zone=%7B%22468x60%22%3A%22b18156ad-ce0f-417a-986c-c5369b0194b3%22%2C%22728x90%22%3A%22787308ee-7ead-4a7a-85c9-ed795ccd976b%22%7D&adop-zone=f269fcc7-40e7-447d-bbd4-ade6f4ee075f&size_width=728&size_height=90&type=rs&loc=&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=&
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: ADOP_CID=DK-210415200700-10eb0397a07e4d67
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
content-length: 2146
content-encoding: gzip
date: Thu, 15 Apr 2021 20:07:01 GMT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
set-cookie: ADOP_CID=DK-210415200700-10eb0397a07e4d67; expires=Wed, 14-Jul-2021 20:07:01 GMT; Max-Age=7776000; path=/; samesite=none; domain=.adop.cc; secure; httponly ADOP_P_U=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; samesite=none; domain=.adop.cc; secure; httponly
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL52-C1
x-amz-cf-id: VNsIinRjLqi5Q0pMq_HY7Z9jqEizSP3RdBeIKYyhG4o5oOeS9oGSxw==

GET
H2 200 adop_sdk_p3.2.1.min.js Show response
adopdmp.adop.cc/ Frame 38CE 19 KB
8 KB 9ms
7ms Script
application/javascript 2600:9000:2156:ee00:18:69f:d880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/52fce88e-1ea1-4a0e-b29c-442d551e5a48?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=52fce88e-1ea1-4a0e-b29c-442d551e5a48&type=re&loc=&rnd=G9D&percentage=false&size_width=728&size_height=90&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ee00:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Feb 2021 02:00:27 GMT
content-encoding: gzip
last-modified: Tue, 28 Jan 2020 07:27:14 GMT
server: AmazonS3
age: 6026795
etag: W/"beb7e40d14c2bdc6a039fcdbe887d780"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 632ee301c4920b52f2463aa9e978c57f.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: oInpjqxVNbkkpYCeLbCvaPXHw9dTGHZFrGMHw5gtYp-fr2bgNideKg==

GET
H/1.1 200
OK collect.php Show response
data.adop.cc/ Frame 38CE 2 B
96 B 284ms
283ms Script
text/plain 13.124.92.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://data.adop.cc/collect.php?log=com_imp&dt=20210415200701&aid=50adc1ef-c357-4b89-b00c-94b9b4be0fbc&zid=52fce88e-1ea1-4a0e-b29c-442d551e5a48&r=FAhk
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/52fce88e-1ea1-4a0e-b29c-442d551e5a48?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=52fce88e-1ea1-4a0e-b29c-442d551e5a48&type=re&loc=&rnd=G9D&percentage=false&size_width=728&size_height=90&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame 38CE 114 KB
37 KB 51ms
23ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.js
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/52fce88e-1ea1-4a0e-b29c-442d551e5a48?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=52fce88e-1ea1-4a0e-b29c-442d551e5a48&type=re&loc=&rnd=G9D&percentage=false&size_width=728&size_height=90&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 59883dc82297de1d8ff485a115678ff6e56102eb1fc170c9808737535f6f8070

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:01 GMT
content-encoding: gzip
last-modified: Thu, 18 Mar 2021 09:52:29 GMT
server: nginx
etag: W/"605322dd-1c9d1"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Fri, 16 Apr 2021 20:07:01 GMT

GET
H2 200 c43b3ec1-d378-4c3d-8caf-6a6f1edfa27f Show response
compass.adop.cc/RE/ Frame E090 4 KB
3 KB 302ms
302ms Script
text/html 99.84.156.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/RE/c43b3ec1-d378-4c3d-8caf-6a6f1edfa27f?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=c43b3ec1-d378-4c3d-8caf-6a6f1edfa27f&type=re&loc=&rnd=bpI&percentage=false&size_width=160&size_height=600&
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-54.txl52.r.cloudfront.net
Software: /
Resource Hash: 070f83011d08921c13cab92929522f04c124862b1f16cadd94f4ad12a18627d7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:01 GMT
via: 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL52-C1
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 2119
x-amz-cf-id: KQ_2jw3A9MMXS5XGao_CSqNuRL-oWPNwE6SPj9HJxnPc3rsRTYTc1A==

GET
H2 200 adop_sdk_p3.2.1.min.js Show response
adopdmp.adop.cc/ Frame 9DED 19 KB
8 KB 7ms
7ms Script
application/javascript 2600:9000:2156:ee00:18:69f:d880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RD/787308ee-7ead-4a7a-85c9-ed795ccd976b?over-size=auto&over-size-w=null&over-size-h=null&over-zone=%7B%22468x60%22%3A%22b18156ad-ce0f-417a-986c-c5369b0194b3%22%2C%22728x90%22%3A%22787308ee-7ead-4a7a-85c9-ed795ccd976b%22%7D&adop-zone=f269fcc7-40e7-447d-bbd4-ade6f4ee075f&size_width=728&size_height=90&type=rs&loc=&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ee00:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Feb 2021 02:00:27 GMT
content-encoding: gzip
last-modified: Tue, 28 Jan 2020 07:27:14 GMT
server: AmazonS3
age: 6026795
etag: W/"beb7e40d14c2bdc6a039fcdbe887d780"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 632ee301c4920b52f2463aa9e978c57f.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: iolae59YkKXek2ASrLLKeNcPKe4wXF0cS04pUybsbBOdZhaH8PUg8w==

GET
H/1.1 200
OK collect.php Show response
data.adop.cc/ Frame 9DED 2 B
96 B 282ms
281ms Script
text/plain 13.124.92.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://data.adop.cc/collect.php?log=com_imp&dt=20210415200701&aid=03bcb456-9742-4f31-af5b-affbe10aaf13&zid=787308ee-7ead-4a7a-85c9-ed795ccd976b&r=51uJ
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RD/787308ee-7ead-4a7a-85c9-ed795ccd976b?over-size=auto&over-size-w=null&over-size-h=null&over-zone=%7B%22468x60%22%3A%22b18156ad-ce0f-417a-986c-c5369b0194b3%22%2C%22728x90%22%3A%22787308ee-7ead-4a7a-85c9-ed795ccd976b%22%7D&adop-zone=f269fcc7-40e7-447d-bbd4-ade6f4ee075f&size_width=728&size_height=90&type=rs&loc=&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H3-29 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 9DED 62 KB
21 KB 29ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: compass.adop.cc
URL: https://compass.adop.cc/RD/787308ee-7ead-4a7a-85c9-ed795ccd976b?over-size=auto&over-size-w=null&over-size-h=null&over-zone=%7B%22468x60%22%3A%22b18156ad-ce0f-417a-986c-c5369b0194b3%22%2C%22728x90%22%3A%22787308ee-7ead-4a7a-85c9-ed795ccd976b%22%7D&adop-zone=f269fcc7-40e7-447d-bbd4-ade6f4ee075f&size_width=728&size_height=90&type=rs&loc=&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=&

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e20480a6db05edcb97721f4b34f3ab0f7d7ad532dedc10d3da60b2b7a29810b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "844 / 665 of 1000 / last-modified: 1618497091"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21043
x-xss-protection: 0
expires: Thu, 15 Apr 2021 20:07:01 GMT

GET
H/1.1 200
OK collect.php
data.adop.cc/ Frame 38CE 2 B
96 B 284ms
283ms Image
text/plain 13.124.92.103
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwNDE1MjAwNzAxIiwiY3RyeSI6IkRLIiwiYWNpZCI6IkRLLTIxMDQxNTIwMDcwMC0xMGViMDM5N2EwN2U0ZDY3IiwibmV0IjoiQ3JpdGVvX1BNIiwid2d0IjoiMTAwIiwib3JkIjoiMS8zIiwiemlkIjoiNTJmY2U4OGUtMWVhMS00YTBlLWIyOWMtNDQyZDU1MWU1YTQ4IiwidWEiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvODkuMC40Mzg5LjcyIFNhZmFyaS81MzcuMzYiLCJicm93IjoiQ2hyb21lIiwiZGV2IjoiZGVza3RvcCIsIm9zIjoiV2luZG93cyIsImlwIjoiMTk1LjE4MS4xNzMuMjAxIiwiZmxvYyI6Imh0dHBzOi8vd3d3LnRlYW1ibGluZC5jb20vcG9zdC9mdWxsLWV4cGxhbmF0aW9uLW9mLXRoZS1nbWUtcmgtYW5kLWNpdGFkZWwtZGViYWNsZS1xYnN1Ymd6Nz91dG1fc291cmNlPW1peG1heCZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jYW1wYWlnbj10cmVuZGluZyZ1dG1fY29udGVudD13aG8lMjdzaGlyaW5nJnV0bV9jb250ZW50PWV4cGxhaW5hdGlvbmdtZSIsImNkdCI6IjIxMDQxNTIwMDcwMCIsImRpciI6InYiLCJ3IjoiNzI4IiwiaCI6IjkwIiwibGFuZyI6ImVuLXVzIiwic2NyIjoiMTYwMHgxMjAwIiwidnAiOiI3Mjh4OTAiLCJwYXRoIjoiL3Bvc3QvZnVsbC1leHBsYW5hdGlvbi1vZi10aGUtZ21lLXJoLWFuZC1jaXRhZGVsLWRlYmFjbGUtcWJzdWJnejciLCJ0cCI6InJlIiwicmVmIjoiIiwidGl0bGUiOiJGdWxsJTIwZXhwbGFuYXRpb24lMjBvZiUyMHRoZSUyMEdNRSUyQyUyMFJIJTJDJTIwYW5kJTIwQ2l0YWRlbCUyMGRlYmFjbGUlMjAtJTIwQmxpbmQiLCJwbCI6IkxpbnV4IHg4Nl82NCIsIndkIjoiWSIsInBiIjoiTiIsInB0IjoiaHR0cHMiLCJsb2ciOiJiYXNpYyJ9
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 38CE 0
147 B 79ms
26ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?ptv=106&profileId=184&cb=6467936057
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.teamblind.com
date: Thu, 15 Apr 2021 20:07:01 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 adop.js Show response
compass.adop.cc/assets/js/adop/ Frame 88FC 3 KB
2 KB 69ms
69ms Script
application/javascript 99.84.156.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/assets/js/adop/adop.js?v=14
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-54.txl52.r.cloudfront.net
Software: /
Resource Hash: b0bc5e3662f35ed2dc29a0687c30b85ed673275ad4ebcc2e5d6422316db85b50

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:05:53 GMT
content-encoding: gzip
last-modified: Thu, 18 Jun 2020 04:56:42 GMT
age: 95
etag: W/"5eeaf40a-b3e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
cache-control: max-age=600
x-amz-cf-pop: TXL52-C1
content-length: 1564
x-amz-cf-id: berWpiGH8uelt4o6YLlChX-O2uCa5JWC6x4NW1nB0KyW4Pzx5iiFkg==
expires: Thu, 15 Apr 2021 20:15:26 GMT

POST
H2 204 events
bidder.criteo.com/csm/ Frame 38CE 0
147 B 26ms
25ms Ping
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/csm/events
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.teamblind.com
date: Thu, 15 Apr 2021 20:07:01 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame 38CE 43 B
260 B 12ms
12ms Image
image/gif 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/images/pixel.gif?ch=1
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:01 GMT
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
etag: "493ea254-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Sun, 10 Apr 2022 20:07:01 GMT

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame 38CE 43 B
260 B 12ms
12ms Image
image/gif 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/images/pixel.gif?ch=2
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:01 GMT
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
etag: "493ea254-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Sun, 10 Apr 2022 20:07:01 GMT

GET
H2 200 adop_sdk_p3.2.1.min.js Show response
adopdmp.adop.cc/ Frame E090 19 KB
8 KB 23ms
22ms Script
application/javascript 2600:9000:2156:ee00:18:69f:d880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/c43b3ec1-d378-4c3d-8caf-6a6f1edfa27f?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=c43b3ec1-d378-4c3d-8caf-6a6f1edfa27f&type=re&loc=&rnd=bpI&percentage=false&size_width=160&size_height=600&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ee00:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Feb 2021 02:00:27 GMT
content-encoding: gzip
last-modified: Tue, 28 Jan 2020 07:27:14 GMT
server: AmazonS3
age: 6026795
etag: W/"beb7e40d14c2bdc6a039fcdbe887d780"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 632ee301c4920b52f2463aa9e978c57f.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: iCLAHJ5mny4SxIHPuXMzXAc3Ty4biZnVeuWUwEsHbc1B3iLzNu9pXA==

GET
H/1.1 200
OK collect.php Show response
data.adop.cc/ Frame E090 2 B
96 B 294ms
293ms Script
text/plain 13.124.92.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://data.adop.cc/collect.php?log=com_imp&dt=20210415200701&aid=f17aeacb-ed38-4703-a626-bb1d77131a00&zid=c43b3ec1-d378-4c3d-8caf-6a6f1edfa27f&r=ECZh
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RE/c43b3ec1-d378-4c3d-8caf-6a6f1edfa27f?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=c43b3ec1-d378-4c3d-8caf-6a6f1edfa27f&type=re&loc=&rnd=bpI&percentage=false&size_width=160&size_height=600&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H3-29 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame E090 63 KB
21 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: compass.adop.cc
URL: https://compass.adop.cc/RE/c43b3ec1-d378-4c3d-8caf-6a6f1edfa27f?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=c43b3ec1-d378-4c3d-8caf-6a6f1edfa27f&type=re&loc=&rnd=bpI&percentage=false&size_width=160&size_height=600&

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

17519c326c34a1ba56b0e73c316b333974ab59bb64c50308ca61b0c938e42854

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "844 / 509 of 1000 / last-modified: 1618497146"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21116
x-xss-protection: 0
expires: Thu, 15 Apr 2021 20:07:01 GMT

GET
H2 200 47dd25ee-f82d-4382-984e-e860109a0124 Show response
compass.adop.cc/RD/ Frame BE42 3 KB
3 KB 299ms
299ms Document
text/html 99.84.156.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://compass.adop.cc/RD/47dd25ee-f82d-4382-984e-e860109a0124?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=47dd25ee-f82d-4382-984e-e860109a0124&type=js&loc=&size_width=728&size_height=90&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=&
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-54.txl52.r.cloudfront.net
Software: /
Resource Hash: a6fe0e318101ee9a296bf6e6b7e001f7dfeea246192bdf1a308507ca26304ff8

Request headers

:method: GET
:authority: compass.adop.cc
:scheme: https
:path: /RD/47dd25ee-f82d-4382-984e-e860109a0124?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=47dd25ee-f82d-4382-984e-e860109a0124&type=js&loc=&size_width=728&size_height=90&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=&
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: ADOP_CID=DK-210415200700-10eb0397a07e4d67
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
content-length: 2123
content-encoding: gzip
date: Thu, 15 Apr 2021 20:07:02 GMT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
set-cookie: ADOP_CID=DK-210415200700-10eb0397a07e4d67; expires=Wed, 14-Jul-2021 20:07:02 GMT; Max-Age=7776000; path=/; samesite=none; domain=.adop.cc; secure; httponly
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL52-C1
x-amz-cf-id: qfgtec_oKG4BxaeJUDAXMR8puTVjHmDW3B07yA7mwAKQotIuyP10Sg==

GET
H/1.1 200
OK collect.php
data.adop.cc/ Frame 9DED 2 B
96 B 282ms
281ms Image
text/plain 13.124.92.103
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwNDE1MjAwNzAxIiwiY3RyeSI6IkRLIiwiYWNpZCI6IkRLLTIxMDQxNTIwMDcwMC0xMGViMDM5N2EwN2U0ZDY3IiwibmV0IjoiR29vZ2xlIEFkIE1hbmFnZXIiLCJ3Z3QiOiIxMDAiLCJvcmQiOiIxLzQiLCJ6aWQiOiI3ODczMDhlZS03ZWFkLTRhN2EtODVjOS1lZDc5NWNjZDk3NmIiLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImJyb3ciOiJDaHJvbWUiLCJkZXYiOiJkZXNrdG9wIiwib3MiOiJXaW5kb3dzIiwiaXAiOiIxOTUuMTgxLjE3My4yMDEiLCJmbG9jIjoiaHR0cHM6Ly8iLCJjZHQiOiIyMTA0MTUyMDA3MDAiLCJkaXIiOiJ2IiwidyI6IjcyOCIsImgiOiI5MCIsImxhbmciOiJlbi11cyIsInNjciI6IjE2MDB4MTIwMCIsInZwIjoiNzI4eDkwIiwicGF0aCI6Ii9SRC83ODczMDhlZS03ZWFkLTRhN2EtODVjOS1lZDc5NWNjZDk3NmIiLCJ0cCI6InJzIiwicmVmIjoiIiwidGl0bGUiOiJGdWxsJTIwZXhwbGFuYXRpb24lMjBvZiUyMHRoZSUyMEdNRSUyQyUyMFJIJTJDJTIwYW5kJTIwQ2l0YWRlbCUyMGRlYmFjbGUlMjAtJTIwQmxpbmQiLCJwbCI6IkxpbnV4IHg4Nl82NCIsIndkIjoiWSIsInBiIjoiTiIsInB0IjoiaHR0cHMiLCJsb2ciOiJiYXNpYyJ9
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RD/787308ee-7ead-4a7a-85c9-ed795ccd976b?over-size=auto&over-size-w=null&over-size-h=null&over-zone=%7B%22468x60%22%3A%22b18156ad-ce0f-417a-986c-c5369b0194b3%22%2C%22728x90%22%3A%22787308ee-7ead-4a7a-85c9-ed795ccd976b%22%7D&adop-zone=f269fcc7-40e7-447d-bbd4-ade6f4ee075f&size_width=728&size_height=90&type=rs&loc=&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H2 200 pubads_impl_2021041201.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 9DED 294 KB
104 KB 106ms
39ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041201.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

f9b0195ab22815c68db0b05e89abfc88fcb0b46b8b9a28d70ca731f17e07053e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 12 Apr 2021 08:37:08 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 106031
x-xss-protection: 0
expires: Thu, 15 Apr 2021 20:07:02 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ Frame 9DED 107 B
122 B 22ms
22ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=compass.adop.cc

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041201.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 15 Apr 2021 20:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 9DED 107 B
122 B 24ms
22ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=compass.adop.cc

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041201.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 15 Apr 2021 20:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 9DED 18 KB
10 KB 422ms
388ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2238024774400320&correlator=3636118766725750&output=ldjh&impl=fifs&eid=31060787%2C31060790%2C44734941%2C31060321%2C31060830&vrg=2021041201&ptt=17&sc=1&sfv=1-0-38&ecs=20210415&iu_parts=5932629%2Cca-pub-1474238860523410-tag%2Cteamblind_us_bottom_728x90-200305&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&eri=4&cdm=compass.adop.cc&bc=31&abxe=1&dt=1618517222211&dlt=1618517221730&idt=458&ea=0&frm=8&biw=-12245933&bih=-12245933&isw=728&ish=90&oid=3&adxs=0&adys=0&adks=2979578203&ucis=817nkawnq74h&ifi=1&ifk=2783379717&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=2&url=www.teamblind.com&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F787308ee-7ead-4a7a-85c9-ed795ccd976b%3Fover-size%3Dauto%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3D%257B%2522468x60%2522%253A%2522b18156ad-ce0f-417a-986c-c5369b0194b3%2522%252C%2522728x90%2522%253A%2522787308ee-7ead-4a7a-85c9-ed795ccd976b%2522%257D%26adop-zone%3Df269fcc7-40e7-447d-bbd4-ade6f4ee075f%26size_width%3D728%26size_height%3D90%26type%3Drs%26loc%3D%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=www.teamblind.com&vis=1&dmc=8&scr_x=-12245933&scr_y=-12245933&psz=728x90&msz=728x90&ga_vid=1606479776.1618517222&ga_sid=1618517222&ga_hid=1073063807&ga_fc=false&fws=256&ohw=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041201.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

4469534a5394e88a1adb26a265f582d8232e3ded722c333048e5ab22554c0495

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9957
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://compass.adop.cc
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9DED 0
0 28ms
14ms Other
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041201.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-38/html/ Frame 9DED 0
0 7ms
6ms Other
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041201.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1 200
OK collect.php
data.adop.cc/ Frame E090 2 B
96 B 294ms
294ms Image
text/plain 13.124.92.103
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwNDE1MjAwNzAxIiwiY3RyeSI6IkRLIiwiYWNpZCI6IkRLLTIxMDQxNTIwMDcwMC0xMGViMDM5N2EwN2U0ZDY3IiwibmV0IjoiR29vZ2xlIEFkIE1hbmFnZXIiLCJ3Z3QiOiIxMDAiLCJvcmQiOiIxLzQiLCJ6aWQiOiJjNDNiM2VjMS1kMzc4LTRjM2QtOGNhZi02YTZmMWVkZmEyN2YiLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImJyb3ciOiJDaHJvbWUiLCJkZXYiOiJkZXNrdG9wIiwib3MiOiJXaW5kb3dzIiwiaXAiOiIxOTUuMTgxLjE3My4yMDEiLCJmbG9jIjoiaHR0cHM6Ly93d3cudGVhbWJsaW5kLmNvbS9wb3N0L2Z1bGwtZXhwbGFuYXRpb24tb2YtdGhlLWdtZS1yaC1hbmQtY2l0YWRlbC1kZWJhY2xlLXFic3ViZ3o3P3V0bV9zb3VyY2U9bWl4bWF4JnV0bV9tZWRpdW09ZW1haWwmdXRtX2NhbXBhaWduPXRyZW5kaW5nJnV0bV9jb250ZW50PXdobyUyN3NoaXJpbmcmdXRtX2NvbnRlbnQ9ZXhwbGFpbmF0aW9uZ21lIiwiY2R0IjoiMjEwNDE1MjAwNzAwIiwiZGlyIjoidiIsInciOiIxNjAiLCJoIjoiNjAwIiwibGFuZyI6ImVuLXVzIiwic2NyIjoiMTYwMHgxMjAwIiwidnAiOiIxNjB4NjAwIiwicGF0aCI6Ii9wb3N0L2Z1bGwtZXhwbGFuYXRpb24tb2YtdGhlLWdtZS1yaC1hbmQtY2l0YWRlbC1kZWJhY2xlLXFic3ViZ3o3IiwidHAiOiJyZSIsInJlZiI6IiIsInRpdGxlIjoiRnVsbCUyMGV4cGxhbmF0aW9uJTIwb2YlMjB0aGUlMjBHTUUlMkMlMjBSSCUyQyUyMGFuZCUyMENpdGFkZWwlMjBkZWJhY2xlJTIwLSUyMEJsaW5kIiwicGwiOiJMaW51eCB4ODZfNjQiLCJ3ZCI6IlkiLCJwYiI6Ik4iLCJwdCI6Imh0dHBzIiwibG9nIjoiYmFzaWMifQ%3D%3D
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H3-29 200 pubads_impl_2021041501.js Show response
securepubads.g.doubleclick.net/gpt/ Frame E090 299 KB
105 KB 59ms
40ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

21684099693050fe6fecb937bb35c94dac2dc990158ed38a53d44ae28fd9c6e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 15 Apr 2021 08:41:55 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 107555
x-xss-protection: 0
expires: Thu, 15 Apr 2021 20:07:02 GMT

GET
H2 200 adop_sdk_p3.2.1.min.js Show response
adopdmp.adop.cc/ Frame BE42 19 KB
8 KB 73ms
73ms Script
application/javascript 2600:9000:2156:ee00:18:69f:d880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adopdmp.adop.cc/adop_sdk_p3.2.1.min.js
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RD/47dd25ee-f82d-4382-984e-e860109a0124?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=47dd25ee-f82d-4382-984e-e860109a0124&type=js&loc=&size_width=728&size_height=90&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ee00:18:69f:d880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Feb 2021 02:00:27 GMT
content-encoding: gzip
last-modified: Tue, 28 Jan 2020 07:27:14 GMT
server: AmazonS3
age: 6026796
etag: W/"beb7e40d14c2bdc6a039fcdbe887d780"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 632ee301c4920b52f2463aa9e978c57f.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: YVYnu2bFQ368HlvPRMeRNTl8KOuxXBTyQG4IMIEv2B5JdlbsWUqg-Q==

GET
H/1.1 200
OK collect.php Show response
data.adop.cc/ Frame BE42 2 B
96 B 284ms
283ms Script
text/plain 13.124.92.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://data.adop.cc/collect.php?log=com_imp&dt=20210415200702&aid=2cbfc966-83a4-49c3-9274-4803a674a49f&zid=47dd25ee-f82d-4382-984e-e860109a0124&r=JjLl
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RD/47dd25ee-f82d-4382-984e-e860109a0124?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=47dd25ee-f82d-4382-984e-e860109a0124&type=js&loc=&size_width=728&size_height=90&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H3-29 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame BE42 62 KB
21 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: compass.adop.cc
URL: https://compass.adop.cc/RD/47dd25ee-f82d-4382-984e-e860109a0124?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=47dd25ee-f82d-4382-984e-e860109a0124&type=js&loc=&size_width=728&size_height=90&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=&

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e20480a6db05edcb97721f4b34f3ab0f7d7ad532dedc10d3da60b2b7a29810b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "844 / 845 of 1000 / last-modified: 1618497091"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21043
x-xss-protection: 0
expires: Thu, 15 Apr 2021 20:07:02 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ Frame E090 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.teamblind.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 15 Apr 2021 20:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame E090 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.teamblind.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 15 Apr 2021 20:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame E090 15 KB
8 KB 509ms
509ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4391575267278069&correlator=71840764800627&output=ldjh&impl=fifs&eid=31060310%2C31060784%2C31060789%2C31060836%2C31060830&vrg=2021041501&ptt=17&sc=1&sfv=1-0-38&ecs=20210415&iu_parts=5932629%2Cca-pub-1474238860523410-tag%2Cteamblind_us_w_rt_160x600&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=160x600&eri=4&cookie=ID%3D39e8417a4bdbbc56-229a1bc68da70066%3AT%3D1618517219%3ART%3D1618517219%3AS%3DALNI_MYYZaME-7InMtKaQ4YHkZPe_wS2Pg&cdm=www.teamblind.com&bc=31&abxe=1&dt=1618517222378&dlt=1618517221607&idt=750&ea=0&frm=23&biw=1600&bih=1200&isw=160&ish=600&oid=3&adxs=1113&adys=779&adks=681645340&ucis=gke3opv6auv2&ifi=1&ifk=251478172&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=2&url=www.teamblind.com&loc=https%3A%2F%2Fwww.teamblind.com%2Fpost%2Ffull-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7%3Futm_source%3Dmixmax%26utm_medium%3Demail%26utm_campaign%3Dtrending%26utm_content%3Dwho%2527shiring%26utm_content%3Dexplainationgme&top=www.teamblind.com&vis=1&dmc=8&scr_x=0&scr_y=0&psz=160x600&msz=160x600&ga_vid=1620706719.1618517219&ga_sid=1618517222&ga_hid=1164393670&ga_fc=true&fws=256&ohw=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

5ae680e450aefa4591c209425757cbad14cc0a6f961dc6ac733499d9bd8bda63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8616
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.teamblind.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E090 0
0 29ms
13ms Other
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 container.html
tpc.googlesyndication.com/safeframe/1-0-38/html/ Frame E090 0
0 17ms
14ms Other
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1 200
OK collect.php
data.adop.cc/ Frame BE42 2 B
96 B 284ms
283ms Image
text/plain 13.124.92.103
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adop.cc/collect.php?data=eyJkdCI6IjIwMjEwNDE1MjAwNzAyIiwiY3RyeSI6IkRLIiwiYWNpZCI6IkRLLTIxMDQxNTIwMDcwMC0xMGViMDM5N2EwN2U0ZDY3IiwibmV0IjoiR29vZ2xlIEFkIE1hbmFnZXIiLCJ3Z3QiOiIxMDAiLCJvcmQiOiIyMjIyLzc3ODIiLCJ6aWQiOiI0N2RkMjVlZS1mODJkLTQzODItOTg0ZS1lODYwMTA5YTAxMjQiLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImJyb3ciOiJDaHJvbWUiLCJkZXYiOiJkZXNrdG9wIiwib3MiOiJXaW5kb3dzIiwiaXAiOiIxOTUuMTgxLjE3My4yMDEiLCJmbG9jIjoiaHR0cHM6Ly8iLCJjZHQiOiIyMTA0MTUyMDA3MDAiLCJ3ZCI6IlkiLCJwYiI6Ik4iLCJwdCI6Imh0dHBzIiwibG9nIjoiYmFzaWMifQ%3D%3D
Requested by: Host: compass.adop.cc
URL: https://compass.adop.cc/RD/47dd25ee-f82d-4382-984e-e860109a0124?over-size=null&over-size-w=null&over-size-h=null&over-zone=null&adop-zone=47dd25ee-f82d-4382-984e-e860109a0124&type=js&loc=&size_width=728&size_height=90&title=Full%2520explanation%2520of%2520the%2520GME%252C%2520RH%252C%2520and%2520Citadel%2520debacle%2520-%2520Blind&ref=&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.124.92.103 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-124-92-103.ap-northeast-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 2

GET
H3-29 200 pubads_impl_2021041201.js Show response
securepubads.g.doubleclick.net/gpt/ Frame BE42 294 KB
104 KB 41ms
41ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041201.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

f9b0195ab22815c68db0b05e89abfc88fcb0b46b8b9a28d70ca731f17e07053e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 12 Apr 2021 08:37:08 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 106031
x-xss-protection: 0
expires: Thu, 15 Apr 2021 20:07:02 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ Frame BE42 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=compass.adop.cc

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041201.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 15 Apr 2021 20:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame BE42 107 B
122 B 15ms
14ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=compass.adop.cc

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041201.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 15 Apr 2021 20:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame BE42 17 KB
9 KB 465ms
464ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3496050741071302&correlator=2341759610685812&output=ldjh&impl=fifs&eid=31060788%2C31060494%2C31060830&vrg=2021041201&ptt=17&sc=1&sfv=1-0-38&ecs=20210415&iu_parts=5932629%2Cca-pub-1474238860523410-tag%2Cteamblind_us_middle_728x90&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&eri=4&cdm=compass.adop.cc&bc=31&abxe=1&dt=1618517222622&dlt=1618517222240&idt=375&ea=0&frm=8&biw=-12245933&bih=-12245933&isw=728&ish=90&oid=3&adxs=0&adys=0&adks=2498704743&ucis=qjathn8dv1h6&ifi=1&ifk=1838538519&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=4&url=www.teamblind.com&loc=https%3A%2F%2Fcompass.adop.cc%2FRD%2F47dd25ee-f82d-4382-984e-e860109a0124%3Fover-size%3Dnull%26over-size-w%3Dnull%26over-size-h%3Dnull%26over-zone%3Dnull%26adop-zone%3D47dd25ee-f82d-4382-984e-e860109a0124%26type%3Djs%26loc%3D%26size_width%3D728%26size_height%3D90%26title%3DFull%252520explanation%252520of%252520the%252520GME%25252C%252520RH%25252C%252520and%252520Citadel%252520debacle%252520-%252520Blind%26ref%3D%26&top=www.teamblind.com&vis=1&dmc=8&scr_x=-12245933&scr_y=-12245933&psz=728x90&msz=728x0&ga_vid=2023219390.1618517223&ga_sid=1618517223&ga_hid=1200958444&ga_fc=false&fws=256&ohw=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041201.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

03f3a4042cc05c83eb411986cd1ec89b0d3e7812e96bf6fe6fcf61efe12bf8db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9572
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://compass.adop.cc
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame BE42 0
0 28ms
13ms Other
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041201.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 container.html
tpc.googlesyndication.com/safeframe/1-0-38/html/ Frame BE42 0
0 6ms
6ms Other
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041201.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 container.html Show response
dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6100 6 KB
3 KB 21ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041201.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://compass.adop.cc/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://compass.adop.cc/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Thu, 15 Apr 2021 20:07:02 GMT
expires: Fri, 15 Apr 2022 20:07:02 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9DED 73 KB
28 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041201.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74e1cf077493c33fe895c7ce5732cda76b195e2d357d928f094bc3367cc7a75f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1618423639646658"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28266
x-xss-protection: 0
expires: Thu, 15 Apr 2021 20:07:02 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 9DED 8 KB
6 KB 28ms
25ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021041201&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041201.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

672f87491a9cfd714220241474c8dfe02480890e07ca9a59e98aabe9f9e5325e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 15 Apr 2021 20:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6590
x-xss-protection: 0

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 9DED 17 KB
6 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041201.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Thu, 15 Apr 2021 20:07:02 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F29A 624 B
297 B 17ms
17ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COXQcRCUpr-RAhjA9aigATAB&v=APEucNWENkHyt49a-P-rDHRMEShNpVeBjhSfxqhF8km6K9qtxqWDNVOT0XlQYl9UXStzLk8PjrSwCYKTdMAdrrooDtIKxb2p2_ZiDWw7A_lksGLstLQ_zDY10HVNkdVBO8tIPnFrZcPL5ns2Ultab7tg7DnHTRoIl6Ll1A69ntv7ILx6nkMofd0Pg9jlib5g-p2Wb-DgDUYopx307e4izMTt17PgK32WcQ

Requested by

Host: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=COXQcRCUpr-RAhjA9aigATAB&v=APEucNWENkHyt49a-P-rDHRMEShNpVeBjhSfxqhF8km6K9qtxqWDNVOT0XlQYl9UXStzLk8PjrSwCYKTdMAdrrooDtIKxb2p2_ZiDWw7A_lksGLstLQ_zDY10HVNkdVBO8tIPnFrZcPL5ns2Ultab7tg7DnHTRoIl6Ll1A69ntv7ILx6nkMofd0Pg9jlib5g-p2Wb-DgDUYopx307e4izMTt17PgK32WcQ
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlRqbJX0ftsayQTeTwKQBAcNlYPy3Kdvkvy0QRKuZnfez1rAtu_HBarlzJirNI
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 15 Apr 2021 20:07:02 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6100 28 KB
14 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BpXIVWQwKJO7fItpjvV0OlLPWIoTU9OycajFnbt8jA85-UyRB3SDgOrent4Skj3VDBLgS-LZix3D9bT3idviePptPy9cgR9KNrT6Panp2-uPpUpS4Gw9eZ3h1NdP_G3GpsvS2gWA0AtUyzL9LF_SDNPme-wA&dbm_d=AKAmf-AKv-ovVYdwxrCZWLEcIxn5jfG8vZuQUVHYCQV4Hj5phXTKCwVroQpCBhl3H0vkq4RYw8eFJRXWJGH89qPb72pRTZuzXvq5Pys6xa2n52BN3Z5QkpujGpdKrQK8xMivjoLI1e0wXuYdVZpCqVP9GsC1xu5Piso4ZHXiAOtd9bir63u4Oi5BvLm3sCMoeMker6UVztdx27PoaKAqoyGh15iyidt2WNmH6dGIuWD_kd5-E7SuNROMJvFk7jYnf8ha2AAMQ1EyPjAW4nElTHiH-tNySrYF3wpYw7IkwuxOfCiHnyMHrkry_JH1END6QKfHR6bgfTSEdRi-QeSzX0pyvef8ONv_E_BOYhN7duJCeE8RzWaVff1Sx_FcsKsccBT6si_UD8nYg0-0YqEKxli3vZsK6zyslg9Vc1nNp-_-FTRi8Pid0IpO64g7Wq5DcdhLveDed4L_PYf8Ah1l770ujyXSQ22htqalhOCXlSeUFp9Te0FUv3LrxQX3tfTfjFQoJVL07aW_m7Xo-FtVgY712INGo42YH8iNJLCNrUPBv_qA07QzWhGq2DLwXOFiSaLzqHk50V17wMEHdaDRuIvsXf5inunxdoOg5bie8UoPYkbHoq7NF5VmlSzWCCTc-KXFUtqeH0AmYPcIKAZbkDz1gl69IuihOwIwa4qxvNl5tIejYeqlxn7b6y6agadkTb7Cb36jWYDETtQpcrZ2SsZZOnlDI0sjnZpF8Lkc0p4tEfKyewoxncOLUWnmnbqCPWJYpxfs_Ya9Qz44nFsa4VR_bGOv16B6FCbgBJRRsO6LNI_pFNKSptcPYT39zbCyq22nwdz5KebOwTOtJAGX_Kh8LLLjPgpNZz6-GAuwVYn3x7W-pdU-K6bJ3QpWJZ4XuXgIiLnMEUrCoO81eEbwG2uw4WaV7DElmWyt4fAXinS8G-nYGGZC8YG42cE-QyrhbwJAt0qrj_uq9ujyN6fXddW_V0zdhB-1y7xabh2DNpJ0Xa5JPXjya4jShN5rE8ghoNzXhskzEr3qysIz_F6D2jNfFUwICnWfDZrbVGoTVAn5kboDMAaBho8yUjindl_qqIbuYKTpqq7z9lmCww8M0K1HeEpLQrVh41DHAX0pt4h86oLPsZ5q5oR0byt1Cj2umyX2OOlnDBXoK_7CfmQJXZ3sUk5ukOQjPpm1tMFEEUZIciCRfnv2n_HlHZ_zn_uKr9Z12mc-4wVJaea8-lb6eOTk0nAa877paAzLdlDX2PxXERLfetlyxoKwp69O-Oo3LtB4z9plWPW3DGRaTdOhM07rD9STLVTk-Dd1_vxmXdofWY_F-q0CxaB11JYfKUHvNvbacyzc5J-_C_s-WZ_fcLeX1ctREy9CeypvrrjzNSu68uYl_rnYckssTW16sQZR610Jr7a4ntrO8SgdC_SD-XlOYbS0YQhRNXXG-n3o8Y-8cAhUhDTNfT49xyT5U7tpIsl-XqLL1bYF6Dh8DQ2cQr7BAZZvI3Z3I4Dr_4NqzTZKaJ5mqIXi2yI37lXDhUBm5z8RWfdMcHEItPXxzP9AkJU0AXLobRjA33FrUZ72nFPqkZkf5TAiKbkq_fv0PHHacrd7zkw65G4GNUWKPA9W-m7p52Q-0v9BGR5ihX7satV4tpJUOdyaw2Ky8bUJyRfNY5bivdWumqtoCC36sZNtTQDbHN1x8lrgaT0YiWSZJU6bwTd0QhY8nuR5Jjy_dDGM2V-NAQnrwtJStpHuQhMQej__xKSEwj4jvwIVfUAbtdWG9FOh8A9eaKfKO90ER5uv3tKZ7haCcHDnewH8ewA3fdvvNuZoQtp5RTHzxWC3c2ANnr1eVMf3wjSt7-SnFptsRfj3nv_kLIqXrQVZwkFAjPIF_WZvea9rUuBlomLeVoTuzaGPTNZg3BdAgzTc_d9Ii9V_GC3rsAYzKz7qIdBtqIC80R-FtEWPqV9BK0s-hcz5hAabp450OmWY1OZHK172JSc6mxKwOITO-UpZT5zoisV1I2Nqp5Q---zwtlrdm4MC8NTgdInMSr8iVsswk1z37zSAgzeSds4j4KmmguG9rXk2YPL-Rn5jMOaQ2w-GlzZCQtHHC4n25x6JcDsg_Tcfij-5iHb_IuoGdW5YYWL72X7dzm_9G9BvsSQGQ9yxZ7xF6FidREWERjTNjUAUmIrvMt7WkokPnG2RWRT0qN_DghLMe7M1K8t-cDZXov-7R36ULT1fHbqs6cCqM8qsxZkIbBcxHvM7MHVwIHhhto60c-joDORafdkIIYLdGeAIyaeMoYlbAMn0qnb9BQAn7v_fuIL6M8e9dV5mlDZcxU7ZhmV2T8_nhoabF2yFEDmo1ckSvB-4LDqCzcrL5NX1gGNGTepKkqf8L4RskDCaXXjFkZkIy8hoXmyexN6wiQMAJiCino4KIrL_pLlvkZgBqdE3VW_VHO2ygujD_JHSjqFnJ-HZcUhZPHcrMNhHeDCKKyvcrz-jNx2h7SpZssDWSeExE2I9NANYjuA_ui0xSUE_nmBTRLBa4FO_z28OGgrwPKIcoEGKLRFP14572HoIHR8eEJL4Fot0-ySAdB08d6qnqJmVTXX3pBTpdgSWYy1ubUutf8bhnOOuvpmgLlBNMsR5ePXVU9FuO7j2lZWGDS4jHtCHUMxt5QIJ439KraG-HhOtrB1Hw-HSJRzdua5B5g24OQoYMZCUFfl9HdWg-6W5I7_SvkSMHX3fbo_m2R07qtpBQ_q9jSS3X6Mz9Lu_NffL9XSQA32FXp9rLUGrEmR7EzIuTzriqdhwCnhfwOjWpgYOepHcUHw-9jwKN6JAub4IQO6vX28vfAAhKjgSa2TRXJXOx-0OIpJrfekMpSlYw1ySW16S0ePlhSXrRwn2b7gBctPme8EK1jj5_KR3PaZWXJSSi6u8_pLWHji81ejL61KoktWviYOAstBWg0MDEDycYRw1HvMxfk-StqN5K44GffJSjQ_28Lo3LtB0rWYuM3TgKBTi5dLwdASwHiX18fL3qjROoOZYvg2pGZqnRJUgJYiAmTZrV4R5aB9BcfmOvJssV9PZJTx6Ya9ZcsS54cyDl8lDbK_-vg3pCKo4FrAEsd0D7XhjXcHJhA&cid=CAASEuRoaZlqABKo0b86CD7KxMBN9g&rfl=3%2Chttps%253A%252F%252Fwww.teamblind.com%242%2C%2Chttps%253A%252F%252Fcompass.adop.cc%252F%240

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

443e77a7b3caebac5126bac4ef0f4d3ba96a0569a1b2ceac6aa91be6237aad47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13908
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6100 42 B
63 B 39ms
38ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CcXAQQf96obE2bHk4Hei07ns_93sqYm-XtjgNivsCgNqFEW5nIrcE5Euq6gY10cIk3gCwhP6Z8JhKNmF6zpPwOtxTwzevHCVyzbupzCwiI3pFd-44

Requested by

Host: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ Frame 6100 2 KB
2 KB 31ms
9ms Script
application/javascript 2a02:26f0:10c:59c::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=14526021&cmp=145089&plc=vtnwou&sid=45f3d18e47f96c&DVP_PROG_REP=1&prr=1&DVP_DV_TT=1&DVP_DV_CT=1&DVP_PP_ID=3&DVP_PP_IMP_ID=ABAjH0ga-US-5y6asDGqgdWotc-C&DVP_DBM_1=1861733&DVP_DBM_2=18808749&DVP_DBM_3=47988502&DVP_DBM_4=336214720&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=258279364216&turl=www.teamblind.com/&DVP_PP_BUNDLE_ID=&dvregion=2&unit=728x90
Requested by: Host: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:59c::4469 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 8d6487dc2599772b6ccb8ed3c214aefeddf16e73d868abb94f2223c133af06d0

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 20:07:02 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Apr 2021 11:40:05 GMT
Server: Microsoft-IIS/10.0
ETag: "eb910ea2231d71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 1338

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame 6100 7 KB
3 KB 31ms
9ms Script
application/javascript 2a02:26f0:10c:59c::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_DV_CT=1&DVP_PP_ID=3&DVPX_PP_IMP_ID=ABAjH0ga-US-5y6asDGqgdWotc-C&DVP_DBM_1=1861733&DVP_DBM_2=18808749&DVP_DBM_3=47988502&DVP_DBM_4=336214720&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=258279364216&turl=www.teamblind.com/&DVP_PP_BUNDLE_ID=
Requested by: Host: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:59c::4469 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 554bc1440e7f58e518aae4facf8b6d5f34af6695c3a8d03c12003d1eb973989b

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 20:07:02 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Apr 2021 07:21:30 GMT
Server: Microsoft-IIS/10.0
ETag: "0f96cafe30d71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3005

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/ Frame 6100 2 KB
1 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/window_focus_fy2019.js

Requested by

Host: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:06:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 20:06:41 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6100 118 KB
36 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce2216da03d856edb71b34855ce2c67476f6053791b3e85da74477d9a37360a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1618423651533291"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36717
x-xss-protection: 0
expires: Thu, 15 Apr 2021 20:07:02 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/ Frame 6100 13 KB
5 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

231064110361844d6320331a5c35979c2a492a546604d97181eb6cf7aa4ae1cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:06:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5602
x-xss-protection: 0
server: cafe
etag: 7525161794280374107
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 20:06:47 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 6100 0
0 15ms
14ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ5ZKI-vmNDBysBW221b5iKYO-48wS_EwobcL3cfIMn8boJnP9FWJIHa3CgQkuO_vkX3XVsuxxcFwzqOb5oMolo1yJKfw
Requested by: Host: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame CAF7 12 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://compass.adop.cc/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://compass.adop.cc/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Thu, 15 Apr 2021 20:06:30 GMT
expires: Fri, 15 Apr 2022 20:06:30 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 32
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F29A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELtmbL4PHcWZrgzLBUdPP1s&google_cver=1

43 B
1014 B

63ms
26ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELtmbL4PHcWZrgzLBUdPP1s&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COXQcRCUpr-RAhjA9aigATAB&v=APEucNWENkHyt49a-P-rDHRMEShNpVeBjhSfxqhF8km6K9qtxqWDNVOT0XlQYl9UXStzLk8PjrSwCYKTdMAdrrooDtIKxb2p2_ZiDWw7A_lksGLstLQ_zDY10HVNkdVBO8tIPnFrZcPL5ns2Ultab7tg7DnHTRoIl6Ll1A69ntv7ILx6nkMofd0Pg9jlib5g-p2Wb-DgDUYopx307e4izMTt17PgK32WcQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:02 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 15 Apr 2021 20:07:02 GMT

Redirect headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:02 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELtmbL4PHcWZrgzLBUdPP1s&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F29A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YHic5ijBKizM4SkU48VleQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELtmbL4PHcWZrgzLBUdPP1s&google_cver=1

43 B
894 B

26ms
26ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELtmbL4PHcWZrgzLBUdPP1s&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COXQcRCUpr-RAhjA9aigATAB&v=APEucNWENkHyt49a-P-rDHRMEShNpVeBjhSfxqhF8km6K9qtxqWDNVOT0XlQYl9UXStzLk8PjrSwCYKTdMAdrrooDtIKxb2p2_ZiDWw7A_lksGLstLQ_zDY10HVNkdVBO8tIPnFrZcPL5ns2Ultab7tg7DnHTRoIl6Ll1A69ntv7ILx6nkMofd0Pg9jlib5g-p2Wb-DgDUYopx307e4izMTt17PgK32WcQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:02 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 15 Apr 2021 20:07:02 GMT

Redirect headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:02 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELtmbL4PHcWZrgzLBUdPP1s&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame F29A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOaqqDEUzQu46RuODLL_u9k&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEOaqqDEUzQu46RuODLL_u9k%26google_cver%3D1

43 B
1 KB

25ms
25ms

Image
image/gif

37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEOaqqDEUzQu46RuODLL_u9k%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COXQcRCUpr-RAhjA9aigATAB&v=APEucNWENkHyt49a-P-rDHRMEShNpVeBjhSfxqhF8km6K9qtxqWDNVOT0XlQYl9UXStzLk8PjrSwCYKTdMAdrrooDtIKxb2p2_ZiDWw7A_lksGLstLQ_zDY10HVNkdVBO8tIPnFrZcPL5ns2Ultab7tg7DnHTRoIl6Ll1A69ntv7ILx6nkMofd0Pg9jlib5g-p2Wb-DgDUYopx307e4izMTt17PgK32WcQ

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:02 GMT
X-Proxy-Origin: 195.181.173.201; 195.181.173.201; 536.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.49:80
AN-X-Request-Uuid: f2aeea2c-fecf-4f6d-be86-518fb23d2d8a
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:02 GMT
X-Proxy-Origin: 195.181.173.201; 195.181.173.201; 536.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.144:80
AN-X-Request-Uuid: 77e22df5-8f44-4ff9-894e-b5c23c6c4d9f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEOaqqDEUzQu46RuODLL_u9k%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame F29A
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzYxNjU3ODg4OTIzMzE4NzIwMQ%3D%3D

170 B
188 B

39ms
39ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzYxNjU3ODg4OTIzMzE4NzIwMQ%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:02 GMT
X-Proxy-Origin: 195.181.173.201; 195.181.173.201; 536.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.232:80
AN-X-Request-Uuid: 99195194-9f8e-4c06-969b-46568e16d5ab
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzYxNjU3ODg4OTIzMzE4NzIwMQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 Qx3Q47ufVIXthwLbxHTZsoggz9VdVncx7lDJETLQzH4.js Show response
pagead2.googlesyndication.com/bg/ Frame CAF7 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Qx3Q47ufVIXthwLbxHTZsoggz9VdVncx7lDJETLQzH4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

431dd0e3bb9f5485ed8702dbc474d9b28820cfd55d567731ee50c91132d0cc7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 14:08:14 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Tue, 30 Mar 2021 13:08:00 GMT
server: sffe
age: 21528
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5721
x-xss-protection: 0
expires: Fri, 15 Apr 2022 14:08:14 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210413/r20110914/ Frame 6100 21 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210413/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BpXIVWQwKJO7fItpjvV0OlLPWIoTU9OycajFnbt8jA85-UyRB3SDgOrent4Skj3VDBLgS-LZix3D9bT3idviePptPy9cgR9KNrT6Panp2-uPpUpS4Gw9eZ3h1NdP_G3GpsvS2gWA0AtUyzL9LF_SDNPme-wA&dbm_d=AKAmf-AKv-ovVYdwxrCZWLEcIxn5jfG8vZuQUVHYCQV4Hj5phXTKCwVroQpCBhl3H0vkq4RYw8eFJRXWJGH89qPb72pRTZuzXvq5Pys6xa2n52BN3Z5QkpujGpdKrQK8xMivjoLI1e0wXuYdVZpCqVP9GsC1xu5Piso4ZHXiAOtd9bir63u4Oi5BvLm3sCMoeMker6UVztdx27PoaKAqoyGh15iyidt2WNmH6dGIuWD_kd5-E7SuNROMJvFk7jYnf8ha2AAMQ1EyPjAW4nElTHiH-tNySrYF3wpYw7IkwuxOfCiHnyMHrkry_JH1END6QKfHR6bgfTSEdRi-QeSzX0pyvef8ONv_E_BOYhN7duJCeE8RzWaVff1Sx_FcsKsccBT6si_UD8nYg0-0YqEKxli3vZsK6zyslg9Vc1nNp-_-FTRi8Pid0IpO64g7Wq5DcdhLveDed4L_PYf8Ah1l770ujyXSQ22htqalhOCXlSeUFp9Te0FUv3LrxQX3tfTfjFQoJVL07aW_m7Xo-FtVgY712INGo42YH8iNJLCNrUPBv_qA07QzWhGq2DLwXOFiSaLzqHk50V17wMEHdaDRuIvsXf5inunxdoOg5bie8UoPYkbHoq7NF5VmlSzWCCTc-KXFUtqeH0AmYPcIKAZbkDz1gl69IuihOwIwa4qxvNl5tIejYeqlxn7b6y6agadkTb7Cb36jWYDETtQpcrZ2SsZZOnlDI0sjnZpF8Lkc0p4tEfKyewoxncOLUWnmnbqCPWJYpxfs_Ya9Qz44nFsa4VR_bGOv16B6FCbgBJRRsO6LNI_pFNKSptcPYT39zbCyq22nwdz5KebOwTOtJAGX_Kh8LLLjPgpNZz6-GAuwVYn3x7W-pdU-K6bJ3QpWJZ4XuXgIiLnMEUrCoO81eEbwG2uw4WaV7DElmWyt4fAXinS8G-nYGGZC8YG42cE-QyrhbwJAt0qrj_uq9ujyN6fXddW_V0zdhB-1y7xabh2DNpJ0Xa5JPXjya4jShN5rE8ghoNzXhskzEr3qysIz_F6D2jNfFUwICnWfDZrbVGoTVAn5kboDMAaBho8yUjindl_qqIbuYKTpqq7z9lmCww8M0K1HeEpLQrVh41DHAX0pt4h86oLPsZ5q5oR0byt1Cj2umyX2OOlnDBXoK_7CfmQJXZ3sUk5ukOQjPpm1tMFEEUZIciCRfnv2n_HlHZ_zn_uKr9Z12mc-4wVJaea8-lb6eOTk0nAa877paAzLdlDX2PxXERLfetlyxoKwp69O-Oo3LtB4z9plWPW3DGRaTdOhM07rD9STLVTk-Dd1_vxmXdofWY_F-q0CxaB11JYfKUHvNvbacyzc5J-_C_s-WZ_fcLeX1ctREy9CeypvrrjzNSu68uYl_rnYckssTW16sQZR610Jr7a4ntrO8SgdC_SD-XlOYbS0YQhRNXXG-n3o8Y-8cAhUhDTNfT49xyT5U7tpIsl-XqLL1bYF6Dh8DQ2cQr7BAZZvI3Z3I4Dr_4NqzTZKaJ5mqIXi2yI37lXDhUBm5z8RWfdMcHEItPXxzP9AkJU0AXLobRjA33FrUZ72nFPqkZkf5TAiKbkq_fv0PHHacrd7zkw65G4GNUWKPA9W-m7p52Q-0v9BGR5ihX7satV4tpJUOdyaw2Ky8bUJyRfNY5bivdWumqtoCC36sZNtTQDbHN1x8lrgaT0YiWSZJU6bwTd0QhY8nuR5Jjy_dDGM2V-NAQnrwtJStpHuQhMQej__xKSEwj4jvwIVfUAbtdWG9FOh8A9eaKfKO90ER5uv3tKZ7haCcHDnewH8ewA3fdvvNuZoQtp5RTHzxWC3c2ANnr1eVMf3wjSt7-SnFptsRfj3nv_kLIqXrQVZwkFAjPIF_WZvea9rUuBlomLeVoTuzaGPTNZg3BdAgzTc_d9Ii9V_GC3rsAYzKz7qIdBtqIC80R-FtEWPqV9BK0s-hcz5hAabp450OmWY1OZHK172JSc6mxKwOITO-UpZT5zoisV1I2Nqp5Q---zwtlrdm4MC8NTgdInMSr8iVsswk1z37zSAgzeSds4j4KmmguG9rXk2YPL-Rn5jMOaQ2w-GlzZCQtHHC4n25x6JcDsg_Tcfij-5iHb_IuoGdW5YYWL72X7dzm_9G9BvsSQGQ9yxZ7xF6FidREWERjTNjUAUmIrvMt7WkokPnG2RWRT0qN_DghLMe7M1K8t-cDZXov-7R36ULT1fHbqs6cCqM8qsxZkIbBcxHvM7MHVwIHhhto60c-joDORafdkIIYLdGeAIyaeMoYlbAMn0qnb9BQAn7v_fuIL6M8e9dV5mlDZcxU7ZhmV2T8_nhoabF2yFEDmo1ckSvB-4LDqCzcrL5NX1gGNGTepKkqf8L4RskDCaXXjFkZkIy8hoXmyexN6wiQMAJiCino4KIrL_pLlvkZgBqdE3VW_VHO2ygujD_JHSjqFnJ-HZcUhZPHcrMNhHeDCKKyvcrz-jNx2h7SpZssDWSeExE2I9NANYjuA_ui0xSUE_nmBTRLBa4FO_z28OGgrwPKIcoEGKLRFP14572HoIHR8eEJL4Fot0-ySAdB08d6qnqJmVTXX3pBTpdgSWYy1ubUutf8bhnOOuvpmgLlBNMsR5ePXVU9FuO7j2lZWGDS4jHtCHUMxt5QIJ439KraG-HhOtrB1Hw-HSJRzdua5B5g24OQoYMZCUFfl9HdWg-6W5I7_SvkSMHX3fbo_m2R07qtpBQ_q9jSS3X6Mz9Lu_NffL9XSQA32FXp9rLUGrEmR7EzIuTzriqdhwCnhfwOjWpgYOepHcUHw-9jwKN6JAub4IQO6vX28vfAAhKjgSa2TRXJXOx-0OIpJrfekMpSlYw1ySW16S0ePlhSXrRwn2b7gBctPme8EK1jj5_KR3PaZWXJSSi6u8_pLWHji81ejL61KoktWviYOAstBWg0MDEDycYRw1HvMxfk-StqN5K44GffJSjQ_28Lo3LtB0rWYuM3TgKBTi5dLwdASwHiX18fL3qjROoOZYvg2pGZqnRJUgJYiAmTZrV4R5aB9BcfmOvJssV9PZJTx6Ya9ZcsS54cyDl8lDbK_-vg3pCKo4FrAEsd0D7XhjXcHJhA&cid=CAASEuRoaZlqABKo0b86CD7KxMBN9g&rfl=3%2Chttps%253A%252F%252Fwww.teamblind.com%242%2C%2Chttps%253A%252F%252Fcompass.adop.cc%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6095f802f70da16a4e09cc05554f17ceae41f8a8a2216d9ba3f3d03601235683

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:05:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8469
x-xss-protection: 0
server: cafe
etag: 9781378207497007991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 20:05:54 GMT

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame 6100 7 KB
3 KB 12ms
11ms Script
application/javascript 2a02:26f0:10c:59c::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=14526021&cmp=24599476&sid=4128031&plc=298558531&num=&adid=&advid=9533159&adsrv=1&btreg=491650935&btadsrv=doubleclick&crt=147772722&crtname=&chnl=&unit=&pid=&uid=&tagtype=&dvtagver=6.1.src
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BpXIVWQwKJO7fItpjvV0OlLPWIoTU9OycajFnbt8jA85-UyRB3SDgOrent4Skj3VDBLgS-LZix3D9bT3idviePptPy9cgR9KNrT6Panp2-uPpUpS4Gw9eZ3h1NdP_G3GpsvS2gWA0AtUyzL9LF_SDNPme-wA&dbm_d=AKAmf-AKv-ovVYdwxrCZWLEcIxn5jfG8vZuQUVHYCQV4Hj5phXTKCwVroQpCBhl3H0vkq4RYw8eFJRXWJGH89qPb72pRTZuzXvq5Pys6xa2n52BN3Z5QkpujGpdKrQK8xMivjoLI1e0wXuYdVZpCqVP9GsC1xu5Piso4ZHXiAOtd9bir63u4Oi5BvLm3sCMoeMker6UVztdx27PoaKAqoyGh15iyidt2WNmH6dGIuWD_kd5-E7SuNROMJvFk7jYnf8ha2AAMQ1EyPjAW4nElTHiH-tNySrYF3wpYw7IkwuxOfCiHnyMHrkry_JH1END6QKfHR6bgfTSEdRi-QeSzX0pyvef8ONv_E_BOYhN7duJCeE8RzWaVff1Sx_FcsKsccBT6si_UD8nYg0-0YqEKxli3vZsK6zyslg9Vc1nNp-_-FTRi8Pid0IpO64g7Wq5DcdhLveDed4L_PYf8Ah1l770ujyXSQ22htqalhOCXlSeUFp9Te0FUv3LrxQX3tfTfjFQoJVL07aW_m7Xo-FtVgY712INGo42YH8iNJLCNrUPBv_qA07QzWhGq2DLwXOFiSaLzqHk50V17wMEHdaDRuIvsXf5inunxdoOg5bie8UoPYkbHoq7NF5VmlSzWCCTc-KXFUtqeH0AmYPcIKAZbkDz1gl69IuihOwIwa4qxvNl5tIejYeqlxn7b6y6agadkTb7Cb36jWYDETtQpcrZ2SsZZOnlDI0sjnZpF8Lkc0p4tEfKyewoxncOLUWnmnbqCPWJYpxfs_Ya9Qz44nFsa4VR_bGOv16B6FCbgBJRRsO6LNI_pFNKSptcPYT39zbCyq22nwdz5KebOwTOtJAGX_Kh8LLLjPgpNZz6-GAuwVYn3x7W-pdU-K6bJ3QpWJZ4XuXgIiLnMEUrCoO81eEbwG2uw4WaV7DElmWyt4fAXinS8G-nYGGZC8YG42cE-QyrhbwJAt0qrj_uq9ujyN6fXddW_V0zdhB-1y7xabh2DNpJ0Xa5JPXjya4jShN5rE8ghoNzXhskzEr3qysIz_F6D2jNfFUwICnWfDZrbVGoTVAn5kboDMAaBho8yUjindl_qqIbuYKTpqq7z9lmCww8M0K1HeEpLQrVh41DHAX0pt4h86oLPsZ5q5oR0byt1Cj2umyX2OOlnDBXoK_7CfmQJXZ3sUk5ukOQjPpm1tMFEEUZIciCRfnv2n_HlHZ_zn_uKr9Z12mc-4wVJaea8-lb6eOTk0nAa877paAzLdlDX2PxXERLfetlyxoKwp69O-Oo3LtB4z9plWPW3DGRaTdOhM07rD9STLVTk-Dd1_vxmXdofWY_F-q0CxaB11JYfKUHvNvbacyzc5J-_C_s-WZ_fcLeX1ctREy9CeypvrrjzNSu68uYl_rnYckssTW16sQZR610Jr7a4ntrO8SgdC_SD-XlOYbS0YQhRNXXG-n3o8Y-8cAhUhDTNfT49xyT5U7tpIsl-XqLL1bYF6Dh8DQ2cQr7BAZZvI3Z3I4Dr_4NqzTZKaJ5mqIXi2yI37lXDhUBm5z8RWfdMcHEItPXxzP9AkJU0AXLobRjA33FrUZ72nFPqkZkf5TAiKbkq_fv0PHHacrd7zkw65G4GNUWKPA9W-m7p52Q-0v9BGR5ihX7satV4tpJUOdyaw2Ky8bUJyRfNY5bivdWumqtoCC36sZNtTQDbHN1x8lrgaT0YiWSZJU6bwTd0QhY8nuR5Jjy_dDGM2V-NAQnrwtJStpHuQhMQej__xKSEwj4jvwIVfUAbtdWG9FOh8A9eaKfKO90ER5uv3tKZ7haCcHDnewH8ewA3fdvvNuZoQtp5RTHzxWC3c2ANnr1eVMf3wjSt7-SnFptsRfj3nv_kLIqXrQVZwkFAjPIF_WZvea9rUuBlomLeVoTuzaGPTNZg3BdAgzTc_d9Ii9V_GC3rsAYzKz7qIdBtqIC80R-FtEWPqV9BK0s-hcz5hAabp450OmWY1OZHK172JSc6mxKwOITO-UpZT5zoisV1I2Nqp5Q---zwtlrdm4MC8NTgdInMSr8iVsswk1z37zSAgzeSds4j4KmmguG9rXk2YPL-Rn5jMOaQ2w-GlzZCQtHHC4n25x6JcDsg_Tcfij-5iHb_IuoGdW5YYWL72X7dzm_9G9BvsSQGQ9yxZ7xF6FidREWERjTNjUAUmIrvMt7WkokPnG2RWRT0qN_DghLMe7M1K8t-cDZXov-7R36ULT1fHbqs6cCqM8qsxZkIbBcxHvM7MHVwIHhhto60c-joDORafdkIIYLdGeAIyaeMoYlbAMn0qnb9BQAn7v_fuIL6M8e9dV5mlDZcxU7ZhmV2T8_nhoabF2yFEDmo1ckSvB-4LDqCzcrL5NX1gGNGTepKkqf8L4RskDCaXXjFkZkIy8hoXmyexN6wiQMAJiCino4KIrL_pLlvkZgBqdE3VW_VHO2ygujD_JHSjqFnJ-HZcUhZPHcrMNhHeDCKKyvcrz-jNx2h7SpZssDWSeExE2I9NANYjuA_ui0xSUE_nmBTRLBa4FO_z28OGgrwPKIcoEGKLRFP14572HoIHR8eEJL4Fot0-ySAdB08d6qnqJmVTXX3pBTpdgSWYy1ubUutf8bhnOOuvpmgLlBNMsR5ePXVU9FuO7j2lZWGDS4jHtCHUMxt5QIJ439KraG-HhOtrB1Hw-HSJRzdua5B5g24OQoYMZCUFfl9HdWg-6W5I7_SvkSMHX3fbo_m2R07qtpBQ_q9jSS3X6Mz9Lu_NffL9XSQA32FXp9rLUGrEmR7EzIuTzriqdhwCnhfwOjWpgYOepHcUHw-9jwKN6JAub4IQO6vX28vfAAhKjgSa2TRXJXOx-0OIpJrfekMpSlYw1ySW16S0ePlhSXrRwn2b7gBctPme8EK1jj5_KR3PaZWXJSSi6u8_pLWHji81ejL61KoktWviYOAstBWg0MDEDycYRw1HvMxfk-StqN5K44GffJSjQ_28Lo3LtB0rWYuM3TgKBTi5dLwdASwHiX18fL3qjROoOZYvg2pGZqnRJUgJYiAmTZrV4R5aB9BcfmOvJssV9PZJTx6Ya9ZcsS54cyDl8lDbK_-vg3pCKo4FrAEsd0D7XhjXcHJhA&cid=CAASEuRoaZlqABKo0b86CD7KxMBN9g&rfl=3%2Chttps%253A%252F%252Fwww.teamblind.com%242%2C%2Chttps%253A%252F%252Fcompass.adop.cc%252F%240
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:59c::4469 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 554bc1440e7f58e518aae4facf8b6d5f34af6695c3a8d03c12003d1eb973989b

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 20:07:02 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Apr 2021 07:21:30 GMT
Server: Microsoft-IIS/10.0
ETag: "0f96cafe30d71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3005

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6100 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 19:25:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88889
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Apr 2022 19:25:33 GMT

GET
H/1.1 200
OK /
d.agkn.com/pixel/2387/ Frame 6100 43 B
660 B 83ms
20ms Image
image/gif 3.126.239.96
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.agkn.com/pixel/2387/?ct=DE&st=&city=5750&dma=0&zp=76199&bw=3&che=1498539067&col=24599476,4128031,298558531,491650935,147772722
Requested by: Host: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.239.96 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-239-96.eu-central-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:02 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK dv-measurements1165.js Show response
cdn.doubleverify.com/ Frame 6113 476 KB
86 KB 11ms
10ms Script
application/javascript 2a02:26f0:10c:59c::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements1165.js
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:59c::4469 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 7e739cb08237c433c5fc87622578034ce4d4b9233f7cef03d0c9183d3295e9ca

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 20:07:02 GMT
Content-Encoding: gzip
Last-Modified: Tue, 30 Mar 2021 12:00:54 GMT
Server: Microsoft-IIS/10.0
ETag: "01ff4555c25d71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946083600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 87677

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8086 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Thu, 15 Apr 2021 13:04:31 GMT
expires: Fri, 15 Apr 2022 13:04:31 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 25351
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK dvbs_src_internal79.js Show response
cdn.doubleverify.com/ Frame 6100 53 KB
17 KB 10ms
10ms Script
application/javascript 2a02:26f0:10c:59c::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src_internal79.js
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=14526021&cmp=145089&plc=vtnwou&sid=45f3d18e47f96c&DVP_PROG_REP=1&prr=1&DVP_DV_TT=1&DVP_DV_CT=1&DVP_PP_ID=3&DVP_PP_IMP_ID=ABAjH0ga-US-5y6asDGqgdWotc-C&DVP_DBM_1=1861733&DVP_DBM_2=18808749&DVP_DBM_3=47988502&DVP_DBM_4=336214720&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=258279364216&turl=www.teamblind.com/&DVP_PP_BUNDLE_ID=&dvregion=2&unit=728x90
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:59c::4469 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 40adb937145b21abf0b1dde7dfa4d0a80be21ce7bf7d4f85ca944022a23c6785

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 20:07:02 GMT
Content-Encoding: gzip
Last-Modified: Sun, 16 Aug 2020 05:50:22 GMT
Server: Microsoft-IIS/10.0
ETag: "0a34a219173d61:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 16756

GET
H/1.1 200
OK bst2tv3.html Show response
cdn3.doubleverify.com/ Frame 085E 1 KB
1 KB 29ms
10ms Document
text/html 2a02:26f0:10c:59c::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn3.doubleverify.com/bst2tv3.html
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal79.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:59c::4469 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 86be5d6a3d661fd3d5d72f254a347dec5c66cad569117f51dad297acba02f558

Request headers

Host: cdn3.doubleverify.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/

Response headers

Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Tue, 02 Sep 2014 17:01:36 GMT
Accept-Ranges: bytes
ETag: "01818ecfc6cf1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 806
Cache-Control: max-age=32705
Date: Thu, 15 Apr 2021 20:07:02 GMT
Connection: keep-alive

GET
H/1.1 200
OK verify.js Show response
rtb2.doubleverify.com/ Frame 6100 3 KB
2 KB 65ms
24ms Script
text/javascript 213.254.244.16
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb2.doubleverify.com/verify.js?jsCallback=__verify_callback_711053157653&jsTagObjCallback=__tagObject_callback_711053157653&num=6&ctx=14526021&cmp=145089&plc=vtnwou&sid=45f3d18e47f96c&advid=&adsrv=&unit=728x90&isdvvid=&uid=711053157653&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&dup=null&brid=0&brver=&bridua=3&turl=www.teamblind.com/&srcurlD=2&ssl=1&refD=3&htmlmsging=1&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_DV_CT=1&DVP_PP_ID=3&DVP_PP_IMP_ID=ABAjH0ga-US-5y6asDGqgdWotc-C&DVP_DBM_1=1861733&DVP_DBM_2=18808749&DVP_DBM_3=47988502&DVP_DBM_4=336214720&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=258279364216&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=4&m1=13&noc=16&fcifrms=6&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=128&eparams=DC4FC%3Dl9EEADTbpTauTau4%40%3EA2DD%5D25%40A%5D44TauU2%3F4r92%3A%3Fl9EEADTbpTauTauHHH%5DE62%3E3%3D%3A%3F5%5D4%40%3ETar9EEADTbpTauTauHHH%5DE62%3E3%3D%3A%3F5%5D4%40%3ETar9EEADTbpTauTau4%40%3EA2DD%5D25%40A%5D44Tar9EEADTbpTauTau5742e__7a_b6ge27h27%60b4db%60a_a_c_6%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTau5742e__7a_b6ge27h27%60b4db%60a_a_c_6%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3ETauD2767C2%3E6Tau%60%5C_%5CbgTau9E%3E%3DTau4%40%3FE2%3A%3F6C%5D9E%3E%3DTbu%3FTbsa
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal79.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.16 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: a20c352f37c2c118fb34ade78fc8e5ae1a870827829194cd05bac70ca6a25d94

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
X-DV-Response: 1
Content-Encoding: gzip
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0
Transfer-Encoding: chunked
Date: Thu, 15 Apr 2021 20:07:02 GMT
Expires: 4/14/2021 8:07:02 PM

GET
H/1.1 200
OK dv-match6.js Show response
cdn.doubleverify.com/ Frame 82E8 4 KB
2 KB 9ms
9ms Script
application/javascript 2a02:26f0:10c:59c::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-match6.js
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:59c::4469 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d03755898b05a3d69377bf7da16ccb307e789a0f569b4dbbcb7b29bdecf967c5

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 20:07:02 GMT
Content-Encoding: gzip
Last-Modified: Sun, 11 Mar 2018 04:45:12 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "03c84bdf3b8d31:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=16457
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1935

GET
H/1.1 200
OK t2tv7.html Show response
cdn.doubleverify.com/ Frame 2D19 12 KB
4 KB 10ms
10ms Document
text/html 2a02:26f0:10c:59c::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/t2tv7.html
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:59c::4469 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 29f21aea7fc613d2618b70a483e0b4bf50ba3f4ce4109fa429ce580ec57ef991

Request headers

Host: cdn.doubleverify.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/

Response headers

Cache-Control: max-age=946080000
Content-Type: text/html
Last-Modified: Thu, 11 Sep 2014 19:15:16 GMT
Accept-Ranges: bytes
ETag: "0ba3b8f4cdcf1:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3877
Date: Thu, 15 Apr 2021 20:07:02 GMT
Connection: keep-alive

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame 6113 2 KB
1 KB 67ms
25ms Script
text/javascript 213.254.244.14
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&bridua=3&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau4%40%3EA2DD%5D25%40A%5D44TauU2%3F4r92%3A%3Fl9EEADTbpTauTauHHH%5DE62%3E3%3D%3A%3F5%5D4%40%3ETar9EEADTbpTauTauHHH%5DE62%3E3%3D%3A%3F5%5D4%40%3ETar9EEADTbpTauTau4%40%3EA2DD%5D25%40A%5D44Tar9EEADTbpTauTau5742e__7a_b6ge27h27%60b4db%60a_a_c_6%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTau5742e__7a_b6ge27h27%60b4db%60a_a_c_6%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3ETauD2767C2%3E6Tau%60%5C_%5CbgTau9E%3E%3DTau4%40%3FE2%3A%3F6C%5D9E%3E%3DTbu%3FTbsa&srcurlD=2&aUrlD=4&ssl=https:&dfs=47&ddur=32&uid=1618517222888952&jsCallback=dvCallback_1618517222888760&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1200&wouw=1600&scah=1200&scaw=1600&dvp_isOnHead=1&jsver=1165&tgjsver=1165&lvvn=28&m1=13&refD=3&referrer=https%3A%2F%2Fdfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html%3Fn%3D2&fcifrms=6&brh=2&dvp_epl=520&noc=16&ctx=14526021&cmp=24599476&sid=4128031&plc=298558531&crt=147772722&btreg=491650935&btadsrv=doubleclick&adsrv=1&advid=9533159&errorURL=https://tps.doubleverify.com/visit.jpg&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=221570977.81368482&dvp_tukv=293960771.9390266&dvp_uuid=789401703.5114459&dvp_strhd=0.31999871134757996&dvpx_strhd=0.31999871134757996&dvp_tuid=631031014715&dvp_vcms=40&dvp_slmsd=77&dvp_vcmsd=117
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.14 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 8c8c7cade5836e30a31c5ab7a397864bbc5d67cd48f1721317d484ff972ab05c

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:02 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 4/14/2021 8:07:02 PM

GET
H3-29 200 container.html Show response
23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0F69 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Thu, 15 Apr 2021 20:07:02 GMT
expires: Fri, 15 Apr 2022 20:07:02 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame E090 73 KB
28 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74e1cf077493c33fe895c7ce5732cda76b195e2d357d928f094bc3367cc7a75f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1618423639646658"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28266
x-xss-protection: 0
expires: Thu, 15 Apr 2021 20:07:02 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame E090 8 KB
6 KB 18ms
17ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021041501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46c227fca1e6f03da19dd5b2607d321ffda785e6da71bd523cf693cc3ba8f1a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 15 Apr 2021 20:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6554
x-xss-protection: 0

GET
H3-29 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 6100 7 KB
4 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal79.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0216d870844c21ce7c5c72f3471b81013c6d1879d5c4701b81a6c0c22870e081

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:05:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 07 Apr 2021 15:25:31 GMT
server: sffe
age: 68
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3587
x-xss-protection: 0
expires: Thu, 15 Apr 2021 21:05:54 GMT

GET
H/1.1 200
OK bsevent.gif
tps20520.doubleverify.com/ Frame 6100 807 B
1 KB 66ms
20ms Image
image/gif 213.254.244.14
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps20520.doubleverify.com/bsevent.gif?impid=5047895273ac4fe2869e9f990e2ad1e5&vfdur=66&cbust=1618517222963610
Requested by: Host: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.14 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:02 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=0
Content-Length: 860
Expires: 4/14/2021 8:07:02 PM

GET
H/1.1 200
OK bsevent.gif
tps20520.doubleverify.com/ Frame 6100 807 B
1 KB 66ms
23ms Image
image/gif 213.254.244.14
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps20520.doubleverify.com/bsevent.gif?impid=5047895273ac4fe2869e9f990e2ad1e5&pltfrm=Linux%20x86_64&dvp_or1=1&cbust=1618517222966235
Requested by: Host: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.14 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:02 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=0
Content-Length: 860
Expires: 4/14/2021 8:07:02 PM

GET
H/1.1 200
OK bsevent.gif
tps20520.doubleverify.com/ Frame 6100 807 B
1 KB 63ms
20ms Image
image/gif 213.254.244.14
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps20520.doubleverify.com/bsevent.gif?impid=5047895273ac4fe2869e9f990e2ad1e5&dvp_or2=1&cbust=1618517222966223
Requested by: Host: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.14 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:02 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=0
Content-Length: 860
Expires: 4/14/2021 8:07:02 PM

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame E090 17 KB
6 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041501.js?31060836

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Thu, 15 Apr 2021 20:07:02 GMT

GET
H3-29 200 Qx3Q47ufVIXthwLbxHTZsoggz9VdVncx7lDJETLQzH4.js Show response
pagead2.googlesyndication.com/bg/ Frame 8086 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Qx3Q47ufVIXthwLbxHTZsoggz9VdVncx7lDJETLQzH4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

431dd0e3bb9f5485ed8702dbc474d9b28820cfd55d567731ee50c91132d0cc7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 14:08:14 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Tue, 30 Mar 2021 13:08:00 GMT
server: sffe
age: 21528
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5721
x-xss-protection: 0
expires: Fri, 15 Apr 2022 14:08:14 GMT

GET
H3-29 200 impl_v70.js Show response
www.googletagservices.com/dcm/ Frame 6100 36 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v70.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2a292ee40c2422d82f43b270984343ea18e7c05384459c1d7adbee2c241be30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 17:05:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 15:43:23 GMT
server: sffe
age: 97273
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15292
x-xss-protection: 0
expires: Thu, 14 Apr 2022 17:05:50 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0589 624 B
297 B 17ms
16ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIT8cxCYy3sYt63YowEwAQ&v=APEucNUsPNZNvcwR7V_vMPTtwoHWm_A29KoaTlxGK5FpAlGTv_QXK9ZvnGnrRJq_0UDP2GwEZO0ZcFeBxOLLuT4hpaQOYlWULxLHN3IxDgGb25OhmgE2cImji6Rp4Va4o5y3npy3xOV_PCX6CqxljSC5LxssMLRpdnRROK0NkRAi1F4ZF8cG1hVR68AIzOUhV-raXCOWVlrReG0rqgRLAft5hujTw0Yndg

Requested by

Host: 23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com
URL: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CIT8cxCYy3sYt63YowEwAQ&v=APEucNUsPNZNvcwR7V_vMPTtwoHWm_A29KoaTlxGK5FpAlGTv_QXK9ZvnGnrRJq_0UDP2GwEZO0ZcFeBxOLLuT4hpaQOYlWULxLHN3IxDgGb25OhmgE2cImji6Rp4Va4o5y3npy3xOV_PCX6CqxljSC5LxssMLRpdnRROK0NkRAi1F4ZF8cG1hVR68AIzOUhV-raXCOWVlrReG0rqgRLAft5hujTw0Yndg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkuZ_vbRKc7N9_4No9OMsw2VnJUfDkKZvkbV687UFXsDh5I-jZStmGsIGYD-Ss
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 15 Apr 2021 20:07:03 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0F69 57 KB
22 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B3FE0yA7PazT_o8s7_snbn-z8L2PLhTOOmK8cUYtgNwZh0PnbTU-qdYj7hv6kFCAQk_5NXeeY6jSunfUARdG0o9B2DhdQUlmnCjThLybZaXm8W9CPLaBSH9DJwRIEuobpon9vsl9ubW2W8fJR867cQQ8qqMg&dbm_d=AKAmf-CSgJLzjIoU5m5kOk9883FTJ_dauRXLPhZIc36HKA_cKc_m51jZET1ypdeGjXsvvg8gWAl_ZOl0r1Bmq0HSP8unpu6_LJBzpXIq0ukFU2OGjF4Wo3bN0fg5B1xAuIolI44K1gHKrGYyHGab0QthKx7r6bdrpzD1Jv3dmDIvT5HSWwWdcgvH2UNksmyxz2vQAwfR_ktO9mcxr4IDE0VSNLQXz1aCkXOJyg9hbQeT7T7EsIs1VABOVNLRxwHlojutdCM0nTKbvZSJdBg5Dd6K2WPBU95zLrXvdtbtYlkxYVG8NSYngsARhIIh3Pyo-5_2qQ7nVTNkc_-_-s-pO0pCHls4Zl4_aYj8Ftv8-aeH4CvOcdZeKXdp3Zkcvh7_309IzgFk98XcJgZYBdMLKhYGKlPUEIQfbfDO3PfI_I7uFpEnK_bYLSFbK5pYK-mdDEC5wcPPwQQtv9uRS_YCFf28sqOyjoreyWEE_bXFRAUiqwwXHfWzGrYCF6ReMYTONJFglXFznVrhWaQMjidW3Yt4s0XqRB-pyhp2nv2QVVS56z7AIbJNCbIPF_7O-r88NEiL895v7gfffXJJkcCLm4jQClx7WAIsL3-i5eAzvejhLd4_2eaE9R0AryEMqJiQKokvAxz-d_1QMVuNI1C44nZjLuKvTF5Cg43zJeg0qGRT5__Mt0TGO8PbXRPIXrevZKJ-YPlLzwys17ECEALrSIOxdS7MVMRzLjKlxFc-_mnkHxOqUJLt_FBYeAAIEJnl66RfSDdDnVyUj-wuKJEo7oqKDeGpDpbvXtNOWDzQIFB5aj9V9mag91B-8sjV13Iq1KFC4EyTMZvBD2IH1wcS1gexyGDjC07A_3Dcxu_8eT4uDLq2qEw-IPb8pn5-OiAC5lnP40vwdkixWSN5g9zySYJMxPR62-Y3EX6HSDEWJO0MkAPeMmw0h0bNWDOjSEba7lTOVoTxgSyYgcfxsqhjiL0WuPzY-qcBOlF5Yx1hpuQddUHSGNQO_lBieykMrF_wF1rFORmcb8-jcIbqj6OGroG3YXaaIYQ72KdbbDvMCKTPFeDX8vvNlYRSPSFM28kiy4n8wRBe7E0SpaMnJzb7ZFHBb6bTueUMiBVF5_e-8XMgiYgVJkIw-Yz8NYq8d2GuCsVAmc1lRVTDi6ABPEu1-dL-nG4EjcH6A8ZXJJiMOevM2oTXCq1d_mINz122iuOiHCPxPeCHt7FYZUHe_uVo2DfWwIeu_VvZkQK1dkjkfLgFlvftJz9c2BwzUki8KONMzkUyKoNDWhOmUGyssg36QH4ggv3XzrNhYQMxP3r7bySi8MQms-ZyNTiN7RGuKaQ1pdlKyfzb5Rae35VB-KPSNwycuU0eGxiYdHrF3_WT_E4GNsOTw4gK18ykzPT9d1chh3XzErPkE7JclxnhXF_SD8XTOy9N40LHxyaXQppjWB9HjMvFOxwNAgQGXVRWqGGLPy4zPQDam0GBp6O75wiRVU6i8tY_3e_oFs5KHll3rV7BEcVqX9LWIbM64mbCPD2yktmoMT6-WoMGaxwV_YLykrHNywfpASBjUSB1SbaDDIWdEh3O39W-pzs_H2KpazTBj2LSJ4RkaV1Ny5kEyeNtHQq9vm6iO-ffODWynOHpHv6dYAXwUEwYZaE42hm5nznLBcAwg44uY7NX-aBLadVzBtmS4mtWmmDjwKYgPwwkLn2kdWzLeyw7iTSLLkeaZ8QRCRBBmYrpXmiQ4fQ1q5wtPSFndWazWxnda1yOL3QN4htF6kznYZeBOZlHlFzTOeKiq8kSTQQtwUFRhJ6KxQYv2v2Rc9DxdW1pVEeA5-1JNG1adz8fecaaZw5HfdqaLkhp6uKPTF5LW54xGltRIziZ9DcLZSilEqpT5nhzzVeLvlKKbhKSPJQVvAEOKG5-f9bOcqoC70nsf6Mk-SoQGG2_lPeysks6__2LhVN4HrmQGjpLyHhuOC_PTi6c_irNaZJGZke2uZlpgu99nZCinCmB6sRQqPwRQCWJ12W_YO76arbZxhjDUpZwMZ2grJOLeRpTucdjdHqQ7Fev1enbLBmLpbG1Z2SuOeBRao_nQvzxrBICXi0Mch7g-5LB67csqK0_nQqXbOa9TlcUvaHPOSZehcKmoK6weSaGBT2-s6SJPo6xDABvZp9UCLJmNzBRNghlNIzSgm7Hf9DKyDpzcCzwrKawrredG-6qAzGeRNGDEyNLfU0g4pgJmNJLuBW-LsZUfDc_ks6Jo4wRgnDGbQ9j4SUXaLm4lvsFzxGHp_0FdZBOlBUhjbmVIwqTPXeXgCNn5H9Ei7-y5njePoSsj3WAcBS-nA5Xngd6besu9yxX4adnYUJnrowdEfmTtLbJLQ-wA1h7YYOurpHGjFg-jFKAzfI7N-kHScVY8dgnZZVijvlZkbihjYYdHnI0-kwnaGjH2SGtjwC2cjsQGpDRSk86EkPbOBUpiPI_6aX17X9Vaq_1x8vI59OTKGWfVjZXURpv4i2LInkihmbCPD0OrXApX46X0qoCkRvfLwRk0vJCQR6jAcYKrqTHBrVKqYKn8SUcrNUf9VKg5HlQuy9Ho-B2w8YcuiAhRowqVw1iQ5ANIYosFfg371skk3t0Nl9_guMVZY1ffH7ud9spb_QmOf_seI621n6ZJA2Ctvx4QmXpg9dDeW3C1SdzZi82HXRh4HsvkK-HY0qn2dgMbgFPpcKLCPfHJS3WS05XmQeNInTEYUV32ZWOl-xQmSMq2Ok2L3Mwc369z4xu4gRC06SS0IYl9K4K0tZYtOnmK7SisIrz7thC9auyQQolm4xSVz0CK_g7SN0x_G8NU3TKXeaUUcItBWpHI4CMPxGPllouKIrPaZuEVROwQar1KzY6msjsidvP0E4mjYj8bnboIh5oNbud5q2LZ4T2ae4BfQ-UuSwrnjPq198zofSh7kXtXYUilmAOKJsk_M5bvCxMOzPiRkGK33kYT9dHOLaAZNOfvpGfP_j11T25LjFR9Tk&cid=CAASEuRojYXvXPmdyf96ExFlbtNBig&rfl=3%2Chttps%253A%252F%252Fwww.teamblind.com%242%2C%2C%2Chttps%253A%252F%252F23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com%252Fsafeframe%252F1-0-38%252Fhtml%252Fcontainer.html%253Fn%253D2%240

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

69e6c95db83ba72c39b5bf799a603ad0bb3e9ac98cd1f16079502e08331ee045

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22972
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0F69 42 B
63 B 40ms
39ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DUmNLj5w1w_obg6tcmt_WgTjg6Gw2TuCntCFd2wAjRa8lGlQ5mqRpEGcAAbZ66m-sYDnpJJnLrWIaTS2-347xx1wnvGu1z7IT4tnUJaOHLzSlQ1Yc

Requested by

Host: 23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com
URL: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/ Frame 0F69 2 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/window_focus_fy2019.js

Requested by

Host: 23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com
URL: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:06:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 20:06:41 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0F69 118 KB
36 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com
URL: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce2216da03d856edb71b34855ce2c67476f6053791b3e85da74477d9a37360a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1618423651533291"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36717
x-xss-protection: 0
expires: Thu, 15 Apr 2021 20:07:03 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/ Frame 0F69 13 KB
5 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com
URL: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

231064110361844d6320331a5c35979c2a492a546604d97181eb6cf7aa4ae1cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:06:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5602
x-xss-protection: 0
server: cafe
etag: 7525161794280374107
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 20:06:47 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 0F69 0
0 15ms
14ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQrMDIUpFSzKVGkw7eCVyvzA3GaQMloOxMSeezLdRtE3NzdecrPyMnh_ePzJma7nk_GvZ7gGPRRSETWi3-yFSLu93WdOA
Requested by: Host: 23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com
URL: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 04F1 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Thu, 15 Apr 2021 20:06:30 GMT
expires: Fri, 15 Apr 2022 20:06:30 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 33
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 B10224936.280246103;dc_ver=70.201;sz=728x90;u_sd=1;dc_adk=522452138;ord=qmqchq;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=3,https%3A%2F%2Fwww.teamblind.com$2,,https%3A%2F... Show response
ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/ Frame 6100 33 KB
17 KB 116ms
55ms Script
text/javascript 142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B10224936.280246103;dc_ver=70.201;sz=728x90;u_sd=1;dc_adk=522452138;ord=qmqchq;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=3,https%3A%2F%2Fwww.teamblind.com$2,,https%3A%2F%2Fcompass.adop.cc%2F$0;xdt=1;crlt=acxDL2JA*a;osda=2;sttr=62;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v70.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f6.1e100.net

Software

cafe /

Resource Hash

79f9f187afa2b55da1fdb60bd14ab8b14451ab6fd0e8031deb0e0076eb18aa8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16355
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 container.html Show response
6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9849 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041201.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=4
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://compass.adop.cc/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://compass.adop.cc/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Thu, 15 Apr 2021 20:07:02 GMT
expires: Fri, 15 Apr 2022 20:07:02 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame BE42 73 KB
28 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041201.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74e1cf077493c33fe895c7ce5732cda76b195e2d357d928f094bc3367cc7a75f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1618423639646658"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28266
x-xss-protection: 0
expires: Thu, 15 Apr 2021 20:07:03 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame BE42 8 KB
6 KB 17ms
17ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021041201&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041201.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f559686546104588d06b32906a6490501a1842a3231a2d58fbe2be62418e97a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 15 Apr 2021 20:07:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6598
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame 0F69 111 KB
39 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com
Referer: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 19:25:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2490
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 16 Apr 2021 19:25:33 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210413/r20110914/elements/html/ Frame 0F69 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210413/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B3FE0yA7PazT_o8s7_snbn-z8L2PLhTOOmK8cUYtgNwZh0PnbTU-qdYj7hv6kFCAQk_5NXeeY6jSunfUARdG0o9B2DhdQUlmnCjThLybZaXm8W9CPLaBSH9DJwRIEuobpon9vsl9ubW2W8fJR867cQQ8qqMg&dbm_d=AKAmf-CSgJLzjIoU5m5kOk9883FTJ_dauRXLPhZIc36HKA_cKc_m51jZET1ypdeGjXsvvg8gWAl_ZOl0r1Bmq0HSP8unpu6_LJBzpXIq0ukFU2OGjF4Wo3bN0fg5B1xAuIolI44K1gHKrGYyHGab0QthKx7r6bdrpzD1Jv3dmDIvT5HSWwWdcgvH2UNksmyxz2vQAwfR_ktO9mcxr4IDE0VSNLQXz1aCkXOJyg9hbQeT7T7EsIs1VABOVNLRxwHlojutdCM0nTKbvZSJdBg5Dd6K2WPBU95zLrXvdtbtYlkxYVG8NSYngsARhIIh3Pyo-5_2qQ7nVTNkc_-_-s-pO0pCHls4Zl4_aYj8Ftv8-aeH4CvOcdZeKXdp3Zkcvh7_309IzgFk98XcJgZYBdMLKhYGKlPUEIQfbfDO3PfI_I7uFpEnK_bYLSFbK5pYK-mdDEC5wcPPwQQtv9uRS_YCFf28sqOyjoreyWEE_bXFRAUiqwwXHfWzGrYCF6ReMYTONJFglXFznVrhWaQMjidW3Yt4s0XqRB-pyhp2nv2QVVS56z7AIbJNCbIPF_7O-r88NEiL895v7gfffXJJkcCLm4jQClx7WAIsL3-i5eAzvejhLd4_2eaE9R0AryEMqJiQKokvAxz-d_1QMVuNI1C44nZjLuKvTF5Cg43zJeg0qGRT5__Mt0TGO8PbXRPIXrevZKJ-YPlLzwys17ECEALrSIOxdS7MVMRzLjKlxFc-_mnkHxOqUJLt_FBYeAAIEJnl66RfSDdDnVyUj-wuKJEo7oqKDeGpDpbvXtNOWDzQIFB5aj9V9mag91B-8sjV13Iq1KFC4EyTMZvBD2IH1wcS1gexyGDjC07A_3Dcxu_8eT4uDLq2qEw-IPb8pn5-OiAC5lnP40vwdkixWSN5g9zySYJMxPR62-Y3EX6HSDEWJO0MkAPeMmw0h0bNWDOjSEba7lTOVoTxgSyYgcfxsqhjiL0WuPzY-qcBOlF5Yx1hpuQddUHSGNQO_lBieykMrF_wF1rFORmcb8-jcIbqj6OGroG3YXaaIYQ72KdbbDvMCKTPFeDX8vvNlYRSPSFM28kiy4n8wRBe7E0SpaMnJzb7ZFHBb6bTueUMiBVF5_e-8XMgiYgVJkIw-Yz8NYq8d2GuCsVAmc1lRVTDi6ABPEu1-dL-nG4EjcH6A8ZXJJiMOevM2oTXCq1d_mINz122iuOiHCPxPeCHt7FYZUHe_uVo2DfWwIeu_VvZkQK1dkjkfLgFlvftJz9c2BwzUki8KONMzkUyKoNDWhOmUGyssg36QH4ggv3XzrNhYQMxP3r7bySi8MQms-ZyNTiN7RGuKaQ1pdlKyfzb5Rae35VB-KPSNwycuU0eGxiYdHrF3_WT_E4GNsOTw4gK18ykzPT9d1chh3XzErPkE7JclxnhXF_SD8XTOy9N40LHxyaXQppjWB9HjMvFOxwNAgQGXVRWqGGLPy4zPQDam0GBp6O75wiRVU6i8tY_3e_oFs5KHll3rV7BEcVqX9LWIbM64mbCPD2yktmoMT6-WoMGaxwV_YLykrHNywfpASBjUSB1SbaDDIWdEh3O39W-pzs_H2KpazTBj2LSJ4RkaV1Ny5kEyeNtHQq9vm6iO-ffODWynOHpHv6dYAXwUEwYZaE42hm5nznLBcAwg44uY7NX-aBLadVzBtmS4mtWmmDjwKYgPwwkLn2kdWzLeyw7iTSLLkeaZ8QRCRBBmYrpXmiQ4fQ1q5wtPSFndWazWxnda1yOL3QN4htF6kznYZeBOZlHlFzTOeKiq8kSTQQtwUFRhJ6KxQYv2v2Rc9DxdW1pVEeA5-1JNG1adz8fecaaZw5HfdqaLkhp6uKPTF5LW54xGltRIziZ9DcLZSilEqpT5nhzzVeLvlKKbhKSPJQVvAEOKG5-f9bOcqoC70nsf6Mk-SoQGG2_lPeysks6__2LhVN4HrmQGjpLyHhuOC_PTi6c_irNaZJGZke2uZlpgu99nZCinCmB6sRQqPwRQCWJ12W_YO76arbZxhjDUpZwMZ2grJOLeRpTucdjdHqQ7Fev1enbLBmLpbG1Z2SuOeBRao_nQvzxrBICXi0Mch7g-5LB67csqK0_nQqXbOa9TlcUvaHPOSZehcKmoK6weSaGBT2-s6SJPo6xDABvZp9UCLJmNzBRNghlNIzSgm7Hf9DKyDpzcCzwrKawrredG-6qAzGeRNGDEyNLfU0g4pgJmNJLuBW-LsZUfDc_ks6Jo4wRgnDGbQ9j4SUXaLm4lvsFzxGHp_0FdZBOlBUhjbmVIwqTPXeXgCNn5H9Ei7-y5njePoSsj3WAcBS-nA5Xngd6besu9yxX4adnYUJnrowdEfmTtLbJLQ-wA1h7YYOurpHGjFg-jFKAzfI7N-kHScVY8dgnZZVijvlZkbihjYYdHnI0-kwnaGjH2SGtjwC2cjsQGpDRSk86EkPbOBUpiPI_6aX17X9Vaq_1x8vI59OTKGWfVjZXURpv4i2LInkihmbCPD0OrXApX46X0qoCkRvfLwRk0vJCQR6jAcYKrqTHBrVKqYKn8SUcrNUf9VKg5HlQuy9Ho-B2w8YcuiAhRowqVw1iQ5ANIYosFfg371skk3t0Nl9_guMVZY1ffH7ud9spb_QmOf_seI621n6ZJA2Ctvx4QmXpg9dDeW3C1SdzZi82HXRh4HsvkK-HY0qn2dgMbgFPpcKLCPfHJS3WS05XmQeNInTEYUV32ZWOl-xQmSMq2Ok2L3Mwc369z4xu4gRC06SS0IYl9K4K0tZYtOnmK7SisIrz7thC9auyQQolm4xSVz0CK_g7SN0x_G8NU3TKXeaUUcItBWpHI4CMPxGPllouKIrPaZuEVROwQar1KzY6msjsidvP0E4mjYj8bnboIh5oNbud5q2LZ4T2ae4BfQ-UuSwrnjPq198zofSh7kXtXYUilmAOKJsk_M5bvCxMOzPiRkGK33kYT9dHOLaAZNOfvpGfP_j11T25LjFR9Tk&cid=CAASEuRojYXvXPmdyf96ExFlbtNBig&rfl=3%2Chttps%253A%252F%252Fwww.teamblind.com%242%2C%2C%2Chttps%253A%252F%252F23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com%252Fsafeframe%252F1-0-38%252Fhtml%252Fcontainer.html%253Fn%253D2%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:05:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 20:05:36 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210413/r20110914/ Frame 0F69 21 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210413/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6095f802f70da16a4e09cc05554f17ceae41f8a8a2216d9ba3f3d03601235683

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:05:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 69
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8469
x-xss-protection: 0
server: cafe
etag: 9781378207497007991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 20:05:54 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0589
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECZ1nDDgYoXSiL9qBFPl9KM&google_cver=1

43 B
894 B

28ms
27ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECZ1nDDgYoXSiL9qBFPl9KM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIT8cxCYy3sYt63YowEwAQ&v=APEucNUsPNZNvcwR7V_vMPTtwoHWm_A29KoaTlxGK5FpAlGTv_QXK9ZvnGnrRJq_0UDP2GwEZO0ZcFeBxOLLuT4hpaQOYlWULxLHN3IxDgGb25OhmgE2cImji6Rp4Va4o5y3npy3xOV_PCX6CqxljSC5LxssMLRpdnRROK0NkRAi1F4ZF8cG1hVR68AIzOUhV-raXCOWVlrReG0rqgRLAft5hujTw0Yndg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:03 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 15 Apr 2021 20:07:03 GMT

Redirect headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECZ1nDDgYoXSiL9qBFPl9KM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0589
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YHic5ijBKizM4SkU48VleQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECZ1nDDgYoXSiL9qBFPl9KM&google_cver=1

43 B
894 B

28ms
27ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECZ1nDDgYoXSiL9qBFPl9KM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIT8cxCYy3sYt63YowEwAQ&v=APEucNUsPNZNvcwR7V_vMPTtwoHWm_A29KoaTlxGK5FpAlGTv_QXK9ZvnGnrRJq_0UDP2GwEZO0ZcFeBxOLLuT4hpaQOYlWULxLHN3IxDgGb25OhmgE2cImji6Rp4Va4o5y3npy3xOV_PCX6CqxljSC5LxssMLRpdnRROK0NkRAi1F4ZF8cG1hVR68AIzOUhV-raXCOWVlrReG0rqgRLAft5hujTw0Yndg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:03 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 15 Apr 2021 20:07:03 GMT

Redirect headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECZ1nDDgYoXSiL9qBFPl9KM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 0589
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOYKI12jR9PP_5vE93Mi3d4&google_cver=1

43 B
1022 B

29ms
27ms

Image
image/gif

37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOYKI12jR9PP_5vE93Mi3d4&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIT8cxCYy3sYt63YowEwAQ&v=APEucNUsPNZNvcwR7V_vMPTtwoHWm_A29KoaTlxGK5FpAlGTv_QXK9ZvnGnrRJq_0UDP2GwEZO0ZcFeBxOLLuT4hpaQOYlWULxLHN3IxDgGb25OhmgE2cImji6Rp4Va4o5y3npy3xOV_PCX6CqxljSC5LxssMLRpdnRROK0NkRAi1F4ZF8cG1hVR68AIzOUhV-raXCOWVlrReG0rqgRLAft5hujTw0Yndg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:03 GMT
X-Proxy-Origin: 195.181.173.201; 195.181.173.201; 536.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.151:80
AN-X-Request-Uuid: 8b56db96-bf0d-4917-a287-edeec3512c7b
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOYKI12jR9PP_5vE93Mi3d4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 0589
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjU1ODkwNzA3MDIyMDc3NDQ3OA%3D%3D

170 B
188 B

41ms
40ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjU1ODkwNzA3MDIyMDc3NDQ3OA%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:03 GMT
X-Proxy-Origin: 195.181.173.201; 195.181.173.201; 536.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.203:80
AN-X-Request-Uuid: 7ac324fe-4e77-4e76-b297-c15165888caf
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjU1ODkwNzA3MDIyMDc3NDQ3OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame BE42 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021041201.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Thu, 15 Apr 2021 20:07:03 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A328 624 B
297 B 19ms
19ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COXQcRDc2YSLAhilqNWiATAB&v=APEucNW84jQkw5XQiy8qZUci6nzWjV-c6pY7-kax3ddqdEd0WbkE0C5Y849brNO3WPNHaJ4O7GHhHpDIKUXjt9tgP9fn3aeP0NPT11Xt-EKtOGJc3Xttmg_spe1DoBuXdtyWRMDEG55oyxy2elFYMdcY6Du5Z14bIF2O4OWci6UeIAJ8TqiBQhpFcCTQwAMzdW9OPa80kSmHG9htrcDwkg2bRPOUswilLw

Requested by

Host: 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
URL: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=COXQcRDc2YSLAhilqNWiATAB&v=APEucNW84jQkw5XQiy8qZUci6nzWjV-c6pY7-kax3ddqdEd0WbkE0C5Y849brNO3WPNHaJ4O7GHhHpDIKUXjt9tgP9fn3aeP0NPT11Xt-EKtOGJc3Xttmg_spe1DoBuXdtyWRMDEG55oyxy2elFYMdcY6Du5Z14bIF2O4OWci6UeIAJ8TqiBQhpFcCTQwAMzdW9OPa80kSmHG9htrcDwkg2bRPOUswilLw
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmUHmiQbFti-PrQMNTfI8mR6-g88Y3DlHFSSTceWPQDSGBmlTwD7AarBrGFdwY
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 15 Apr 2021 20:07:03 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9849 28 KB
13 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BW3jMlYNaFiMIUhS5ToY25vI2x3NsDf04-uVACr-4woAeHGd9FQ7RrdhbRJpLzs5JkS4lcIaqY-iOHKxS_yL3NxSlQYbZVUwEdBtBqLaKYBdxevrmkaDI2ZPD25IWMuwLPjCqaZ7mY9PmWoBwFZ6ubrdYc8w&dbm_d=AKAmf-Bu4DlKdqU7t9lUT0RPgiIXfwEgZrVJNUwvlkHdYoGKU_5QIUgYsYCH8FHpmX5nSwUL6G-kYnfqkMRriULgklH3EuCcfSZH3WAth7iug6DURE5CZlklfnQS2n9zB9rRX6wnqVWIt_JrAZli2PVmuOxRKe0QfX-RiXPL5AKKzWaDMqT4s0HrYedzK46sVuKAK45FLXzEmQA3Vdfia8u1trHHOPaOyZRdhByFUX-x-BDy94UBKc6heJq_3mW0IPh7eED4u-THIZyfTDItBAiheKMs0ONIVM5AFvjoMe2kj58mg62m6t5LybZ5IQPnp80k_wNfkUP3UeLZ0UMk2M44_juUsozSU3ztpQhmdujGI39W9fnQ7Zv137DnOD0cSvii8Ezw7_sGXdQW-mC0N1QuKFaz8Q91uAGwLC7u9qbkTmX9fCXoGEUwSy2Tqcnj9-rDC6K-ZFMzm0SVTLCZR9rRaYggMzk_X5WSg1s3-t8uOndMDH6Lh-uTAzavtjCw1DKt9mSM74u-s2jI17qrXPc1yxEImpIvCMaV6ll9a5R5eNhln2_VgePFgKjtftFzaicgtUz9HYJh774zZO8vCGL0o18Y8DrQAlwnOlC3_rCLZ208gdCMCqbGb53OoGrnikPAtDxfrpfHaIwwZbdM9CRv7w2Mn_iIEj9-vuQCPfZlKuPxQCy-lZ7fcZ8glT46EDWIg9qgK4U2kM_TrnBQAJESpVOwDPRg7Kx6gcfgRZPwfDhFFfpV8bCm20mjgUR31_VcL7zwTpkj3_hmOHDrLPrnQCid6txRLafRo49o-YxwbHnhyd9Urhs1XsEJz04X0PiOrdrOD7P1lqN78Q8bQdGaURd4jXE1WjDAGm6ejE6PK3e5vIO-dsqJM1x9Xpbu8bEEQbvssQGiwr-Le2y95m3CJW_9aTUoV594rMuTnEn-fN5BaWwT7vIWW04R9YSacbgWgGrOWfMMSR0ZMMo5tD-31RtdYqjusiait3N1QNRfzgV0NwhuhaJnXnJ7VpOHOGNRkEGKrOvtle49SU2kvn8a5vN_ldxlRSyS6gcnqTf8Y1D6mV1q3hfhnHvN_1BnXtlH7dBgP7FmwkAneQr5OohFC3ThieaNuHI7jLdiU77uEA1VY8368n6KVpHxAIUX4y_uzg7JHpFbcLEyI0ocFPQU9SnWKipX8GECcq9gDKUKyZVaysBHQ2SPT9DfOh9tEbwjUyfwJBPKH1eH6myUg6Cn7wUYa7kHChK4I8gqtpD7HQc9eyWoiGYHmwuAaW80VQOLpBMc6CEjY0Tomh7GdA-CpwyPwa4TkpDPsgihsebs55VmV82iZ4gGF-QAfw-BaqfK1C2kWtl1znP0ysNw6fLCzhyLnc0ten2EsqLCk584rJSJo9lPpWi1mLYcXJdZvy4xp3dlUVaX2oeWyVobb8JBy_peC6ZSaiJVWU1sZynKa4QgH0BpsGORX47G5lZDc9KJTscjVtR9vz0RYQY8qovX6fEQ-phyVW1hvofnEMR7fRo8VwkR8QEq2eP1m2G9SkLFRKMTCQeSw3MYcEzxhOQeAq2_UHtwlOGEELRyPZ5AtS7fNg3zamzz3JW8F30ipzvd9U9jTuap8eoqq2YIx2E2jZSJpLBhAI6EBmTsqC2sCPxTnH35ys9EL556u6tnOgFVJQ7PwkGVD1S-wgrATIpA0ppgphjukVCv6qo_To4SrVSkPqxJYyG-q1k6uAQ2LlbZlDB-qxDAf3lyXdN-307zB76EDBjsIG-Z4KNLr7bzWFNCbk6cFrNKQ_9qJnA-jMf2silQAe2ybwE6lEPjTifAEkniZ8ECZMXFIIIjV0oHb8_fnjjh-ZBzRIRhmPvMfx62aokbGj9jHp63OzfFVVmhrVPE1_nnMVX5oc2AuWj6j0FeDV1E1Is-M1y_pf56cGNeXvmVti3bCxPY7TQeDJhchBJ0A7jjISGYB-hLAFr3bGqaw4KZDguw282CYKJ6u_2WpUV3i90u6RfOHp2QPogjeKRQDNJ3LvkmByIEj_9j2H9kSG18QzxNVcY2lqxQuQDeMAaVZXrZHyVgckOLpPmQ-ahvczNYU5GkEHuILI1_tgZE5USamYY3dFu81r4ETlWFvriIBau-Dl3JsbQELjIVYtKDd-ioMq0Db2Mw2IMHj4w29Q35tzbvSX-9yz9595mGnrDhfGDztoAv8g7UI_FcUNdxMDV4spDfHNcpGYaopAONHt5RdpbpADahXSEuhBnXBDuTz07cdUC4ufND5DTaiFZfbuiT8jatZxojLK3A4mhsAsOgsR8AXkaSALb4P8_l1KuQbVrrvPUOh2VJIJgMV0eyY7_8nsYzJeNgN9Z-qVYHqg0mwrn-JrhhyHs3InGxVad9pArNdhB-z9wnU6iQk4S6CtnYZIlgqPnn3JprjjiBvrpG6qCp26yMx-83qiIf-bw5nAxlC05LP-TNtOakwzLrMCLw-UEoXNQd1knRCiUWtzuIJt9u2kmtYy61FmWT3Y1K0Y7ds5bKYz4alTE-z4lPo8g1HTNoMUsL_-PUmfWnlt1kYtRxDFPXN48Do9bETOsMdXQiJGnVU10sidmFOdND9z68gXtSZTM0YW95yJuZX_ycUZL8h75VDl8PVQcCYUAgTZEeVd98rk1krjDuCp93tj3n0iWmNBLEwkxdFUIZQq980uHy6CAg7o5f3y6PP_uHbC8OXZpp8lXPW_9mlr_QVn8yLwME5ywhtXyPMa89JWIJPQeGhEEl6CRBLW4jzZN1eByg3VKZq1xLzG-IzAzrvVRkc5QP3qqZgDY0nKLwvxNTK7Z7oXrBFyWVnkCMgY5vTkIn1XURJw4C_LjHYv5U7ne0SOdlBWaJNTabe-ZSGlmSfpqQyNqcXBNM4UW_LtPnnoLBl2tdm4CPhtB5uOdqsYeUFHRDeOJO1eT0gCI_1MdDwKPdlMtFs2Bab3peimnlK-VNR10kwV4yRDga6WSaeBVz4BZF-dgow_iuqCdMMWi3FCRoCdQPO43Z-7YbE_POQypVzKJ_894cMiY2p-QVGdKUdn1kQCLNTvx4Qh0iReT6UwCWJziYkbXRDXHD7XpJoB4Q0naxVDRh4umCbfuZZgJheUnHj44cgkcsJbysf3FNlYNHZgQdxQEVIh95GZ_C1Kau&cid=CAASEuRoyG3WXHmxVDjVgjwoZ2Skpw&rfl=5%2Chttps%253A%252F%252Fwww.teamblind.com%242%2C%2C%2C%2Chttps%253A%252F%252Fcompass.adop.cc%252F%240

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a8a84232885a62ee3a6531fd71552fd77acb7718370cee1f2d527475074fddc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13795
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9849 42 B
63 B 39ms
38ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BONEGEz0RWTETNW29kc6SLzawORzd7CqTywhV5rozNiUij0soV9lg1AtmXlZULjYRD-_71qdtPIUJHOWqupfffUQBmjxxZixIgwQoH1PtA4zJ8Jic

Requested by

Host: 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
URL: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ Frame 9849 2 KB
2 KB 11ms
9ms Script
application/javascript 2a02:26f0:10c:59c::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=14526021&cmp=145352&plc=v5VtUR&sid=55f48ca4113e34&DVP_PROG_REP=1&prr=1&DVP_DV_TT=1&DVP_DV_CT=1&DVP_PP_ID=3&DVP_PP_IMP_ID=ABAjH0hvWR2oE4krxvDd_9M7VyEQ&DVP_DBM_1=1861733&DVP_DBM_2=19003688&DVP_DBM_3=48317208&DVP_DBM_4=341136421&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=258279364216&turl=www.teamblind.com/&DVP_PP_BUNDLE_ID=&dvregion=2&unit=728x90
Requested by: Host: 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
URL: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:59c::4469 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 8d6487dc2599772b6ccb8ed3c214aefeddf16e73d868abb94f2223c133af06d0

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 20:07:03 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Apr 2021 11:40:05 GMT
Server: Microsoft-IIS/10.0
ETag: "eb910ea2231d71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 1338

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame 9849 7 KB
3 KB 11ms
9ms Script
application/javascript 2a02:26f0:10c:59c::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_DV_CT=1&DVP_PP_ID=3&DVPX_PP_IMP_ID=ABAjH0hvWR2oE4krxvDd_9M7VyEQ&DVP_DBM_1=1861733&DVP_DBM_2=19003688&DVP_DBM_3=48317208&DVP_DBM_4=341136421&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=258279364216&turl=www.teamblind.com/&DVP_PP_BUNDLE_ID=
Requested by: Host: 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
URL: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:59c::4469 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 554bc1440e7f58e518aae4facf8b6d5f34af6695c3a8d03c12003d1eb973989b

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 20:07:03 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Apr 2021 07:21:30 GMT
Server: Microsoft-IIS/10.0
ETag: "0f96cafe30d71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3005

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/ Frame 9849 2 KB
1 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/window_focus_fy2019.js

Requested by

Host: 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
URL: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:06:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 20:06:41 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9849 118 KB
36 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
URL: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce2216da03d856edb71b34855ce2c67476f6053791b3e85da74477d9a37360a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1618423651533291"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36717
x-xss-protection: 0
expires: Thu, 15 Apr 2021 20:07:03 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/ Frame 9849 13 KB
5 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
URL: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

231064110361844d6320331a5c35979c2a492a546604d97181eb6cf7aa4ae1cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:06:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5602
x-xss-protection: 0
server: cafe
etag: 7525161794280374107
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 20:06:47 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 0F69 41 KB
15 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com
URL: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 19:25:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88890
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Apr 2022 19:25:33 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 99E7 1 KB
749 B 8ms
7ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com
URL: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 15 Apr 2021 03:14:09 GMT
expires: Fri, 16 Apr 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 60774
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 0F69 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c3f20d5ebd038ac86b6170aacc5a3cc348f1cdeb80b856259fb7910cb0743b4d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 4D00 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://compass.adop.cc/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://compass.adop.cc/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Thu, 15 Apr 2021 20:06:30 GMT
expires: Fri, 15 Apr 2022 20:06:30 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 33
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0F69 0
107 B 132ms
71ms Ping
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvdKjL6c7LJ7tA6zfZMQs2WLLkCDetPRbRBVL6sJcrImMvRqNEuLZ4vwiCqMZKMo2vtbKub0NhKImmSGotY7DHYkmKgXodlmkc3JJJFbyFpHeVqF-LusjL1i-37-Xz1aUtlV9yBgN9ZGSxkOgOcXAki-CfY5jePrOYXR49rfLBwAAGMUzmc9hg2PBt29MtuhRZViApP8orr-s71-nRvRSUx-OkcuN629Y7uMPKqiqyYTQ4GEgg7lTFcmkclOEx3Xif7zBAoRGRVzKMLvgUiXI2A8qa2MYtZu_mQencfN-A8odpFPJ-8INTqBORekSVdCH929Z2yw94y1LsVMbixukY_szHV4FVnyobT5Yb9oz-AqACUikYQwIRf8aXtSg1CXDVK957ozm0iMAWiV7z7XkENNt3VVBqQ59xqCunqiDlUhes151Mcl7RSiOfVdEDcmKPXJ_01kqIHc7iPb6in8NZlgAoks1lE2lYPncNQt2ZHd5Ayq2m2E-rgQtUVxSEXfAh9bcr5ACjy3b6HSxcmzAn8Au9TSsCbXghHs9Q9pIbXQ0EWeo9fvF8Zd-RaC5BXissQCh_ek_dHUTkIcHlVYeIyUOyMbU__3JdPhnZLnTNNZWxaxAia428ElB62qpMbN8dTT5dLT70njg6dmLgbKBNxDDcC2ZkFZ2T9iGLanzLKfWa_Gadx3mqR45i44Dn1D6lfWeunHeQpClO3LsNqrEZGVQLwBI1deEHAiW8kXuDbKETibAw_CEzmIlX4C2TpWqwItX72Vy4JeyX9GQ7vH4j9KSnw-gSMFkUh9a7VMRRp4IYO3Au4-xD1eZJEsC1PR8CfGvzViRBQGYWYOiNZfKPtNc7RX8035BCI8D7wFwscdnVWfETX5uXOQAtZxu-OtvukbA2H3t8IBQLaV863Zo4_99ZGJBRVcSzogcHsgSTy9aEHo5btYTu8N6WSilmx3sRUgWE9RoIBTCzGIwmQnlpgMQBu8QSY1zTCJxCtJddt3B3ffMKPxwfytX2UsbBvg34ASCGgepqybCtIU62AAngi0dWNgIezabc1ciJDc2LxuJIZf4Lat7CTNaoOqffX9uGWw5A7tK2Fz9ix_T-UPtoXLy4ZjK2QtRJRJSMw_h3-OZD_U4YfM-oPOcfkwqVRrLcJWtlRSQDvp4uVBFKHDpaKX7vmkqHZg_rXPjN7n-vJ5_v2Qb6t9_2mX8i48G1iU9SB&sai=AMfl-YTnOdAPQMKPhLtT34CdcDxUBeRBznTByI5kehxGJRnVwkul10DKX-lnMu-q4_flo70Nnb8Vi-wBjkM3WeEaWTyHjQtHy0VuHNRNXSmfdguwiXC2Tr4uGnUlvaW3X6c_nZ9BNN8Y785ZuzYkUN_PjBivsXOLZQ&sig=Cg0ArKJSzH76uv9jWZKhEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=185&cbvp=1&cisv=r20210413.94076&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Thu, 15 Apr 2021 20:07:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 04072021-035014518-thales_traineeship_2021_160x600.png
s0.2mdn.net/8219976/ Frame 0F69 113 KB
113 KB 48ms
33ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8219976/04072021-035014518-thales_traineeship_2021_160x600.png

Requested by

Host: 23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com
URL: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0ccdd423d1d7baedd48712380907f12d4b1358a8a5200ff7ebe7b05268872514

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:03 GMT
x-content-type-options: nosniff
last-modified: Wed, 07 Apr 2021 10:50:14 GMT
server: sffe
age: 0
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 115462
x-xss-protection: 0
expires: Fri, 16 Apr 2021 20:07:03 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210413/r20110914/elements/html/ Frame 6100 8 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210413/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B10224936.280246103;dc_ver=70.201;sz=728x90;u_sd=1;dc_adk=522452138;ord=qmqchq;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=3,https%3A%2F%2Fwww.teamblind.com$2,,https%3A%2F%2Fcompass.adop.cc%2F$0;xdt=1;crlt=acxDL2JA*a;osda=2;sttr=62;prcl=s

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:05:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 20:05:36 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6100 0
528 B 116ms
62ms Ping
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst_knc37gxaBUMiTSsiz2jejLO_JwMSeSp3KIcPgadvwbOAo8TAMuJJGuhtAGVTMffATo756iRGkNODpYE5SEkRlFwjo-bIy36_A9bOJQMSHauybSpAoSfYOBZc1-qNlU2zyHVtRv6iQwOZ3KK2o6ILwA&sig=Cg0ArKJSzPDzL_hbcwr0EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210413.88993&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 15 Apr 2021 20:07:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame 6100 7 KB
3 KB 10ms
9ms Script
application/javascript 2a02:26f0:10c:59c::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=13311291&cmp=10224936&sid=2641434&plc=280246103&num=&adid=&advid=2276943&adsrv=1&btreg=315865137&btadsrv=doubleclick&crt=117573815&crtname=&chnl=&unit=&pid=&uid=&tagtype=&dvtagver=6.1.src
Requested by: Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B10224936.280246103;dc_ver=70.201;sz=728x90;u_sd=1;dc_adk=522452138;ord=qmqchq;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=3,https%3A%2F%2Fwww.teamblind.com$2,,https%3A%2F%2Fcompass.adop.cc%2F$0;xdt=1;crlt=acxDL2JA*a;osda=2;sttr=62;prcl=s
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:59c::4469 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 554bc1440e7f58e518aae4facf8b6d5f34af6695c3a8d03c12003d1eb973989b

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 20:07:03 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Apr 2021 07:21:30 GMT
Server: Microsoft-IIS/10.0
ETag: "0f96cafe30d71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3005

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6100 41 KB
15 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 19:25:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88890
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Apr 2022 19:25:33 GMT

GET
H3-29 200 adc_hun_EndHungerStory_728x90_Evergreen.jpg
s0.2mdn.net/2276943/ Frame 6100 46 KB
46 KB 17ms
9ms Image
image/jpeg 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/2276943/adc_hun_EndHungerStory_728x90_Evergreen.jpg

Requested by

Host: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

780849559953abc98981f7964d063930d1b9cdf5f9aff09e60bd64cc2d9de59a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 06:02:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 12 Jun 2019 18:23:23 GMT
server: sffe
age: 50688
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47415
x-xss-protection: 0
expires: Fri, 16 Apr 2021 06:02:15 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210413/r20110914/ Frame 9849 21 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210413/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BW3jMlYNaFiMIUhS5ToY25vI2x3NsDf04-uVACr-4woAeHGd9FQ7RrdhbRJpLzs5JkS4lcIaqY-iOHKxS_yL3NxSlQYbZVUwEdBtBqLaKYBdxevrmkaDI2ZPD25IWMuwLPjCqaZ7mY9PmWoBwFZ6ubrdYc8w&dbm_d=AKAmf-Bu4DlKdqU7t9lUT0RPgiIXfwEgZrVJNUwvlkHdYoGKU_5QIUgYsYCH8FHpmX5nSwUL6G-kYnfqkMRriULgklH3EuCcfSZH3WAth7iug6DURE5CZlklfnQS2n9zB9rRX6wnqVWIt_JrAZli2PVmuOxRKe0QfX-RiXPL5AKKzWaDMqT4s0HrYedzK46sVuKAK45FLXzEmQA3Vdfia8u1trHHOPaOyZRdhByFUX-x-BDy94UBKc6heJq_3mW0IPh7eED4u-THIZyfTDItBAiheKMs0ONIVM5AFvjoMe2kj58mg62m6t5LybZ5IQPnp80k_wNfkUP3UeLZ0UMk2M44_juUsozSU3ztpQhmdujGI39W9fnQ7Zv137DnOD0cSvii8Ezw7_sGXdQW-mC0N1QuKFaz8Q91uAGwLC7u9qbkTmX9fCXoGEUwSy2Tqcnj9-rDC6K-ZFMzm0SVTLCZR9rRaYggMzk_X5WSg1s3-t8uOndMDH6Lh-uTAzavtjCw1DKt9mSM74u-s2jI17qrXPc1yxEImpIvCMaV6ll9a5R5eNhln2_VgePFgKjtftFzaicgtUz9HYJh774zZO8vCGL0o18Y8DrQAlwnOlC3_rCLZ208gdCMCqbGb53OoGrnikPAtDxfrpfHaIwwZbdM9CRv7w2Mn_iIEj9-vuQCPfZlKuPxQCy-lZ7fcZ8glT46EDWIg9qgK4U2kM_TrnBQAJESpVOwDPRg7Kx6gcfgRZPwfDhFFfpV8bCm20mjgUR31_VcL7zwTpkj3_hmOHDrLPrnQCid6txRLafRo49o-YxwbHnhyd9Urhs1XsEJz04X0PiOrdrOD7P1lqN78Q8bQdGaURd4jXE1WjDAGm6ejE6PK3e5vIO-dsqJM1x9Xpbu8bEEQbvssQGiwr-Le2y95m3CJW_9aTUoV594rMuTnEn-fN5BaWwT7vIWW04R9YSacbgWgGrOWfMMSR0ZMMo5tD-31RtdYqjusiait3N1QNRfzgV0NwhuhaJnXnJ7VpOHOGNRkEGKrOvtle49SU2kvn8a5vN_ldxlRSyS6gcnqTf8Y1D6mV1q3hfhnHvN_1BnXtlH7dBgP7FmwkAneQr5OohFC3ThieaNuHI7jLdiU77uEA1VY8368n6KVpHxAIUX4y_uzg7JHpFbcLEyI0ocFPQU9SnWKipX8GECcq9gDKUKyZVaysBHQ2SPT9DfOh9tEbwjUyfwJBPKH1eH6myUg6Cn7wUYa7kHChK4I8gqtpD7HQc9eyWoiGYHmwuAaW80VQOLpBMc6CEjY0Tomh7GdA-CpwyPwa4TkpDPsgihsebs55VmV82iZ4gGF-QAfw-BaqfK1C2kWtl1znP0ysNw6fLCzhyLnc0ten2EsqLCk584rJSJo9lPpWi1mLYcXJdZvy4xp3dlUVaX2oeWyVobb8JBy_peC6ZSaiJVWU1sZynKa4QgH0BpsGORX47G5lZDc9KJTscjVtR9vz0RYQY8qovX6fEQ-phyVW1hvofnEMR7fRo8VwkR8QEq2eP1m2G9SkLFRKMTCQeSw3MYcEzxhOQeAq2_UHtwlOGEELRyPZ5AtS7fNg3zamzz3JW8F30ipzvd9U9jTuap8eoqq2YIx2E2jZSJpLBhAI6EBmTsqC2sCPxTnH35ys9EL556u6tnOgFVJQ7PwkGVD1S-wgrATIpA0ppgphjukVCv6qo_To4SrVSkPqxJYyG-q1k6uAQ2LlbZlDB-qxDAf3lyXdN-307zB76EDBjsIG-Z4KNLr7bzWFNCbk6cFrNKQ_9qJnA-jMf2silQAe2ybwE6lEPjTifAEkniZ8ECZMXFIIIjV0oHb8_fnjjh-ZBzRIRhmPvMfx62aokbGj9jHp63OzfFVVmhrVPE1_nnMVX5oc2AuWj6j0FeDV1E1Is-M1y_pf56cGNeXvmVti3bCxPY7TQeDJhchBJ0A7jjISGYB-hLAFr3bGqaw4KZDguw282CYKJ6u_2WpUV3i90u6RfOHp2QPogjeKRQDNJ3LvkmByIEj_9j2H9kSG18QzxNVcY2lqxQuQDeMAaVZXrZHyVgckOLpPmQ-ahvczNYU5GkEHuILI1_tgZE5USamYY3dFu81r4ETlWFvriIBau-Dl3JsbQELjIVYtKDd-ioMq0Db2Mw2IMHj4w29Q35tzbvSX-9yz9595mGnrDhfGDztoAv8g7UI_FcUNdxMDV4spDfHNcpGYaopAONHt5RdpbpADahXSEuhBnXBDuTz07cdUC4ufND5DTaiFZfbuiT8jatZxojLK3A4mhsAsOgsR8AXkaSALb4P8_l1KuQbVrrvPUOh2VJIJgMV0eyY7_8nsYzJeNgN9Z-qVYHqg0mwrn-JrhhyHs3InGxVad9pArNdhB-z9wnU6iQk4S6CtnYZIlgqPnn3JprjjiBvrpG6qCp26yMx-83qiIf-bw5nAxlC05LP-TNtOakwzLrMCLw-UEoXNQd1knRCiUWtzuIJt9u2kmtYy61FmWT3Y1K0Y7ds5bKYz4alTE-z4lPo8g1HTNoMUsL_-PUmfWnlt1kYtRxDFPXN48Do9bETOsMdXQiJGnVU10sidmFOdND9z68gXtSZTM0YW95yJuZX_ycUZL8h75VDl8PVQcCYUAgTZEeVd98rk1krjDuCp93tj3n0iWmNBLEwkxdFUIZQq980uHy6CAg7o5f3y6PP_uHbC8OXZpp8lXPW_9mlr_QVn8yLwME5ywhtXyPMa89JWIJPQeGhEEl6CRBLW4jzZN1eByg3VKZq1xLzG-IzAzrvVRkc5QP3qqZgDY0nKLwvxNTK7Z7oXrBFyWVnkCMgY5vTkIn1XURJw4C_LjHYv5U7ne0SOdlBWaJNTabe-ZSGlmSfpqQyNqcXBNM4UW_LtPnnoLBl2tdm4CPhtB5uOdqsYeUFHRDeOJO1eT0gCI_1MdDwKPdlMtFs2Bab3peimnlK-VNR10kwV4yRDga6WSaeBVz4BZF-dgow_iuqCdMMWi3FCRoCdQPO43Z-7YbE_POQypVzKJ_894cMiY2p-QVGdKUdn1kQCLNTvx4Qh0iReT6UwCWJziYkbXRDXHD7XpJoB4Q0naxVDRh4umCbfuZZgJheUnHj44cgkcsJbysf3FNlYNHZgQdxQEVIh95GZ_C1Kau&cid=CAASEuRoyG3WXHmxVDjVgjwoZ2Skpw&rfl=5%2Chttps%253A%252F%252Fwww.teamblind.com%242%2C%2C%2C%2Chttps%253A%252F%252Fcompass.adop.cc%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6095f802f70da16a4e09cc05554f17ceae41f8a8a2216d9ba3f3d03601235683

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:05:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 69
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8469
x-xss-protection: 0
server: cafe
etag: 9781378207497007991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 20:05:54 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9849 41 KB
15 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 19:25:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88890
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Apr 2022 19:25:33 GMT

GET
H/1.1 200
OK /
d.agkn.com/pixel/2387/ Frame 9849 43 B
721 B 21ms
21ms Image
image/gif 3.126.239.96
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.agkn.com/pixel/2387/?ct=DE&st=&city=5750&dma=0&zp=76199&bw=3&che=115517848&col=25245842,4128031,299611162,492552994,148297111
Requested by: Host: 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
URL: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.239.96 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-239-96.eu-central-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:03 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6100 118 KB
36 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce2216da03d856edb71b34855ce2c67476f6053791b3e85da74477d9a37360a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1618423651533291"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36717
x-xss-protection: 0
expires: Thu, 15 Apr 2021 20:07:03 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9DED 0
20 B 40ms
40ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021041201&jk=2238024774400320&bg=!LC-lL2vNAAb2K53n9is7ACkAdvg8WtnHmfpkUsz1-k8Q2S1cAtx6TElKBAEQtLMAnCSamqtPxMhgHwIAAAFsUgAAAHNoAQcKAAp5VDkCVImuMvJ0mQIXPfZdNUjL9zMwVlpb7hIsJJmclxLU940nWGSssoZ4uTQuG6Uw6YOD9EO60YfTpI8LBv0EG3irg_Kxtl8Y6dyEH6qPM4zmutm7WTUw3QX0XoP5O6xH2uMRnWw98rwOlkny9DL6uOZlaeyEAS7wrqkX7zm-XlLpscvR-wSAEuoUFQn14zcEK6sS_yo8V6ENDqi7WtKCkPUfSHa_fr_VKTzzHOY1035JyNJmvc2C6laZT6Bc3UNtg-hV9BrMPHOmVH4wl-HrBgo-A3e5FvYHMPq6NTkMfXsI13RBqy-FbIkWJ56N20BrLO5quUkixQoK3hN3tDhfRD0_2r-aH2Gb1jUOH2QyHeXJI2zMen-X29MDmfFYgAY7mzoGA0_pn9QUssAHRWmZz1NS-ei0TtBmlxSjtuo4IckFXcsxcPeMD7-RfJHIGszm4YvKk9_iBaQQUdn_7K3yFWlommNOhUaCiWokWdBy2I8es-EEFrJrMEy1zlYSSxecxBTSqZEQSvQpQQ51DDq9NUerRgj7nVR3nRBAQI7_AVAaGyFer50knGLRluvSRYpUJwjDG0JQ54TVQn1lnTsRYzGtGN_KVsED5_rIKpdMtBtuFk8GC2jjwYyGGaqiRiDTypsijJB9G6jGcgw_w_4XjWsjJcEExrEeGgQq2mAyUAsP3kxB8LcmNhofNy0lEwRh1Xtv6X-D2xzHyLGwnNWCAQanZw

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 Qx3Q47ufVIXthwLbxHTZsoggz9VdVncx7lDJETLQzH4.js Show response
pagead2.googlesyndication.com/bg/ Frame 04F1 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Qx3Q47ufVIXthwLbxHTZsoggz9VdVncx7lDJETLQzH4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

431dd0e3bb9f5485ed8702dbc474d9b28820cfd55d567731ee50c91132d0cc7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 14:08:14 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Tue, 30 Mar 2021 13:08:00 GMT
server: sffe
age: 21529
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5721
x-xss-protection: 0
expires: Fri, 15 Apr 2022 14:08:14 GMT

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame A914 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Thu, 15 Apr 2021 13:04:31 GMT
expires: Fri, 15 Apr 2022 13:04:31 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 25352
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK dv-measurements1165.js Show response
cdn.doubleverify.com/ Frame 0848 476 KB
86 KB 12ms
11ms Script
application/javascript 2a02:26f0:10c:59c::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements1165.js
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:59c::4469 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 7e739cb08237c433c5fc87622578034ce4d4b9233f7cef03d0c9183d3295e9ca

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 20:07:03 GMT
Content-Encoding: gzip
Last-Modified: Tue, 30 Mar 2021 12:00:54 GMT
Server: Microsoft-IIS/10.0
ETag: "01ff4555c25d71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946083600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 87677

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 8A97 1 KB
749 B 6ms
5ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 15 Apr 2021 03:14:09 GMT
expires: Fri, 16 Apr 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 60774
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6100 0
60 B 62ms
61ms Ping
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 15 Apr 2021 20:07:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A328
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECZ1nDDgYoXSiL9qBFPl9KM&google_cver=1

43 B
894 B

42ms
41ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECZ1nDDgYoXSiL9qBFPl9KM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COXQcRDc2YSLAhilqNWiATAB&v=APEucNW84jQkw5XQiy8qZUci6nzWjV-c6pY7-kax3ddqdEd0WbkE0C5Y849brNO3WPNHaJ4O7GHhHpDIKUXjt9tgP9fn3aeP0NPT11Xt-EKtOGJc3Xttmg_spe1DoBuXdtyWRMDEG55oyxy2elFYMdcY6Du5Z14bIF2O4OWci6UeIAJ8TqiBQhpFcCTQwAMzdW9OPa80kSmHG9htrcDwkg2bRPOUswilLw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:03 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 15 Apr 2021 20:07:03 GMT

Redirect headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECZ1nDDgYoXSiL9qBFPl9KM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A328
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YHic5ijBKizM4SkU48VleQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECZ1nDDgYoXSiL9qBFPl9KM&google_cver=1

43 B
894 B

29ms
29ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECZ1nDDgYoXSiL9qBFPl9KM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COXQcRDc2YSLAhilqNWiATAB&v=APEucNW84jQkw5XQiy8qZUci6nzWjV-c6pY7-kax3ddqdEd0WbkE0C5Y849brNO3WPNHaJ4O7GHhHpDIKUXjt9tgP9fn3aeP0NPT11Xt-EKtOGJc3Xttmg_spe1DoBuXdtyWRMDEG55oyxy2elFYMdcY6Du5Z14bIF2O4OWci6UeIAJ8TqiBQhpFcCTQwAMzdW9OPa80kSmHG9htrcDwkg2bRPOUswilLw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:03 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 15 Apr 2021 20:07:03 GMT

Redirect headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECZ1nDDgYoXSiL9qBFPl9KM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame A328
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOYKI12jR9PP_5vE93Mi3d4&google_cver=1

43 B
1021 B

40ms
39ms

Image
image/gif

37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOYKI12jR9PP_5vE93Mi3d4&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COXQcRDc2YSLAhilqNWiATAB&v=APEucNW84jQkw5XQiy8qZUci6nzWjV-c6pY7-kax3ddqdEd0WbkE0C5Y849brNO3WPNHaJ4O7GHhHpDIKUXjt9tgP9fn3aeP0NPT11Xt-EKtOGJc3Xttmg_spe1DoBuXdtyWRMDEG55oyxy2elFYMdcY6Du5Z14bIF2O4OWci6UeIAJ8TqiBQhpFcCTQwAMzdW9OPa80kSmHG9htrcDwkg2bRPOUswilLw

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:03 GMT
X-Proxy-Origin: 195.181.173.201; 195.181.173.201; 536.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.54:80
AN-X-Request-Uuid: 8553ef88-e211-41c6-9fee-a5ae90edf23e
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOYKI12jR9PP_5vE93Mi3d4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A328
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjU1ODkwNzA3MDIyMDc3NDQ3OA%3D%3D

170 B
188 B

44ms
43ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjU1ODkwNzA3MDIyMDc3NDQ3OA%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:03 GMT
X-Proxy-Origin: 195.181.173.201; 195.181.173.201; 536.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.232:80
AN-X-Request-Uuid: 8713af78-12e1-481f-a8a9-f9ca858751e2
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjU1ODkwNzA3MDIyMDc3NDQ3OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK dv-measurements1165.js Show response
cdn.doubleverify.com/ Frame E98C 476 KB
86 KB 10ms
9ms Script
application/javascript 2a02:26f0:10c:59c::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements1165.js
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:59c::4469 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 7e739cb08237c433c5fc87622578034ce4d4b9233f7cef03d0c9183d3295e9ca

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 20:07:03 GMT
Content-Encoding: gzip
Last-Modified: Tue, 30 Mar 2021 12:00:54 GMT
Server: Microsoft-IIS/10.0
ETag: "01ff4555c25d71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946083600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 87677

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8072 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Thu, 15 Apr 2021 13:04:31 GMT
expires: Fri, 15 Apr 2022 13:04:31 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 25352
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame A428 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Thu, 15 Apr 2021 13:04:31 GMT
expires: Fri, 15 Apr 2022 13:04:31 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 25352
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 6100 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ee1877443e0f173670382e5b361173797bacf77dd756f49269c67ca1bc2623a4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 99E7 0
191 B 72ms
22ms Image
text/plain 66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEH0eOe0oHqctNJemk8z5Kzs&google_cver=1&google_push=AQvitUIAnvm8zqkvOuO-eWM6Xbrqjw88iss_7ggD0VM-AueK-B38oXEnWRBdMaSEvpqAyX94xOddUPj0wviV5IaInA5jRXrVrsdPZA
Requested by: Host: 23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com
URL: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 99E7
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEF_Qr3CMrs5VdZ2_6V8kYmo&google_cver=1&google_push=AQvitULQ86fWfYR47FYiobwpn2xFY8KPHs0ODGECDmTh0zjPD7eW16eV13dm0eVcwzeyOtUDaKYmTlgFkXF...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AQvitULQ86fWfYR47FYiobwpn2xFY8KPHs0ODGECDmTh0zjPD7eW16eV13dm0eVcwzeyOtUDaKYmTlgFkXFVDHezY7iTpyJ7h3mpsg&google_hm=80utJWhAQLCqWnPnIl...

170 B
188 B

41ms
41ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AQvitULQ86fWfYR47FYiobwpn2xFY8KPHs0ODGECDmTh0zjPD7eW16eV13dm0eVcwzeyOtUDaKYmTlgFkXFVDHezY7iTpyJ7h3mpsg&google_hm=80utJWhAQLCqWnPnIlVvSsk

Requested by

Host: 23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com
URL: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:02 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AQvitULQ86fWfYR47FYiobwpn2xFY8KPHs0ODGECDmTh0zjPD7eW16eV13dm0eVcwzeyOtUDaKYmTlgFkXFVDHezY7iTpyJ7h3mpsg&google_hm=80utJWhAQLCqWnPnIlVvSsk
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: clear
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 99E7
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESECZAzA442lZ4rag5c0CGaPs&google_cver=1&google_push=AQvitULDzn7SEA7uEkwUnByx0bh6-l2nr96PZD3Bqzib6NwvfE8In-vNO7D8psE7nI8j2xUylh7vlXH-ra3_n7JgZnZ2...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESECZAzA442lZ4rag5c0CGaPs&google_cver=1&google_push=AQvitULDzn7SEA7uEkwUnByx0bh6-l2nr96PZD3Bqzib6NwvfE8In-vNO7D8psE7nI8j2xUylh7vlXH-ra3_n7...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AQvitULDzn7SEA7uEkwUnByx0bh6-l2nr96PZD3Bqzib6NwvfE8In-vNO7D8psE7nI8j2xUylh7vlXH-ra3_n7JgZnZ2ZbUrn5A7EQ&google_hm=WxtKV7KETMygn_RrNh4OYg==

170 B
188 B

39ms
39ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AQvitULDzn7SEA7uEkwUnByx0bh6-l2nr96PZD3Bqzib6NwvfE8In-vNO7D8psE7nI8j2xUylh7vlXH-ra3_n7JgZnZ2ZbUrn5A7EQ&google_hm=WxtKV7KETMygn_RrNh4OYg==

Requested by

Host: 23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com
URL: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AQvitULDzn7SEA7uEkwUnByx0bh6-l2nr96PZD3Bqzib6NwvfE8In-vNO7D8psE7nI8j2xUylh7vlXH-ra3_n7JgZnZ2ZbUrn5A7EQ&google_hm=WxtKV7KETMygn_RrNh4OYg==
date: Thu, 15 Apr 2021 20:07:03 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 99E7
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESENJwxKylWXT31IJLyliy5pg&google_cver=1&google_push=AQvitUKdK_Bv0Hsat11aOLv1mZmqKV1PXimd31Cn-Y307D10UmQHfcENSJuS52DJ-zfG74chfNmO-YhZ0qUGicxLbBmdI4s...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUKdK_Bv0Hsat11aOLv1mZmqKV1PXimd31Cn-Y307D10UmQHfcENSJuS52DJ-zfG74chfNmO-YhZ0qUGicxLbBmdI4sjeSDw&google_hm=NzcwMzYxMzA4NzU1MTQyMT...

170 B
188 B

42ms
42ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUKdK_Bv0Hsat11aOLv1mZmqKV1PXimd31Cn-Y307D10UmQHfcENSJuS52DJ-zfG74chfNmO-YhZ0qUGicxLbBmdI4sjeSDw&google_hm=NzcwMzYxMzA4NzU1MTQyMTI0MQ%3D%3D

Requested by

Host: 23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com
URL: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 15 Apr 2021 20:07:03 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUKdK_Bv0Hsat11aOLv1mZmqKV1PXimd31Cn-Y307D10UmQHfcENSJuS52DJ-zfG74chfNmO-YhZ0qUGicxLbBmdI4sjeSDw&google_hm=NzcwMzYxMzA4NzU1MTQyMTI0MQ%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 99E7
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESENzumT9bklWqePZd-CAX6dM&google_cver=1&google_push=AQvitUIqPA6Lan0AMWkj-zCUCDMrIlifXQvZYkL4wjnoKEtyWrnyIxe_Ckx2jxFHCllVQ27vzrE0jT5g0gOjaSduJ-D__XTxFEo4ew
https://rtb.openx.net/sync/dds?google_gid=CAESENzumT9bklWqePZd-CAX6dM&google_cver=1&google_push=AQvitUIqPA6Lan0AMWkj-zCUCDMrIlifXQvZYkL4wjnoKEtyWrnyIxe_Ckx2jxFHCllVQ27vzrE0jT5g0gOjaSduJ-D__XTxFEo4e...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIqPA6Lan0AMWkj-zCUCDMrIlifXQvZYkL4wjnoKEtyWrnyIxe_Ckx2jxFHCllVQ27vzrE0jT5g0gOjaSduJ-D__XTxFEo4ew&google_hm=oeNmmxzkxeMR-AMSldu8KQ==

170 B
188 B

41ms
41ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIqPA6Lan0AMWkj-zCUCDMrIlifXQvZYkL4wjnoKEtyWrnyIxe_Ckx2jxFHCllVQ27vzrE0jT5g0gOjaSduJ-D__XTxFEo4ew&google_hm=oeNmmxzkxeMR-AMSldu8KQ==

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:02 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIqPA6Lan0AMWkj-zCUCDMrIlifXQvZYkL4wjnoKEtyWrnyIxe_Ckx2jxFHCllVQ27vzrE0jT5g0gOjaSduJ-D__XTxFEo4ew&google_hm=oeNmmxzkxeMR-AMSldu8KQ==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: lcfh414lqsn210q4hln0putlapdb9q5f

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 99E7
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEPsCgDE-iFnaysaTxdY7bI0&google_cver=1&google_push=AQvitUI_xKHQokAvWMYLX5VqGT0gTkkIkx8KmlEBjtiE54OMJtHSu8PyxrBosooLRtl_VpNSOTwwEwhaCYhmUTG_T...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEPsCgDE-iFnaysaTxdY7bI0&google_cver=1&google_push=AQvitUI_xKHQokAvWMYLX5VqGT0gTkkIkx8KmlEBjtiE54OMJtHSu8PyxrBosooLRtl_VpNSOTwwEwhaCYhmUTG_T...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AQvitUI_xKHQokAvWMYLX5VqGT0gTkkIkx8KmlEBjtiE54OMJtHSu8PyxrBosooLRtl_VpNSOTwwEwhaCYhmUTG_Tv1hN-zngEOL&google_hm=69c6658fc7621916306cfc80

170 B
188 B

40ms
39ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AQvitUI_xKHQokAvWMYLX5VqGT0gTkkIkx8KmlEBjtiE54OMJtHSu8PyxrBosooLRtl_VpNSOTwwEwhaCYhmUTG_Tv1hN-zngEOL&google_hm=69c6658fc7621916306cfc80

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 15 Apr 2021 20:07:03 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AQvitUI_xKHQokAvWMYLX5VqGT0gTkkIkx8KmlEBjtiE54OMJtHSu8PyxrBosooLRtl_VpNSOTwwEwhaCYhmUTG_Tv1hN-zngEOL&google_hm=69c6658fc7621916306cfc80
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap3ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 99E7 0
12 B 39ms
37ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L8-sUi2Kp67OgipU4Mkl4AXwNK47G7b4wTuID71gyZEFJslkSqiggsypNEIAZLcA

Requested by

Host: 23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com
URL: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:03 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK dvbs_src_internal79.js Show response
cdn.doubleverify.com/ Frame 9849 53 KB
17 KB 11ms
11ms Script
application/javascript 2a02:26f0:10c:59c::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src_internal79.js
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=14526021&cmp=145352&plc=v5VtUR&sid=55f48ca4113e34&DVP_PROG_REP=1&prr=1&DVP_DV_TT=1&DVP_DV_CT=1&DVP_PP_ID=3&DVP_PP_IMP_ID=ABAjH0hvWR2oE4krxvDd_9M7VyEQ&DVP_DBM_1=1861733&DVP_DBM_2=19003688&DVP_DBM_3=48317208&DVP_DBM_4=341136421&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=258279364216&turl=www.teamblind.com/&DVP_PP_BUNDLE_ID=&dvregion=2&unit=728x90
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:59c::4469 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 40adb937145b21abf0b1dde7dfa4d0a80be21ce7bf7d4f85ca944022a23c6785

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 20:07:03 GMT
Content-Encoding: gzip
Last-Modified: Sun, 16 Aug 2020 05:50:22 GMT
Server: Microsoft-IIS/10.0
ETag: "0a34a219173d61:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 16756

GET
H/1.1 200
OK t2tv7.html Show response
cdn.doubleverify.com/ Frame 59C3 12 KB
4 KB 10ms
9ms Document
text/html 2a02:26f0:10c:59c::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/t2tv7.html
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:59c::4469 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 29f21aea7fc613d2618b70a483e0b4bf50ba3f4ce4109fa429ce580ec57ef991

Request headers

Host: cdn.doubleverify.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/

Response headers

Cache-Control: max-age=946080000
Content-Type: text/html
Last-Modified: Thu, 11 Sep 2014 19:15:16 GMT
Accept-Ranges: bytes
ETag: "0ba3b8f4cdcf1:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3877
Date: Thu, 15 Apr 2021 20:07:03 GMT
Connection: keep-alive

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame 0848 1 KB
1 KB 24ms
23ms Script
text/javascript 213.254.244.14
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&bridua=3&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau4%40%3EA2DD%5D25%40A%5D44TauU2%3F4r92%3A%3Fl9EEADTbpTauTauHHH%5DE62%3E3%3D%3A%3F5%5D4%40%3ETar9EEADTbpTauTauHHH%5DE62%3E3%3D%3A%3F5%5D4%40%3ETar9EEADTbpTauTau4%40%3EA2DD%5D25%40A%5D44Tar9EEADTbpTauTau5742e__7a_b6ge27h27%60b4db%60a_a_c_6%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTau5742e__7a_b6ge27h27%60b4db%60a_a_c_6%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3ETauD2767C2%3E6Tau%60%5C_%5CbgTau9E%3E%3DTau4%40%3FE2%3A%3F6C%5D9E%3E%3DTbu%3FTbsa&srcurlD=2&aUrlD=4&ssl=https:&dfs=47&ddur=32&uid=1618517223688502&jsCallback=dvCallback_1618517223688755&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=1165&tgjsver=1165&lvvn=28&m1=13&refD=3&referrer=https%3A%2F%2Fdfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html%3Fn%3D2&fcifrms=6&brh=2&dvp_epl=520&noc=16&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=www.teamblind.com/&errorURL=https://tps.doubleverify.com/visit.jpg&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_DV_CT=1&DVP_PP_ID=3&DVP_DBM_1=1861733&DVP_DBM_2=18808749&DVP_DBM_3=47988502&DVP_DBM_4=336214720&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=258279364216&DVPX_PP_IMP_ID=ABAjH0ga-US-5y6asDGqgdWotc-C&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=3&dvp_sukv=221570977.81368482&dvp_tukv=1318634899426.0464&dvp_uuid=419966796178.23047&dvp_strhd=0.21000206470489502&dvpx_strhd=0.21000206470489502&dvp_tuid=19607107775&dvp_vcms=13&dvp_slmsd=240&dvp_vcmsd=253
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.14 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 30d7e1e073346bcca8b4e2756a6aea26252657b4fc82aed859a15715b4d163ce

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:03 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 4/14/2021 8:07:03 PM

GET
H/1.1 200
OK bst2tv3.html Show response
cdn3.doubleverify.com/ Frame 8D97 1 KB
1 KB 9ms
9ms Document
text/html 2a02:26f0:10c:59c::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn3.doubleverify.com/bst2tv3.html
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal79.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:59c::4469 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 86be5d6a3d661fd3d5d72f254a347dec5c66cad569117f51dad297acba02f558

Request headers

Host: cdn3.doubleverify.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/

Response headers

Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Tue, 02 Sep 2014 17:01:36 GMT
Accept-Ranges: bytes
ETag: "01818ecfc6cf1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 806
Cache-Control: max-age=32704
Date: Thu, 15 Apr 2021 20:07:03 GMT
Connection: keep-alive

GET
H/1.1 200
OK verify.js Show response
rtb2.doubleverify.com/ Frame 9849 2 KB
1 KB 27ms
23ms Script
text/javascript 213.254.244.16
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb2.doubleverify.com/verify.js?jsCallback=__verify_callback_114347128356&jsTagObjCallback=__tagObject_callback_114347128356&num=6&ctx=14526021&cmp=145352&plc=v5VtUR&sid=55f48ca4113e34&advid=&adsrv=&unit=728x90&isdvvid=&uid=114347128356&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&dup=null&brid=0&brver=&bridua=3&turl=www.teamblind.com/&srcurlD=4&ssl=1&refD=5&htmlmsging=1&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_DV_CT=1&DVP_PP_ID=3&DVP_PP_IMP_ID=ABAjH0hvWR2oE4krxvDd_9M7VyEQ&DVP_DBM_1=1861733&DVP_DBM_2=19003688&DVP_DBM_3=48317208&DVP_DBM_4=341136421&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=258279364216&DVP_PP_BUNDLE_ID=&prr=1&aUrlD=6&m1=13&noc=16&fcifrms=6&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=128&eparams=DC4FC%3Dl9EEADTbpTauTau4%40%3EA2DD%5D25%40A%5D44TauU2%3F4r92%3A%3Fl9EEADTbpTauTauHHH%5DE62%3E3%3D%3A%3F5%5D4%40%3ETar9EEADTbpTauTauHHH%5DE62%3E3%3D%3A%3F5%5D4%40%3ETar9EEADTbpTauTauHHH%5DE62%3E3%3D%3A%3F5%5D4%40%3ETar9EEADTbpTauTauHHH%5DE62%3E3%3D%3A%3F5%5D4%40%3ETar9EEADTbpTauTau4%40%3EA2DD%5D25%40A%5D44Tar9EEADTbpTauTaue2gg5f_c32bg76ch562hc3c45ffa7a73%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl23%40FETbp3%3D2%3F%3C
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal79.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.16 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 79b7fcaf481cec05c49e24a7a05758d480e481db900b1029903f16c2cb7e764d

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
X-DV-Response: 1
Content-Encoding: gzip
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0
Transfer-Encoding: chunked
Date: Thu, 15 Apr 2021 20:07:03 GMT
Expires: 4/14/2021 8:07:03 PM

GET
H/1.1 200
OK dv-match6.js Show response
cdn.doubleverify.com/ Frame 4D94 4 KB
2 KB 10ms
9ms Script
application/javascript 2a02:26f0:10c:59c::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-match6.js
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:59c::4469 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d03755898b05a3d69377bf7da16ccb307e789a0f569b4dbbcb7b29bdecf967c5

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 20:07:03 GMT
Content-Encoding: gzip
Last-Modified: Sun, 11 Mar 2018 04:45:12 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "03c84bdf3b8d31:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=16456
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1935

GET
H/1.1 200
OK t2tv7.html Show response
cdn.doubleverify.com/ Frame 7F0F 12 KB
4 KB 10ms
9ms Document
text/html 2a02:26f0:10c:59c::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/t2tv7.html
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:59c::4469 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 29f21aea7fc613d2618b70a483e0b4bf50ba3f4ce4109fa429ce580ec57ef991

Request headers

Host: cdn.doubleverify.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/

Response headers

Cache-Control: max-age=946080000
Content-Type: text/html
Last-Modified: Thu, 11 Sep 2014 19:15:16 GMT
Accept-Ranges: bytes
ETag: "0ba3b8f4cdcf1:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3877
Date: Thu, 15 Apr 2021 20:07:03 GMT
Connection: keep-alive

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame E98C 1 KB
1 KB 24ms
24ms Script
text/javascript 213.254.244.14
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&bridua=3&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau4%40%3EA2DD%5D25%40A%5D44TauU2%3F4r92%3A%3Fl9EEADTbpTauTauHHH%5DE62%3E3%3D%3A%3F5%5D4%40%3ETar9EEADTbpTauTauHHH%5DE62%3E3%3D%3A%3F5%5D4%40%3ETar9EEADTbpTauTau4%40%3EA2DD%5D25%40A%5D44Tar9EEADTbpTauTau5742e__7a_b6ge27h27%60b4db%60a_a_c_6%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTau5742e__7a_b6ge27h27%60b4db%60a_a_c_6%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3ETauD2767C2%3E6Tau%60%5C_%5CbgTau9E%3E%3DTau4%40%3FE2%3A%3F6C%5D9E%3E%3DTbu%3FTbsa&srcurlD=2&aUrlD=4&ssl=https:&dfs=47&ddur=32&uid=1618517223791512&jsCallback=dvCallback_1618517223791690&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1200&wouw=1600&scah=1200&scaw=1600&dvp_isOnHead=1&jsver=1165&tgjsver=1165&lvvn=28&m1=13&refD=3&referrer=https%3A%2F%2Fdfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html%3Fn%3D2&fcifrms=6&brh=2&dvp_epl=520&noc=16&ctx=13311291&cmp=10224936&sid=2641434&plc=280246103&crt=117573815&btreg=315865137&btadsrv=doubleclick&adsrv=1&advid=2276943&errorURL=https://tps.doubleverify.com/visit.jpg&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=3&dvp_sukv=221570977.81368482&dvp_tukv=5053620682.510815&dvp_uuid=680368303.6562878&dvp_strhd=0.18500164151191711&dvpx_strhd=0.18500164151191711&dvp_tuid=895965080301&dvp_vcms=8&dvp_slmsd=264&dvp_vcmsd=272
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.14 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 3eb6d86c3dd1154f134f4620312eb4b4efabe6bd46f49d29eb8a36afb4bcacae

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:03 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 4/14/2021 8:07:03 PM

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0F69 0
23 B 99ms
64ms Ping
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 15 Apr 2021 20:07:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 index.html Show response
s0.2mdn.net/8219976/1617792613789/ Frame F4DD 29 KB
6 KB 51ms
50ms Document
text/html 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/8219976/1617792613789/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82f5a74dad766a03768acadfb541c9e413bc11691f368abb91bdf0a2484afc68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /8219976/1617792613789/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 5739
date: Thu, 15 Apr 2021 20:07:03 GMT
expires: Fri, 16 Apr 2021 20:07:03 GMT
last-modified: Wed, 07 Apr 2021 10:50:13 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=86400
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 dpixel
cms.quantserve.com/ Frame 8A97 35 B
463 B 29ms
8ms Image
image/gif 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEDKxXJtKKVWF1uEbWFz19gA&google_cver=1&google_push=AQvitUIDvevMKYPTfrYKD261KHnAGKB3WeC5iInEBbkYIniZGJf5yteUEKDSb6oW17hMuBmlFIndnHhT4OdEuhWmNJgr6ua-LTEq

Requested by

Host: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 8A97
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEFDju4L7fMZeXpoqO13o6PY&google_cver=1&google_push=AQvitUKcK2LiOKtbFjN2LzJ7rpa4teX4vjnpVpnifPQ-r4Srm6zA0ttgs5U8xcu9oB_jREuwLyzsbIA-a35XI1nJV4W4t9w1O0Au
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=8A31A042950D48848F229C054D661691&google_push=AQvitUKcK2LiOKtbFjN2LzJ7rpa4teX4vjnpVpnifPQ-r4Srm6zA0ttgs5U8xcu9oB_jREuwLyzsbIA-a35XI1n...

170 B
188 B

40ms
40ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=8A31A042950D48848F229C054D661691&google_push=AQvitUKcK2LiOKtbFjN2LzJ7rpa4teX4vjnpVpnifPQ-r4Srm6zA0ttgs5U8xcu9oB_jREuwLyzsbIA-a35XI1nJV4W4t9w1O0Au

Requested by

Host: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 15 Apr 2021 20:07:03 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=8A31A042950D48848F229C054D661691&google_push=AQvitUKcK2LiOKtbFjN2LzJ7rpa4teX4vjnpVpnifPQ-r4Srm6zA0ttgs5U8xcu9oB_jREuwLyzsbIA-a35XI1nJV4W4t9w1O0Au
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Wed, 14 Apr 2021 20:07:03 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 8A97 70 B
265 B 99ms
31ms Image
image/gif 52.17.19.0
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEKUb3PU_jeLtXbWbeM8FJAQ&google_cver=1&google_push=AQvitUJG7ERs1ijfXRdDejhyHI9aAj9R4hgsTYlJazhpojXV80KZfimHXigV8XPzCef3PgZFPUjdCnHFaaKpZYIBBfyFUiWg1d-R
Requested by: Host: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.19.0 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-19-0.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 8A97 0
191 B 24ms
21ms Image
text/plain 66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEPe9j3WmgmZchE8Jhr8weoI&google_cver=1&google_push=AQvitUJ_LYjmk6egQjwjrigcuml7VDQFPXhwXr_ywmR-irAep3XeS6INE68m8nuUQLCNMaZfT765Kh2XO33634LZW7344Nnq1RTo
Requested by: Host: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3-29 200 dot.gif
s0.2mdn.net/ Frame 8A97 43 B
63 B 16ms
15ms Image
image/gif 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEE25fUfFwq_3N1diH9wNr-M&google_cver=1&google_push=AQvitUKhP44qL_eFyXQ1Fm-mh5StFCCGtv4NaIDxMdkEJmloXGkZq819opvtj13DxQyJIZVX-CoMzSysIjBboxPxBqey8KP71WL1

Requested by

Host: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Fri, 16 Apr 2021 20:07:03 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 8A97
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEBa3Qk56eMC22H0caqXSzzk&google_cver=1&google_push=AQvitUL5jv_Hs8gi4AQwIHGU5SRTVc451mADgvB1PC8RiNhcDc0A4iql-gYf_2uDCPQphoTISauqwL...
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AQvitUL5jv_Hs8gi4AQwIHGU5SRTVc451mADgvB1PC8RiNhcDc0A4iql-gYf_2uDCPQphoTISauqwLeXSjm6LqjiZ9SqD_7hns_p&google_hm=MjA2MDY3OD...

170 B
188 B

40ms
39ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AQvitUL5jv_Hs8gi4AQwIHGU5SRTVc451mADgvB1PC8RiNhcDc0A4iql-gYf_2uDCPQphoTISauqwLeXSjm6LqjiZ9SqD_7hns_p&google_hm=MjA2MDY3ODg4NDQ5Mjg2NzUxNQ%3D%3D

Requested by

Host: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AQvitUL5jv_Hs8gi4AQwIHGU5SRTVc451mADgvB1PC8RiNhcDc0A4iql-gYf_2uDCPQphoTISauqwLeXSjm6LqjiZ9SqD_7hns_p&google_hm=MjA2MDY3ODg4NDQ5Mjg2NzUxNQ%3D%3D
date: Thu, 15 Apr 2021 20:07:03 GMT
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 8A97
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEAJTwFrRifQPqErPv03mpeE&google_cver=1&google_push=AQvitULMWZ71IPmH5CMSmQwGocTRhNeKE7Ax-Fu-_cjaGQOZQcTjhI7UXik5098CPotr8QEXC5...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS0yX1FzS3JSRTJ1SHhfYUU5XzR6QkhLWHFlM2I3R3kucX5B&google_push=AQvitULMWZ71IPmH5CMSmQwGocTRhNeKE7Ax-Fu-_cjaGQOZQcTjhI7UX...

170 B
188 B

40ms
39ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS0yX1FzS3JSRTJ1SHhfYUU5XzR6QkhLWHFlM2I3R3kucX5B&google_push=AQvitULMWZ71IPmH5CMSmQwGocTRhNeKE7Ax-Fu-_cjaGQOZQcTjhI7UXik5098CPotr8QEXC5Li5dUhM42w7ymG7wdS0tMMQAiR

Requested by

Host: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 15 Apr 2021 20:07:03 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS0yX1FzS3JSRTJ1SHhfYUU5XzR6QkhLWHFlM2I3R3kucX5B&google_push=AQvitULMWZ71IPmH5CMSmQwGocTRhNeKE7Ax-Fu-_cjaGQOZQcTjhI7UXik5098CPotr8QEXC5Li5dUhM42w7ymG7wdS0tMMQAiR
Connection: keep-alive
Content-Length: 0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 8A97 0
12 B 38ms
37ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I5lLvTvtZ1huNFX5xwc6MeBqHVZBU0cXjkFqtqkpX68Pw4MM--idaRq4zZdEVRA_kvKMke8Q

Requested by

Host: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:03 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 Qx3Q47ufVIXthwLbxHTZsoggz9VdVncx7lDJETLQzH4.js Show response
pagead2.googlesyndication.com/bg/ Frame 4D00 14 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Qx3Q47ufVIXthwLbxHTZsoggz9VdVncx7lDJETLQzH4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

431dd0e3bb9f5485ed8702dbc474d9b28820cfd55d567731ee50c91132d0cc7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 14:08:14 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Tue, 30 Mar 2021 13:08:00 GMT
server: sffe
age: 21529
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5721
x-xss-protection: 0
expires: Fri, 15 Apr 2022 14:08:14 GMT

GET
H3-29 200 Qx3Q47ufVIXthwLbxHTZsoggz9VdVncx7lDJETLQzH4.js Show response
pagead2.googlesyndication.com/bg/ Frame A914 14 KB
6 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Qx3Q47ufVIXthwLbxHTZsoggz9VdVncx7lDJETLQzH4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

431dd0e3bb9f5485ed8702dbc474d9b28820cfd55d567731ee50c91132d0cc7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 14:08:14 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Tue, 30 Mar 2021 13:08:00 GMT
server: sffe
age: 21529
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5721
x-xss-protection: 0
expires: Fri, 15 Apr 2022 14:08:14 GMT

GET
H3-29 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 9849 7 KB
4 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal79.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0216d870844c21ce7c5c72f3471b81013c6d1879d5c4701b81a6c0c22870e081

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:05:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 07 Apr 2021 15:25:31 GMT
server: sffe
age: 69
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3587
x-xss-protection: 0
expires: Thu, 15 Apr 2021 21:05:54 GMT

GET
H/1.1 200
OK bsevent.gif
tps20519.doubleverify.com/ Frame 9849 807 B
1 KB 63ms
20ms Image
image/gif 213.254.244.14
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps20519.doubleverify.com/bsevent.gif?impid=69fe1bbe16274acf9dffa04d71d56a89&vfdur=28&cbust=1618517223867470
Requested by: Host: 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
URL: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.14 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:03 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=0
Content-Length: 860
Expires: 4/14/2021 8:07:03 PM

GET
H/1.1 200
OK bsevent.gif
tps20519.doubleverify.com/ Frame 9849 807 B
1 KB 36ms
21ms Image
image/gif 213.254.244.14
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps20519.doubleverify.com/bsevent.gif?impid=69fe1bbe16274acf9dffa04d71d56a89&pltfrm=Linux%20x86_64&dvp_or1=1&cbust=1618517223913687
Requested by: Host: 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
URL: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.14 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:03 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=0
Content-Length: 860
Expires: 4/14/2021 8:07:03 PM

GET
H/1.1 200
OK bsevent.gif
tps20519.doubleverify.com/ Frame 9849 807 B
1 KB 59ms
22ms Image
image/gif 213.254.244.14
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps20519.doubleverify.com/bsevent.gif?impid=69fe1bbe16274acf9dffa04d71d56a89&dvp_or2=1&cbust=1618517223913204
Requested by: Host: 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
URL: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.14 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:03 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=0
Content-Length: 860
Expires: 4/14/2021 8:07:03 PM

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8086 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BD3gy5px4YIrWK6CDjuwPs8e4wAcAAAAAOAHgBAI&bg=!9fal9rLNAAb2K53n9is7ACkAdvg8WuX4ZcbNaBD0lOw8tGvkdtd0QMbI6v2BJVbS_zFzAfEx5bfhNQIAAAJjUgAAAGRoAQeZAqYF8w_lWX9ChI7H7xYNu6j4w0ZoGZd_qJlTWmjaMMfpb-Dw9tOYJVjij_Y_9zwNXgucxhlpMLnw0oTt6zwSQE9YSkVi6DG8-Z8C6YdqM9Rm-4nBHm9JcXSeLkJn7D8RNSRfxcFd1g8pudjeZULFVZtHSge8QGd9g03F5Sqbt-deP9QUGoMDpcExZenR2HGtlwnTmzJ4CLu4s-PAzfVgAU7uW8XMUU4hQ_7gFQ-Hbw4cF9DEMVmEFN818pfzJzYg7BisJxD-eNuDKe6Vdj0jw9gnuIBYfTPoellrJvdopLsyS6hkUUrHjHMb2dRSBQk39DB5ocLo7k9Ol1GxD-0coFX1Gxhgz7UGK2zB30bRToE6Kbqow-tOYpejKAUK408fySw61bawZAKj9YPNEVaErx_oPPT1Ad7O_MnO809un3ev14V4yywz7neq9Uf0c_DYYghWWkjikkes8g0QVcFM39t0e8esFpVplARcuvr8tMsolKOBNO6iGpC_IiyVITQClf2QQZGrkHympw5v84gAOSCXDUM_wpHc1F6_zq4y0iQ53dQ0B1weul2Zvqu3vNdaJFyQte65j4spi7Wta8l5C6epLC6WKdrNUXWi5N_iA3BHGAHNXFfkunSo0g2TA9UznoPKYv5uDZH7Z8J5uuuC7azp05QXeJN7Taqcb5dB2MtybAaykNOHBNZlRG413_y4AH6D8bylyvVb5CbX65mlb0__L2CkXY_Cg0FxxEYG3-Ea6qGbQypmY9cOtaJzirOpMhTJvnem_szgxQD9OyQL5qZP8DZ7q9yIoxCthlQrtmyBpm5ts5pGIn9SKCAX1919rxb1_Pw4BXHtxLWPUnC-zfDBDI9uTjy5cYnJx5V7gPE2f7KZQsNC7-VA9vH-3mauJj2gCFHadTM

Requested by

Host: dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
URL: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 0iqFw_ToJ2jGmcdewok9OyePTo5XIlOWuQOUYfHL4Is.js Show response
pagead2.googlesyndication.com/bg/ Frame 8072 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0iqFw_ToJ2jGmcdewok9OyePTo5XIlOWuQOUYfHL4Is.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d22a85c3f4e82768c699c75ec2893d3b278f4e8e57225396b9039461f1cbe08b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 19:25:55 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Tue, 30 Mar 2021 13:08:00 GMT
server: sffe
age: 2468
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5665
x-xss-protection: 0
expires: Fri, 15 Apr 2022 19:25:55 GMT

GET
H3-29 200 Qx3Q47ufVIXthwLbxHTZsoggz9VdVncx7lDJETLQzH4.js Show response
pagead2.googlesyndication.com/bg/ Frame A428 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Qx3Q47ufVIXthwLbxHTZsoggz9VdVncx7lDJETLQzH4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

431dd0e3bb9f5485ed8702dbc474d9b28820cfd55d567731ee50c91132d0cc7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 14:08:14 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Tue, 30 Mar 2021 13:08:00 GMT
server: sffe
age: 21529
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5721
x-xss-protection: 0
expires: Fri, 15 Apr 2022 14:08:14 GMT

GET
H3-29 200 impl_v70.js Show response
www.googletagservices.com/dcm/ Frame 9849 36 KB
15 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v70.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2a292ee40c2422d82f43b270984343ea18e7c05384459c1d7adbee2c241be30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 17:05:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 15:43:23 GMT
server: sffe
age: 97273
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15292
x-xss-protection: 0
expires: Thu, 14 Apr 2022 17:05:50 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame F4DD 29 KB
1 KB 15ms
15ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,regular,italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic&cb=1617721753

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/8219976/1617792613789/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

50d39d7981a0feeddc52b74c4f4b32e680a3e16324d5eba9f599bf304c98bf44

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 15 Apr 2021 19:35:07 GMT
server: ESF
date: Thu, 15 Apr 2021 20:07:04 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 15 Apr 2021 20:07:04 GMT

GET
H3-29 200 gsap_3.2.4_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame F4DD 57 KB
23 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.2.4_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/8219976/1617792613789/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8219976/1617792613789/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23276
x-xss-protection: 0
last-modified: Thu, 05 Mar 2020 03:53:22 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Apr 2021 20:07:04 GMT

GET
H3-29 200 B10224936.280246103;dc_ver=70.201;dc_eid=40004000;sz=728x90;u_sd=1;dc_adk=1144869855;ord=q40wh7;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=5,https%3A%2F%2Fwww.teamblind.c... Show response
ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/ Frame 9849 33 KB
16 KB 63ms
62ms Script
text/javascript 142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B10224936.280246103;dc_ver=70.201;dc_eid=40004000;sz=728x90;u_sd=1;dc_adk=1144869855;ord=q40wh7;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=5,https%3A%2F%2Fwww.teamblind.com$2,,,,https%3A%2F%2Fcompass.adop.cc%2F$0;xdt=1;crlt=Cvaz'i1ip';osda=2;sttr=138;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v70.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f6.1e100.net

Software

cafe /

Resource Hash

75511cd36cb96f4546a39a51c814ce60ee692430d84eeacf33e06e62baa6745d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16297
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 083524343b68ce35bfced3ab246896da.png
s0.2mdn.net/8219976/1617792613789/ Frame F4DD 1 KB
1 KB 32ms
31ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8219976/1617792613789/083524343b68ce35bfced3ab246896da.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/8219976/1617792613789/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93f65e62efde85a918b157b625be0d992e6a5f4361382cbed32fcc48cc943c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8219976/1617792613789/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:04 GMT
x-content-type-options: nosniff
last-modified: Wed, 07 Apr 2021 10:50:13 GMT
server: sffe
age: 0
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1226
x-xss-protection: 0
expires: Fri, 16 Apr 2021 20:07:04 GMT

GET
H3-29 200 c022b87055cd4006b2fd6aa6d82ef4c2.png
s0.2mdn.net/8219976/1617792613789/ Frame F4DD 40 KB
40 KB 27ms
26ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8219976/1617792613789/c022b87055cd4006b2fd6aa6d82ef4c2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/8219976/1617792613789/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da0ac2c24ae3674e3be8223e15ac405811ce758be6cdaff540adfecdcf67ac40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8219976/1617792613789/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:04 GMT
x-content-type-options: nosniff
last-modified: Wed, 07 Apr 2021 10:50:13 GMT
server: sffe
age: 0
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41440
x-xss-protection: 0
expires: Fri, 16 Apr 2021 20:07:04 GMT

GET
H3-29 200 de0f847e0dfacf0000482e5d0e95fabc.png
s0.2mdn.net/8219976/1617792613789/ Frame F4DD 35 KB
35 KB 65ms
64ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8219976/1617792613789/de0f847e0dfacf0000482e5d0e95fabc.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/8219976/1617792613789/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97c7d63bf3cb301f9bb85e1bfad7b40c7d6b011f4c86185bb3af8caee3491aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8219976/1617792613789/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:04 GMT
x-content-type-options: nosniff
last-modified: Wed, 07 Apr 2021 10:50:13 GMT
server: sffe
age: 0
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36031
x-xss-protection: 0
expires: Fri, 16 Apr 2021 20:07:04 GMT

GET
H3-29 200 a06e0253907a485c01d524aed7d4de0f.png
s0.2mdn.net/8219976/1617792613789/ Frame F4DD 40 KB
40 KB 33ms
32ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8219976/1617792613789/a06e0253907a485c01d524aed7d4de0f.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/8219976/1617792613789/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91b80b914661c7d5e3cecf23fbb5474f534e7e2bc17ebe847d6753c49c5982d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8219976/1617792613789/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:04 GMT
x-content-type-options: nosniff
last-modified: Wed, 07 Apr 2021 10:50:13 GMT
server: sffe
age: 0
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41269
x-xss-protection: 0
expires: Fri, 16 Apr 2021 20:07:04 GMT

GET
H2 200 JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v15/ Frame F4DD 19 KB
19 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,regular,italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic&cb=1617721753

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4545eb1dec25fe868d19dc292d417d8a9e41c0276d75a4eaf524a9db21aa705a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 11 Apr 2021 10:03:38 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:46 GMT
server: sffe
age: 381806
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19480
x-xss-protection: 0
expires: Mon, 11 Apr 2022 10:03:38 GMT

GET
H3-29 200 adc_hun_EndHungerStory_728x90_Evergreen.jpg
s0.2mdn.net/2276943/ Frame 9849 46 KB
46 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/2276943/adc_hun_EndHungerStory_728x90_Evergreen.jpg

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B10224936.280246103;dc_ver=70.201;dc_eid=40004000;sz=728x90;u_sd=1;dc_adk=1144869855;ord=q40wh7;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=5,https%3A%2F%2Fwww.teamblind.com$2,,,,https%3A%2F%2Fcompass.adop.cc%2F$0;xdt=1;crlt=Cvaz'i1ip';osda=2;sttr=138;prcl=s

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

780849559953abc98981f7964d063930d1b9cdf5f9aff09e60bd64cc2d9de59a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 06:02:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 12 Jun 2019 18:23:23 GMT
server: sffe
age: 50689
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47415
x-xss-protection: 0
expires: Fri, 16 Apr 2021 06:02:15 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210413/r20110914/elements/html/ Frame 9849 8 KB
3 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210413/r20110914/elements/html/omrhp.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:05:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 20:05:36 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9849 0
23 B 62ms
61ms Ping
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstWgC0TnzTl40-Drs5CY1q32Lc4p38peYGmYZfeBvpOYzc_x-IMT3PbrG083Do-02rJbo9ENQxIzhjWbbh8mkoKRMOhpp2o14qL1KMTggkqv4OtPx2Eylw2i5tEvLUDYl2GlpZ0uWFL4A3qzLw&sig=Cg0ArKJSzJHvhKT2_9Z9EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=0&cisv=r20210413.76207&adurl=

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 15 Apr 2021 20:07:04 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame 9849 7 KB
3 KB 10ms
9ms Script
application/javascript 2a02:26f0:10c:59c::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=13311291&cmp=10224936&sid=2641434&plc=280246103&num=&adid=&advid=2276943&adsrv=1&btreg=315865137&btadsrv=doubleclick&crt=117573815&crtname=&chnl=&unit=&pid=&uid=&tagtype=&dvtagver=6.1.src
Requested by: Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B10224936.280246103;dc_ver=70.201;dc_eid=40004000;sz=728x90;u_sd=1;dc_adk=1144869855;ord=q40wh7;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=5,https%3A%2F%2Fwww.teamblind.com$2,,,,https%3A%2F%2Fcompass.adop.cc%2F$0;xdt=1;crlt=Cvaz'i1ip';osda=2;sttr=138;prcl=s
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:59c::4469 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 554bc1440e7f58e518aae4facf8b6d5f34af6695c3a8d03c12003d1eb973989b

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 20:07:04 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Apr 2021 07:21:30 GMT
Server: Microsoft-IIS/10.0
ETag: "0f96cafe30d71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3005

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9849 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 19:25:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88891
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Apr 2022 19:25:33 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9849 118 KB
36 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
URL: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce2216da03d856edb71b34855ce2c67476f6053791b3e85da74477d9a37360a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1618423651533291"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36717
x-xss-protection: 0
expires: Thu, 15 Apr 2021 20:07:04 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0F69 42 B
64 B 44ms
44ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstQelXDOkKgNCqOjD6OY24Yw-pBiu0B2JAeQNdVGkJZr6VfEs9B7M69I0cDPwsnY--Jd20RvDNNWz5CCrziMrtYIj8OAuxEq__kmHY0p5osG-bIQXlFDDGEYGnTnQ&sai=AMfl-YQ5cO-vhtWa9LVkshJLjkRW8hvjSQpEHhWhVMyQK9YAwP2QlA7SywVK8U9J0w04TbuhdU5QyEQd7CK8W48RlJsS02651urUGwP0kFyYbK3jF7ZmIHRxDQDBRXQ&sig=Cg0ArKJSzNxjhy2p5b_lEAE&cid=CAASEuRojYXvXPmdyf96ExFlbtNBig&id=lidar2&mcvt=1123&p=0,119,40,160&mtos=0,1123,1123,1123,1123&tos=0,1123,0,0,0&v=20210414&bin=7&avms=nio&bs=0,0&mc=0.99&if=1&app=0&itpl=20&adk=681645340&rs=4&met=ie&la=0&cr=0&osd=1&vs=4&rst=1618517222943&dlt=15&rpt=362&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dv-measurements1165.js Show response
cdn.doubleverify.com/ Frame 1E55 476 KB
86 KB 10ms
9ms Script
application/javascript 2a02:26f0:10c:59c::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements1165.js
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:59c::4469 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 7e739cb08237c433c5fc87622578034ce4d4b9233f7cef03d0c9183d3295e9ca

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 20:07:04 GMT
Content-Encoding: gzip
Last-Modified: Tue, 30 Mar 2021 12:00:54 GMT
Server: Microsoft-IIS/10.0
ETag: "01ff4555c25d71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946083600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 87677

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame A2E9 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
URL: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 15 Apr 2021 03:14:09 GMT
expires: Fri, 16 Apr 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 60775
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9849 0
23 B 61ms
61ms Ping
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 15 Apr 2021 20:07:04 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK dv-measurements1165.js Show response
cdn.doubleverify.com/ Frame F58E 476 KB
86 KB 10ms
9ms Script
application/javascript 2a02:26f0:10c:59c::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements1165.js
Requested by: Host: www.teamblind.com
URL: https://www.teamblind.com/post/full-explanation-of-the-gme-rh-and-citadel-debacle-qbsubgz7?utm_source=mixmax&utm_medium=email&utm_campaign=trending&utm_content=who%27shiring&utm_content=explainationgme
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:59c::4469 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 7e739cb08237c433c5fc87622578034ce4d4b9233f7cef03d0c9183d3295e9ca

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 20:07:04 GMT
Content-Encoding: gzip
Last-Modified: Tue, 30 Mar 2021 12:00:54 GMT
Server: Microsoft-IIS/10.0
ETag: "01ff4555c25d71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946083600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 87677

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 373A 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Thu, 15 Apr 2021 13:04:31 GMT
expires: Fri, 15 Apr 2022 13:04:31 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 25353
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 9849 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bcb2fb925d9f5f725bfcb8e0513bda0e532cc9d61863d5e906bc5a4c447efd29

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E090 0
20 B 40ms
40ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021041501&jk=4391575267278069&bg=!vr2lvfnNAAb2K53n9is7ACkAdvg8WqnruK7aSrSnkwdKL60SVIuvLt36CYiwp9XvG2Tt7JAh8-ZujwIAAAIiUgAAANRoAQcKAGo8l2FtQ0peG6w2rc_b2w99DeIVfy-dlL1yRoIGHMOXbrOdubQ9qOv79D5rdTeK2gHtqXWqVgdOogfMkHuxBC3QbY0KMTo_dsSgAxsc-B2RnovOS0mlZ3XdPzIQG8eqVOED2YPnNuhW_FlTmQIFGV8M7GGv04OPW3EnO0frCkpUQgicAGxT2M0LbaRn1ppYtwxkvyth213Txt80a_SNlr69iSnrktlNPI1uuF0VD3oNcBK-DupHdGTKg-SQCe2GIUFpQkrUuew-35IoZdSqn7_dtQsCPNxEyV34b15NZnfxyYtSLWuW6ikIZfNC8a3yP8Xm5qfWi4opxwLNNT-R5HbSup4bQmtIgrqqZaVqdOLbEXKT38sm5vosyJDw-YB8HA1EFIxYOigHuxDWQ27YO-HU-pApJzG--2u8lJZfQM4U8U_OScz1Bj9RQd-P5WV2QQ228u0Rll1Y8gfBAlpymGb2IfmVxg_7UfiRRGPry9g0heO35Re04LvQXfPN8qcF3glak8keZ8D3j8a1PimruG0-ZnDJK5jmNgXxxog14hxCJVW5v2HSLPsSbendxn8elU06fRnyXSb9VqhNkQuMbYTEn-MNP8L-gfDWf9ppM2DbMVuAIFXygcN0477__ed9GwG8qMXwMtgvLzTJepRCP03IK60fUbCKKCIyUWGMhG2fH5Qz_JM8FCy-_n72T94fMRxXgL7lZr-X7b7Vd-OIpynw8zGlUBgBnZ58zVOpQ_KTPjNSeEle599l24ML75xo7fKEdTu72_Y9ulOBHeuy1WabFmUkupdaHXsyOy_5jUMVBVzBA9B-TDgmtTWnGsSrv0r6UA

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK t2tv7.html Show response
cdn.doubleverify.com/ Frame 2E71 12 KB
4 KB 10ms
10ms Document
text/html 2a02:26f0:10c:59c::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/t2tv7.html
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:59c::4469 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 29f21aea7fc613d2618b70a483e0b4bf50ba3f4ce4109fa429ce580ec57ef991

Request headers

Host: cdn.doubleverify.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/

Response headers

Cache-Control: max-age=946080000
Content-Type: text/html
Last-Modified: Thu, 11 Sep 2014 19:15:16 GMT
Accept-Ranges: bytes
ETag: "0ba3b8f4cdcf1:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3877
Date: Thu, 15 Apr 2021 20:07:04 GMT
Connection: keep-alive

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame 1E55 1 KB
1 KB 24ms
23ms Script
text/javascript 213.254.244.14
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&bridua=3&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau4%40%3EA2DD%5D25%40A%5D44TauU2%3F4r92%3A%3Fl9EEADTbpTauTauHHH%5DE62%3E3%3D%3A%3F5%5D4%40%3ETar9EEADTbpTauTauHHH%5DE62%3E3%3D%3A%3F5%5D4%40%3ETar9EEADTbpTauTauHHH%5DE62%3E3%3D%3A%3F5%5D4%40%3ETar9EEADTbpTauTauHHH%5DE62%3E3%3D%3A%3F5%5D4%40%3ETar9EEADTbpTauTau4%40%3EA2DD%5D25%40A%5D44Tar9EEADTbpTauTaue2gg5f_c32bg76ch562hc3c45ffa7a73%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTaue2gg5f_c32bg76ch562hc3c45ffa7a73%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3ETauD2767C2%3E6Tau%60%5C_%5CbgTau9E%3E%3DTau4%40%3FE2%3A%3F6C%5D9E%3E%3DTbu%3FTbsc&srcurlD=4&aUrlD=6&ssl=https:&dfs=73&ddur=13&uid=1618517224661225&jsCallback=dvCallback_1618517224661590&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=1165&tgjsver=1165&lvvn=28&m1=13&refD=5&referrer=https%3A%2F%2F6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html%3Fn%3D4&fcifrms=6&brh=2&dvp_epl=612&noc=16&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=www.teamblind.com/&errorURL=https://tps.doubleverify.com/visit.jpg&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_DV_CT=1&DVP_PP_ID=3&DVP_DBM_1=1861733&DVP_DBM_2=19003688&DVP_DBM_3=48317208&DVP_DBM_4=341136421&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=258279364216&DVPX_PP_IMP_ID=ABAjH0hvWR2oE4krxvDd_9M7VyEQ&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=84713494.42007287&dvp_tukv=791989779010.2638&dvp_uuid=7829651472.87014&dvp_strhd=0.22500008344650269&dvpx_strhd=0.22500008344650269&dvp_tuid=68966728303&dvp_vcms=15&dvp_slmsd=172&dvp_vcmsd=187
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.14 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: /
Resource Hash: fab63f45faed7d68abbc9d5e065358998f9c86daa35bbd9f268b2e892503f4ec

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:04 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 4/14/2021 8:07:04 PM

GET
H/1.1 200
OK t2tv7.html Show response
cdn.doubleverify.com/ Frame E13A 12 KB
4 KB 27ms
26ms Document
text/html 2a02:26f0:10c:59c::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/t2tv7.html
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:59c::4469 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 29f21aea7fc613d2618b70a483e0b4bf50ba3f4ce4109fa429ce580ec57ef991

Request headers

Host: cdn.doubleverify.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/

Response headers

Cache-Control: max-age=946080000
Content-Type: text/html
Last-Modified: Thu, 11 Sep 2014 19:15:16 GMT
Accept-Ranges: bytes
ETag: "0ba3b8f4cdcf1:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3877
Date: Thu, 15 Apr 2021 20:07:04 GMT
Connection: keep-alive

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame F58E 1 KB
1 KB 24ms
24ms Script
text/javascript 213.254.244.14
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&bridua=3&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau4%40%3EA2DD%5D25%40A%5D44TauU2%3F4r92%3A%3Fl9EEADTbpTauTauHHH%5DE62%3E3%3D%3A%3F5%5D4%40%3ETar9EEADTbpTauTauHHH%5DE62%3E3%3D%3A%3F5%5D4%40%3ETar9EEADTbpTauTauHHH%5DE62%3E3%3D%3A%3F5%5D4%40%3ETar9EEADTbpTauTauHHH%5DE62%3E3%3D%3A%3F5%5D4%40%3ETar9EEADTbpTauTau4%40%3EA2DD%5D25%40A%5D44Tar9EEADTbpTauTaue2gg5f_c32bg76ch562hc3c45ffa7a73%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3EU2%26C%3Dl9EEADTbpTauTaue2gg5f_c32bg76ch562hc3c45ffa7a73%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3ETauD2767C2%3E6Tau%60%5C_%5CbgTau9E%3E%3DTau4%40%3FE2%3A%3F6C%5D9E%3E%3DTbu%3FTbsc&srcurlD=4&aUrlD=6&ssl=https:&dfs=73&ddur=13&uid=1618517224744989&jsCallback=dvCallback_1618517224744104&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1200&wouw=1600&scah=1200&scaw=1600&dvp_isOnHead=1&jsver=1165&tgjsver=1165&lvvn=28&m1=13&refD=5&referrer=https%3A%2F%2F6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html%3Fn%3D4&fcifrms=6&brh=2&dvp_epl=612&noc=16&ctx=13311291&cmp=10224936&sid=2641434&plc=280246103&crt=117573815&btreg=315865137&btadsrv=doubleclick&adsrv=1&advid=2276943&errorURL=https://tps.doubleverify.com/visit.jpg&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=84713494.42007287&dvp_tukv=53414170780.16943&dvp_uuid=25624435828.392944&dvp_strhd=0.2400018274784088&dvpx_strhd=0.2400018274784088&dvp_tuid=794893174535&dvp_vcms=12&dvp_slmsd=196&dvp_vcmsd=208
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.14 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 0b080ef57a7cae7c33280c8889743a107d45d4572a2f555f6fe7ae9d44a1fc9c

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:04 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 4/14/2021 8:07:04 PM

GET
H/1.1

200
OK

cm
a.rfihub.com/ Frame A2E9
Redirect Chain

https://p.rfihub.com/cm?in=1&pub=445&google_gid=CAESEOOVZZSy0bMzsHbljfBhGgI&google_cver=1&google_push=AQvitUJOnk4Xa3vkd2RhO2xMi_vI7zP1gt_eIqfPtGiOmo4j5kl_VE7zNynYky2RNgmQweusHyEYBP63WmyqTXkjucLuyf7...
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AQvitUJOnk4Xa3vkd2RhO2xMi_vI7zP1gt_eIqfPtGiOmo4j5kl_VE7zNynYky2RNgmQweusHyEYBP63WmyqTXkjucLuyf7JizQ&google_hm=MTAwMTcyOTc5...
https://a.rfihub.com/cm?pub=445&google_error=5

42 B
813 B

66ms
14ms

Image
image/gif

193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.rfihub.com/cm?pub=445&google_error=5
Requested by: Host: 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
URL: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 20:07:05 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:04 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://a.rfihub.com/cm?pub=445&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 247
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame A2E9 0
135 B 52ms
19ms Image
text/plain 34.96.105.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESELsGQ4J0eCvrfq8IAn-_n_4&google_cver=1&google_push=AQvitUIdBNFO2CA82VZmjf9WoySIUBp144XrcGvmRYRiC__IU9LaGpa8S0ZSjAEa0HynKYAN51TGtb_15t3HhBOdUwEAZ-E2Z_w
Requested by: Host: 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
URL: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:04 GMT
via: 1.1 google
alt-svc: clear

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A2E9
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKESIukbvoHw7LVJxpTfY14&google_cver=1&google_push=AQvitULBZUW3-ntYA4QIbK4Eih2fdqKh_NmuvY6UWJli-HtmnAnXNSue6-ucObOZTixB7qmbO0pTdsxR...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEKESIukbvoHw7LVJxpTfY14&google_cver=1&google_push=AQvitULBZUW3-ntYA4QIbK4Eih2fdqKh_NmuvY6UWJli-HtmnAnXNSue6-ucObOZTixB7qmbO0p...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjM5NDA3ODMwMzQ2NDcyMjk3Mw&google_push=AQvitULBZUW3-ntYA4QIbK4Eih2fdqKh_NmuvY6UWJli-HtmnAnXNSue6-ucObOZTixB7qmbO0pTds...

170 B
188 B

41ms
40ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjM5NDA3ODMwMzQ2NDcyMjk3Mw&google_push=AQvitULBZUW3-ntYA4QIbK4Eih2fdqKh_NmuvY6UWJli-HtmnAnXNSue6-ucObOZTixB7qmbO0pTdsxRk7Uf5TJSbVgWQh1qe_k

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:04 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjM5NDA3ODMwMzQ2NDcyMjk3Mw&google_push=AQvitULBZUW3-ntYA4QIbK4Eih2fdqKh_NmuvY6UWJli-HtmnAnXNSue6-ucObOZTixB7qmbO0pTdsxRk7Uf5TJSbVgWQh1qe_k
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A2E9
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEIZboDpQNj12VRwdezEYT8o&google_cver=1&google_push=AQvitULdj8-igxcdEs6iZGZNxTVLYKS3cDCLOWoUeqTBhbhyi-Nsgp08wCno5NKaeWfvelnFJjjVXvJy-evFiAjmv...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AQvitULdj8-igxcdEs6iZGZNxTVLYKS3cDCLOWoUeqTBhbhyi-Nsgp08wCno5NKaeWfvelnFJjjVXvJy-evFiAjmvV0Lv09TbYk&google_hm=69c6658fc7621916306cfc80

170 B
188 B

40ms
40ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AQvitULdj8-igxcdEs6iZGZNxTVLYKS3cDCLOWoUeqTBhbhyi-Nsgp08wCno5NKaeWfvelnFJjjVXvJy-evFiAjmvV0Lv09TbYk&google_hm=69c6658fc7621916306cfc80

Requested by

Host: 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
URL: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 15 Apr 2021 20:07:04 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AQvitULdj8-igxcdEs6iZGZNxTVLYKS3cDCLOWoUeqTBhbhyi-Nsgp08wCno5NKaeWfvelnFJjjVXvJy-evFiAjmvV0Lv09TbYk&google_hm=69c6658fc7621916306cfc80
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap3ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A2E9
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEPUKEdbjQ9iaPgpUzzjEmlM&google_cver=1&google_push=AQvitUJPklXFgSCO1c35CgeyuHU07OxjCAD_HOLl-O1w4DmheT-Qv31UJbqb1Roe-qpP-ewOG3buhz...
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AQvitUJPklXFgSCO1c35CgeyuHU07OxjCAD_HOLl-O1w4DmheT-Qv31UJbqb1Roe-qpP-ewOG3buhz68kZymeTtzGuT8yGsTIsE&google_hm=MjA2MDY3ODg...

170 B
188 B

48ms
41ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AQvitUJPklXFgSCO1c35CgeyuHU07OxjCAD_HOLl-O1w4DmheT-Qv31UJbqb1Roe-qpP-ewOG3buhz68kZymeTtzGuT8yGsTIsE&google_hm=MjA2MDY3ODg4NDQ5Mjg2NzUxNQ%3D%3D

Requested by

Host: 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
URL: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AQvitUJPklXFgSCO1c35CgeyuHU07OxjCAD_HOLl-O1w4DmheT-Qv31UJbqb1Roe-qpP-ewOG3buhz68kZymeTtzGuT8yGsTIsE&google_hm=MjA2MDY3ODg4NDQ5Mjg2NzUxNQ%3D%3D
date: Thu, 15 Apr 2021 20:07:03 GMT
content-length: 0

GET
H3-29 200 dot.gif
s0.2mdn.net/ Frame A2E9 43 B
63 B 15ms
14ms Image
image/gif 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEHwTxV9hksuKZbZb_CNMyYk&google_cver=1&google_push=AQvitULyu-U_NYPIqUCbEI8lDYecLAQkqIzpvrJUTfO0nfjn2HIRNFVYxswm_utSV2ZhHqryupOOQ3SiMSyTi3FtSjYqdQsZvFo

Requested by

Host: 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
URL: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Fri, 16 Apr 2021 20:07:04 GMT

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame A2E9 0
12 B 39ms
37ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KRu8k5mwnXRbC8arat8ZsWT5s0Vm07xi0n8UttHwmb8qfL4YeoSei5g_K2bHJA_f4

Requested by

Host: 6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
URL: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:04 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 0iqFw_ToJ2jGmcdewok9OyePTo5XIlOWuQOUYfHL4Is.js Show response
pagead2.googlesyndication.com/bg/ Frame 373A 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0iqFw_ToJ2jGmcdewok9OyePTo5XIlOWuQOUYfHL4Is.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d22a85c3f4e82768c699c75ec2893d3b278f4e8e57225396b9039461f1cbe08b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 19:25:55 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Tue, 30 Mar 2021 13:08:00 GMT
server: sffe
age: 2469
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5665
x-xss-protection: 0
expires: Fri, 15 Apr 2022 19:25:55 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A914 0
20 B 58ms
57ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B1B9T55x4YLyGAtvH7_UP7M-Y0AgAAAAAOAHgBAI&bg=!cXKlcjbNAAb2K53n9is7ACkAdvg8Whl3-P5DPUo7vK6v1MtXTkHk-gIgHc_MBr4T8MYo9TbMEMDxiwIAAAL8UgAAAFloAQcKAFWNui1TRFpoCFgDthinkzs-9Xj-pJOZLBc1MVqEm9oA6dPC9Qxnd7R_ZDWPvFEWOlmUzHM8XFmUNJpqwOzJs-2QCNexJvFNaQyHDvUE314f_cBFJgp2mQKZYZIMGn0kitz1Yv9FfGTv5KrJF8pQBcjeQso0ykzhA55fLkFFunHbDpncwSTnznYj1Gsk-2aEkwIaPXP6XMfaQZYH5WLla1oPHhTkUFUFeiilQfwQ3mhlWzAwPkMwAv-1fF0KtBB2zaI5bHQcVkxWKGJ1gIeV4saRCvq7KxMkk_tcB7-tI0Hs2xE8OkRXtAMEmfWdM7iGu4gjzGJ-T6dnDyjqOE1-fKz30hZD7BdUHZ_4cWsdI931djVItqdxNOL6KADSygggBhfIMmRJ-6CR8Yn0MdlsTZkNJxEqqdSCfnJB0kn-wKaRXBqSKVvHB9iaDrKnUsC-xS5HuNphfrMJlju2HsMfSKKXeG2OKqUvxzH4KCpj08ahbMc3LAAqbAcAT24WdaVyqGs9L5gsSPGoGR5cvp61ogPD6z4Y6LWiDweoPJdJk_xWSknRFmEiC_97GFkmiL3LrOjW7ATipdWySrjENYYw1dNkpb_sFSWpk_VAzc08Nh5aCmfb1DV-Cyi-HOAtMvu7tAZK_daRYIIfjpRYYBujD3SKzsR7APrL-_M6U0I6fC-UUP-Agh9ktDtDw6VNHp1KJrpAbRt_-5xthOTcSTQEesGgmhJIdky5eZbVZXguLC4j0cqBSOCxe-We9XLmvTzsMa0O1e4muVHNMFCeRKhml0MG4doJfU0ZOFzezcMfcpsJMjFdOdn_zUnR4RKUfNwlufAe1ALFqABdZfM4z_j6X3McPck4UAKWkGUJSHLTSqpza3R_c90RGw5j4agYbTKmlIK31efIB6KQkiJ94-iZ0r_p6jMAGAQuZlAYSRZX0CoZkKCbTz5nsnJE51t0VQrsfGBdKbfNPPBmfuC50HEXxNzRTuQB67PTZA9zxgBRFNIykPE

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BE42 0
20 B 70ms
70ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021041201&jk=3496050741071302&bg=!BgWlBUHNAAb2K53n9is7ACkAdvg8WmC9kskNJ4dtfqNuG8cNGiT0Ac1xpwJ7wB_WBG7kV2rD2pRJ4AIAAAL6UgAAAF1oAQcKAI8jt8A5EYE9qnqQdFOPqlt0WrgQtFzd98FusHxuNI-jlrEtTgl_eO-H0g6Cp5GDZZcJNSqUstsYV_tCKMTGp9fIQ-sAYs3DxO41bs_gXxH11kvVnb1mSCvlzkTmxyoWRDU6_Lh_gOC2iUMZRQFv5ohtjwbD_QbK1I-S2fSgTJl12ZjmhYCDrICenACDiUpZspkCPKcn5wfN2rWBs8-Oy74LrzJfdF9Nh2xelrZmAx8Zw3uEiORPmN4ZUhWkAxxuiO75UxwUWeV9ANSZQCEi2SeyQnPNLjupPOCRTUq_n4l5pUxi1PI0Fdk-X1eSB-wfhszSHFvPDHU5CZjggXVqH1mGEweoaQQ5_T0IfVcZrRNwAIT80NZhpMlMce6mGOyylTB5gFi3zNx_nXuZGmnFhmICgicqYueJBcpjB1t8lrBtct_fRE8rs086RVXXC1-VrAV2gFInCxrqs_rw8AMRmPi9lSXQLTRv_KMpgIYJPN95lA168Cl0C1pza9SpIWl4g61pSTiDc8WocHn1tG7WhRB9WkkRwbGguIQK7CkE6JpO6o0VJhcBNVRIfYhD-4a8vx5gL0xGmHOrVpytVcIF8urCgSxeFh1iHsG3R4QtS0sR2ISNCh6W11gluyni_BuHas5iLLSWqPbFGx8oU74uV74_Q1gXQgm9PboZCtyNDcQQZHI1lUPBuyXFCdLLoNbsdwzdseV-ApzjL_fgEhSekxJyT7D4dqpa6Jfocqjd5jQ4btzN_QES_SuuZzFq84ltpJFm3aGClIhssxe9facSlmuxe74HFA0wdguZd03W_vTby5LWZGz-dm7GJhAtYyrymBMpO3iXem494fIHmDw7kXkVZ3lo3Kd-okiei6d4isSbvuLkVj8m-28_5TDHTk1HROLQc7mqKBvxPZBRTPoYv0eBjhWO_5RLpMYCjK0OGmYQMS2sLUxudlNGRtThjO39

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://compass.adop.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
6 KB 17ms
17ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210413&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ce4847cc22bfbdd4aba09bf80442cccbe1d89606d456e6df512587e96bf82497

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 15 Apr 2021 20:07:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6501
x-xss-protection: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 0447 0
150 B 68ms
22ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=www.teamblind.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?topUrl=www.teamblind.com
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cache-control: private, max-age=0
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
server-processing-duration-in-ticks: 1760
date: Thu, 15 Apr 2021 20:07:04 GMT
content-length: 0

POST
H/1.1 200
OK event.png
tps20226.doubleverify.com/ Frame 6113 67 B
492 B 64ms
22ms Ping
image/png 213.254.244.14
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20226.doubleverify.com/event.png?impid=e6c3c0675ac94f0783ebb8b959dec62a&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&dvp_t1stMsgB=121&vdur=67&eoid=5&msrjs=1165&pltfrm=Linux%20x86_64&isvelg=1&vit=2&engms=1&engisel=1&cbust=1618517225059172
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.14 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:04 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 4/14/2021 8:07:05 PM

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A428 0
20 B 46ms
46ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B8IPF55x4YKX9DPDc7_UPrrC74AgAAAAAOAHgBAI&bg=!3t2l3ZnNAAb2K53n9is7ACkAdvg8WnjGk16pUPWIgel7IWbxkybX7D9qHJtBDwZdedsA1oGfzSlKMAIAAAL6UgAAAGRoAQeZAtlKFtE34z5UGtc7vC5jMW4rDW_ip_FMCFMEKW9UpGyK_RFUlxjXZOiawDZkTDu4-MIYNIf-hQQloQz4Yhq4hhShRYgMwQRtMxy7Q61t6z2tMXkKNRrnvfF32vMGto2LZ2GZLL31o0X-qmDiNtJd7UW-g-1FgibTLeaDpe-IB1674jcq3t9t3VilOmYsmGqM_PikJyFQ04cRo_TORhRAUypS3P8KeCl_TEb4mwEwDhea-__eLCSkbRkTsS0n_39SU9NQ6PCRO3uEA4Gm9DBBE9VLlwxa0s8jij1bKQBwuXII1jc7TCnzz1xOhJoeh-jnClRKD5m3xgy_yprKaJtkq2AWxRBZYzHmFQLosTfExXGH96vClMeMmwWKIgu1Fd74drRULtW8sTSXpnZLnKBQrAj2bBDfJ-wOybhyqIwOgl5Rp6EA4Fz_hGyS-ckSbpNgWTL6VLuS63_621U0HquJ_GJLdIGKhS3cxDZBc4bFqbI7wPiLYwZ0OlvbANYemAcE3W84FU7ARd7P3F2gp-R72Pv2qfraIpNhhZrfUkTcb1wBqoFJU3HXdrnFjfeZ7lOQV9ryJx727W8C9M9oT03uPTwyc6jzrmr5dNZSg9IQnZdCRRjsmJal3Ad7aOSEQAcv5dsTbPYtIOenNBcgdxuVDANyW5GIUtreIgXuD_Y7czqVPZGSNEymY1v0JH53e-GM6-P35MjGChbd0TiL85-HIIsxz5c-kl8VsrNcPpglEnzb6kq0ZuVmwfEmCWShq2p5ZK0ihEKHoy-Cx3hOWCt34jqns41RV-sjhAyKHz6_jbqKJWvfSoXplJgmTHRlRnkL02mwLoGUl9BzElCPH9shhY0BSj5RARUTZOq6YXXpF5iBtNuRBCWf4cRITMh88Ag_92a8CpEJBYp6ctTpET5mC5c1cMzpD0K8VwdzOVM8HbvQtp_JwpXptVkJ5WVivtzM5PVEQAIbzHY5f48

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8072 0
20 B 71ms
71ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BAYqT55x4YOjECaCDjuwPs8e4wAcAAAAAOAHgBAI&bg=!w8ClwITNAAb2K53n9is7ACkAdvg8WhfQCdojSB0noTBppAmE6mRMNljF3PgxWpXZ64_qkZoj1KPuegIAAAM7UgAAAGZoAQeZAq0fGaVIBkVM9udkfaVzO7yMmYDKgdaEmETARECK0HNwmIcUzitLE4LsoGCtAaszdRMe1pHmJxVNW4DTKx2GBQdYEsZAZFFQNmHhX4-7LEjHK0j4O8mJLkjGFdICnjQkJBuhAc7jdW70buPL6XOw4pr3Wr1l2aSBcM-9dceQyKOXiRDmva7IteDTDNXUNJwskTjMi7zGtqNOajH7nFFYBNs1vN6QDWiB8T1qPZYc3V5hKMTa2QgPZeYDJVoR8TsRPJP0CI9tMzAGgWbmYGnWxS65Ck9i7CTz0UH4tYpdeAKxJdj7AMh7GGrBacJvldC5vGh38ya7dO-Asw0IrSLTCoqAmGzT9Utz6Rp3OmEGKvHSXAGWJQhpdWNmmfNwOs99lv4929GZA8r6vrKn_YfRy9z4FxxvrppFg0fZ_BKbZQ05Ly2gKqKZW6vQ1aNvQKdzllWzNjjY9KQrn9BViRrH2BcEgqiE-szkmvXm6C8jGq1wwk4mHkgxaCegqExfyT30SEhvJ_9FUqIG892Jk0m9z5Py6MOqY7KlT1NvxxZdOcraTJeKVcbZQlWUScraSlHTnaiFufNKqU5zjWLrllFQTn_HxowI9F1PCUso0twrXsiDbKeFchb4_iDA7uTtyXzRa1yOy0FiBeXzAyn8-LVYMdCXC4PRie-3DWD5g31eTK18oaLnlQHpcecZ9h1N9DKMQxyV_t15Wv6dKs7-Jtzt1u0Dt6dwWsIMnVU_9bCkePbR765ovae5ktfCMouNGt-ao3lHBH54MrChECECltE7jUNuPhstjkOOYlxfKEX708WIOqgqLBFe_-udtNwLrN6dtBJSv4tGHEaUm6mZUN0fR3s8V0fFLBYUhUcgL9ZBCKHyUezEuqihqj-XoS4gVcMvYk12474UuGySVO3GVsOm

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 20:07:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Thu, 15 Apr 2021 20:07:05 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 0662 12 KB
5 KB 8ms
8ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Thu, 15 Apr 2021 20:06:30 GMT
expires: Fri, 15 Apr 2022 20:06:30 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 35
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Qx3Q47ufVIXthwLbxHTZsoggz9VdVncx7lDJETLQzH4.js Show response
pagead2.googlesyndication.com/bg/ Frame 0662 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Qx3Q47ufVIXthwLbxHTZsoggz9VdVncx7lDJETLQzH4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

431dd0e3bb9f5485ed8702dbc474d9b28820cfd55d567731ee50c91132d0cc7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 14:08:14 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Tue, 30 Mar 2021 13:08:00 GMT
server: sffe
age: 21531
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5721
x-xss-protection: 0
expires: Fri, 15 Apr 2022 14:08:14 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 373A 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BqUqe6Jx4YOubB8OIrATjkpi4AwAAAAA4AeAEAg&bg=!REelRwPNAAb2K53n9is7ACkAdvg8Wga8sfFaIFPLzIJYx5vE2bYm-GGoGHmNN-q08SpRSbG5F0vMKgIAAAFNUgAAAD9oAQcKAAvcT6M7uzBSB1dObJkC1ifp8yNlo_Zug5S_pIjM4xKuMHOUD4ZTGENAVl4dJloJM1vjqOpxF0FrGZDf6bopG25nL1AJBIcDFfMPr-cVQha0v0C8Z3GmwWagolnNHkisKAqwD8h_b8Cp0fhBPiN4fNU-VcY4IwecIXr9qHgSsYJVcBJ1_tNY2A3GKNSG0Bjsjrl5vu-gkM5S5tejX4Hxw82ri8RhEzhiNugTumEAk7D8N1dhCx0s5PMRBsd-ZtMLTFidab66ou_NgAx9b4TbnkN1ZBXzq2U4JsZ8l-iIKUbdQ5jgzcAkQQGJtST4r8tWRcMzSPYy7cC2PDdLkY1T1ObQkkSFKwA_El0kxqmQlUWGkcr43Awe2roUuLzbHNdne7zh6hVswNxIT-iLnue9lumwbfps2HsC1xwvWWflcbQ1EYlAFQTwJiOpl6XQAGtlyUs-ME169Dmyu4UPYgThsLtn7BQ3v7vucQXPseJSEPbLke9fV0XILQS_hBS8Y_gIvPlZQdsoQv7NKzVeMeEz4hjoM1j-VwIiOuMmsQIJJ2TcInEzVlv7CGcWxZ0JVfHb65l8deKMYzq5bP4ZJLNq0AU6FFUzdGVV1dUfGo1wyHhXAC3OsdayX93Y3wZaEj2o3SSSP8BXOmkpLiH9UY6v8EbBoGDv9ARwyErmvZczTgA2Ds-L1-L80OU1NwcqWKBjYKgfQ7W24d7E3S4pkc2h252S2lwqxbzG1pq5W6vx5BoK5uPI-prAf6_2Ybj0p-etlskfK5sstFeF6FFebjYS2wWLScXC2-1VUReRmRYQG3YXJ3LnKXgUtNQMxmU4fBn7I8HeiHDHC8lCLgB74kymXQu10iK2Bw31o2yuaktS0RKBynjHZfnqHa0If-Mv43buSxfnZAmLrjzwWS20K2K0KklR-ev5PYE0K6j0WUOvL--6xe3CH-_Sb0MLv2ZXAr9rDkKqtZskHe7TRxab3GvMCUM1IauwYA

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210413&jk=2689970682305708&bg=!oKOlo-fNAAb2K53n9is7ACkAdvg8WvDF3Y2iUhpyT8FWk3aFS1tm2MZniDZ6Q-vgCrkub3Qjj5WRGwIAAADqUgAAAAtoAQcKAVXd0U868qFOnxbItzEckyhxWzox8Wl7E4sG28fgBF6lsh0dRCdJXXRDtQoUpHGwddA3pl64GiukmFUF-a-3ac8IM3r4D66wSFe3AkF6aGLIya7c5KqJjTIxhlDAThb-666902J6zZTa7TdPjGu5BfnyDXhX0oU7BdJ3EeREr2vH8kBD9znL0PPGlvx8TtZpjTCYSObDxlS0s4IJU7unR-TwE9GzzPcXIClo11jYytbTB80_AbI5Acz6f6FefLNmKTR0OOUzumPcL8TFYLJOJNO2KkwoAXIrAMdvcffb3ePRdSHXBoi5bF8LGDXLpudSfmgL10bubC6Ql_OJVpnXBGECwp7twQpqc0sAba9OyZTPiH0Sd1L0ECwcFxq0zCY_oKqisyCH1RtvwFNAtc_Q9g5qDCBjg4J5sPUnSWeFv1qNOaiUoh-ktX5dRw-8KJaQOXaz8aqAGJkBygN-0X1rt7mmdrAoNeUmtcqLlEHJbkn9zS7CSHUEaPKO_lS264GogDz7lCt2xh_LDbwl6ar-FCuZQrXx6z7h5y7937g9ybWaRq3eFY9Ww0Uuy6iCPg549NBk4nQcUMAC66leg9r2ZcEr3J9zscHEs9Id__XQpZHyzMAHI8DBNibpd3x-FiHTpnuL96auejvunoWtt_WzHMQguVBqG7DJbCwkpKRBMl7aCjlZjGGpiraHwc8AOLIXincW4SASbsuQV1xQOfxv3jwLaawzD8GdkZjMWGB5oNTUmovmG_jwjOzaxj9AXNs-5c8_pcYQf8dI3TfbfEAHEWURCZ8MzkexUxE6PuY43_9EaALFllg0gGU98eQBJK3BvfDEWoymvKI1Gv_Peu0cMshPeRFaJH1sBOO_OuM8g9AGRZD85MqNVqntWKOwh65TJp626NLsRafAvUOwIhUCH9B7tsYIMVSy3HDyPTeZS43OgHX5mxHfETXFAIRuji0NBCWKQN2jW7766AShZ3snNb8EdEnpKpAkMPpDUGGN66UBgFD-GYez_BN0PuMwyDDSvdIpcNqym2B83VDFNwH1qkGhKoh6y2cyOYpzGRUL5dME73v2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK event.png
tps20239.doubleverify.com/ Frame 0848 67 B
492 B 61ms
20ms Ping
image/png 213.254.244.14
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20239.doubleverify.com/event.png?impid=ebe35fbb5b574162bea9c3767c5ef257&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&dvp_ealrgx=1&dvp_ealmp=1&dvp_ealslr=1&dvp_t1stMsgD=130&vdur=25&eoid=5&msrjs=1165&pltfrm=Linux%20x86_64&isvelg=1&vit=2&engms=1&engisel=1&cbust=1618517225865249
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.14 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:05 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 4/14/2021 8:07:05 PM

POST
H/1.1 200
OK event.png
tps20234.doubleverify.com/ Frame E98C 67 B
492 B 60ms
20ms Ping
image/png 213.254.244.14
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20234.doubleverify.com/event.png?impid=41f3108e58e34e5fbd6f85c8e1aab542&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&dvp_t1stMsgD=23&vdur=25&eoid=5&msrjs=1165&pltfrm=Linux%20x86_64&isvelg=1&vit=2&engms=1&engisel=1&cbust=1618517225932220
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.14 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:05 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 4/14/2021 8:07:05 PM

POST
H/1.1 200
OK event.png
tps20226.doubleverify.com/ Frame 6113 67 B
492 B 21ms
21ms Ping
image/png 213.254.244.14
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20226.doubleverify.com/event.png?impid=e6c3c0675ac94f0783ebb8b959dec62a&gdpr=&gdpr_consent=&msrcanlm=394&msrcannum=4&eoid=7&ismms=1076&isumms=1076&isvelg=1&nvr=2&isbxdms=2203&b0=1288&adhgt=90&adwdth=728&norwdth=728&norhgt=90&engisel=1&dvp_vsosnmr=1&lftb=1288&sftb=1288&msrdp=7&naral=2&vct=512&vphgt=1200&vpwdth=1600&scrhgt=1200&scrwdth=1600&strp=0&advisonl=false&engalms=1075&dvp_dpr=1&cbust=1618517226023881
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.14 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:05 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 4/14/2021 8:07:06 PM

POST
H/1.1 200
OK event.png
tps20246.doubleverify.com/ Frame 1E55 67 B
464 B 67ms
20ms Ping
image/png 213.254.244.22
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20246.doubleverify.com/event.png?impid=d223bcb0640845ca93bc87f96f1dd4a6&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&dvp_t1stMsgD=126&vdur=28&eoid=5&msrjs=1165&pltfrm=Linux%20x86_64&isvelg=1&vit=2&engms=1&engisel=1&cbust=1618517226833634
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.22 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:06 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 4/14/2021 8:07:06 PM

POST
H/1.1 200
OK event.png
tps20239.doubleverify.com/ Frame 0848 67 B
492 B 21ms
20ms Ping
image/png 213.254.244.14
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20239.doubleverify.com/event.png?impid=ebe35fbb5b574162bea9c3767c5ef257&gdpr=&gdpr_consent=&msrcanlm=392&msrcannum=3&eoid=7&ismms=19&isumms=19&isvelg=1&nvr=2&isgmmims=19&isgmv4mims=19&isbxdms=2219&b0=2453&adhgt=90&adwdth=728&norwdth=728&norhgt=90&engisel=1&dvp_vsosnmr=1&lftb=2453&sftb=2453&msrdp=4&naral=128&vct=512&vphgt=1200&vpwdth=1600&scrhgt=1200&scrwdth=1600&strp=0&advisonl=false&engalms=19&dvp_dpr=1&cbust=1618517226865178
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.14 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:06 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 4/14/2021 8:07:06 PM

POST
H/1.1 200
OK event.png
tps20241.doubleverify.com/ Frame F58E 67 B
492 B 63ms
22ms Ping
image/png 213.254.244.22
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20241.doubleverify.com/event.png?impid=f7fe27b977654c6ba6d50af790ae6353&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&dvp_t1stMsgD=40&vdur=25&eoid=5&msrjs=1165&pltfrm=Linux%20x86_64&isvelg=1&vit=2&engms=1&engisel=1&cbust=1618517226866167
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.22 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:06 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 4/14/2021 8:07:06 PM

POST
H/1.1 200
OK event.png
tps20234.doubleverify.com/ Frame E98C 67 B
492 B 20ms
20ms Ping
image/png 213.254.244.14
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20234.doubleverify.com/event.png?impid=41f3108e58e34e5fbd6f85c8e1aab542&gdpr=&gdpr_consent=&msrcanlm=394&msrcannum=4&eoid=7&ismms=15&isumms=15&isvelg=1&nvr=2&isbxdms=2216&b0=2433&adhgt=90&adwdth=728&norwdth=728&norhgt=90&engisel=1&dvp_vsosnmr=1&lftb=2433&sftb=2433&msrdp=7&naral=2&vct=512&vphgt=1200&vpwdth=1600&scrhgt=1200&scrwdth=1600&strp=0&advisonl=false&engalms=15&dvp_dpr=1&cbust=1618517226932304
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.14 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:06 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 4/14/2021 8:07:06 PM

POST
H/1.1 200
OK event.png
tps20246.doubleverify.com/ Frame 1E55 67 B
464 B 20ms
20ms Ping
image/png 213.254.244.22
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20246.doubleverify.com/event.png?impid=d223bcb0640845ca93bc87f96f1dd4a6&gdpr=&gdpr_consent=&msrcanlm=392&msrcannum=3&eoid=7&ismms=20&isumms=20&isvelg=1&nvr=2&isgmmims=20&isgmv4mims=20&isbxdms=2220&b0=2370&adhgt=90&adwdth=728&norwdth=728&norhgt=90&engisel=1&dvp_vsosnmr=1&lftb=2370&sftb=2370&msrdp=4&naral=128&vct=512&vphgt=1200&vpwdth=1600&scrhgt=1200&scrwdth=1600&strp=0&advisonl=false&engalms=20&dvp_dpr=1&cbust=1618517227833201
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.22 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:07 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 4/14/2021 8:07:07 PM

POST
H/1.1 200
OK event.png
tps20241.doubleverify.com/ Frame F58E 67 B
492 B 21ms
21ms Ping
image/png 213.254.244.22
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20241.doubleverify.com/event.png?impid=f7fe27b977654c6ba6d50af790ae6353&gdpr=&gdpr_consent=&msrcanlm=394&msrcannum=4&eoid=7&ismms=21&isumms=21&isvelg=1&nvr=2&isbxdms=2221&b0=2379&adhgt=90&adwdth=728&norwdth=728&norhgt=90&engisel=1&dvp_vsosnmr=1&lftb=2379&sftb=2379&msrdp=7&naral=2&vct=512&vphgt=1200&vpwdth=1600&scrhgt=1200&scrwdth=1600&strp=0&advisonl=false&engalms=21&dvp_dpr=1&cbust=1618517227865304
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.22 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:07 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 4/14/2021 8:07:07 PM

GET
H/1.1 200
OK bsevent.gif
tps20520.doubleverify.com/ Frame 6100 807 B
1 KB 20ms
20ms Image
image/gif 213.254.244.14
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps20520.doubleverify.com/bsevent.gif?impid=5047895273ac4fe2869e9f990e2ad1e5&mascid=knjbd5usxdk80o30p47f5wwdwxmfhhp2&dvp_masver=6&dvp_tisf=3&dvp_t1stMsgD=26&cbust=1618517227967346
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.14 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:07 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=0
Content-Length: 860
Expires: 4/14/2021 8:07:07 PM

POST
H/1.1 200
OK event.png
tps20226.doubleverify.com/ Frame 6113 67 B
492 B 21ms
21ms Ping
image/png 213.254.244.14
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20226.doubleverify.com/event.png?impid=e6c3c0675ac94f0783ebb8b959dec62a&gdpr=&gdpr_consent=&mascid=knjbd6jwssrdj9o3ybp4gok33vd6ryqm&dvp_masver=1165&eoid=8&cbust=1618517228132873
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.14 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:07 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 4/14/2021 8:07:08 PM

GET
H/1.1 200
OK bsevent.gif
tps20519.doubleverify.com/ Frame 9849 807 B
1 KB 20ms
20ms Image
image/gif 213.254.244.14
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps20519.doubleverify.com/bsevent.gif?impid=69fe1bbe16274acf9dffa04d71d56a89&mascid=knjbd6nejbrgqn30ng4ut8icug22xqp3&dvp_masver=6&dvp_tisf=2&dvp_t1stMsgB=805&cbust=1618517228914859
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.14 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:08 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=0
Content-Length: 860
Expires: 4/14/2021 8:07:08 PM

POST
H/1.1 200
OK event.png
tps20239.doubleverify.com/ Frame 0848 67 B
492 B 21ms
21ms Ping
image/png 213.254.244.14
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20239.doubleverify.com/event.png?impid=ebe35fbb5b574162bea9c3767c5ef257&gdpr=&gdpr_consent=&mascid=knjbd6jwssrdj9o3ybp4gok33vd6ryqm&dvp_masver=1165&eoid=8&cbust=1618517228967879
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.14 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:08 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 4/14/2021 8:07:08 PM

POST
H/1.1 200
OK event.png
tps20234.doubleverify.com/ Frame E98C 67 B
492 B 20ms
19ms Ping
image/png 213.254.244.14
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20234.doubleverify.com/event.png?impid=41f3108e58e34e5fbd6f85c8e1aab542&gdpr=&gdpr_consent=&mascid=knjbd6jwssrdj9o3ybp4gok33vd6ryqm&dvp_masver=1165&eoid=8&cbust=1618517229033207
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.14 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:08 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 4/14/2021 8:07:09 PM

POST
H/1.1 200
OK event.png
tps20246.doubleverify.com/ Frame 1E55 67 B
464 B 20ms
20ms Ping
image/png 213.254.244.22
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20246.doubleverify.com/event.png?impid=d223bcb0640845ca93bc87f96f1dd4a6&gdpr=&gdpr_consent=&mascid=knjbd6nejbrgqn30ng4ut8icug22xqp3&dvp_masver=1165&eoid=8&cbust=1618517229934888
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.22 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:09 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 4/14/2021 8:07:09 PM

POST
H/1.1 200
OK event.png
tps20241.doubleverify.com/ Frame F58E 67 B
492 B 20ms
20ms Ping
image/png 213.254.244.22
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20241.doubleverify.com/event.png?impid=f7fe27b977654c6ba6d50af790ae6353&gdpr=&gdpr_consent=&mascid=knjbd7acap6vzxxlczrs6vxp2ds1rs4r&dvp_masver=1165&eoid=8&cbust=1618517229966430
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1165.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.22 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 15 Apr 2021 20:07:09 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 4/14/2021 8:07:09 PM

GET
H2 200 dc_oe=ChMI_JWRwYaB8AIV2-O7CB3sJwaKEAAYACCenf1GQhMIidXswIaB8AIVp94RCB0kRAmE;met=1;&timestamp=1618517233820;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 0F69 42 B
498 B 121ms
60ms Image
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI_JWRwYaB8AIV2-O7CB3sJwaKEAAYACCenf1GQhMIidXswIaB8AIVp94RCB0kRAmE;met=1;&timestamp=1618517233820;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 20:07:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

220 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.adop.cc/	1970-01-19 19:44:53	Name: ADOP_CID Value: DK-210415200700-10eb0397a07e4d67
.teamblind.com/	1970-01-20 02:56:53	Name: __gads Value: ID=39e8417a4bdbbc56:T=1618517219:S=ALNI_MYPgLZ89o0mSqUKbqqfaVH-2zKGAQ
.doubleclick.net/	1970-01-20 02:56:53	Name: IDE Value: AHWqTUmUHmiQbFti-PrQMNTfI8mR6-g88Y3DlHFSSTceWPQDSGBmlTwD7AarBrGFdwY
www.teamblind.com/	1970-01-19 17:35:17	Name: outbrain_cid_fetch Value: true
www.teamblind.com/	1970-01-19 17:55:26	Name: bl_session.sig Value: eZZqj-lMp-zzsqw1JbqAKWTmDh0
.teamblind.com/	1970-01-19 17:35:17	Name: _gat Value: 1
www.teamblind.com/	1970-01-19 17:55:26	Name: bl_session Value: eyJub3dJbk1pbnV0ZXMiOjI2OTc1Mjg2LCJwdWJLZXkiOiItLS0tLUJFR0lOIFBVQkxJQyBLRVktLS0tLVxuTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUExaFZUeVhRWThDSWNOMGRpYXVWYlxuK2VtaDgyb1ZnOTdidkZPdlRteFpYeDkrNVlwOTdlYmlKNW12V0tueVIraU9FKytoM2U5amZBdVU2UjZVaksrSlxudGRQZjJBM2pNNWNXaXJWcFlSa3ZoeURpV3E5bkoyUFl1cTFUVDJUUjJFSGxpaEFDNEdyWUh2dldBU29CZnBUalxuRjVYcUNaL1A5NU9EYzRuU1lRcGFOekV1dFdPS3RsS1N0cDVXLzBEREg0RDB4eFlpQW9wZ0dTV1c5MURUS0FwV1xuSGtBWDFIZ1Uvcm92N3FLOFNOUk1Ud1BISUdhSXh3Z0JUcUZUS3BNMGNpUjVBejZ1b3JVdDh5T0FYb0JiM20zRlxuQ0tOR3V4ak85TlJqVDVwNmhocThGYVM3YmdlbllqclFXQ1hsMG9xM3FmMXFMai9HVmJCOVlQUy9DOHpZRHRBcVxuendJREFRQUJcbi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLVxuIiwia2V5IjoicVpMSElaNE0iLCJ6bCI6IlVNOFlzV1NlZDRlWG04ZnpMb1JBREp3MjU0OWZlMDFqbVlEelNET0o0bllRdElLaVNTM1dZNm9XV05XN05aSVRaakhXcXlmNU5FS0dQOUFQZEtZcGhxYU5GM1prMW5yMjRiQ0Fsazd6UXFQMjhXdGZpQThKVlh4WnBLcWEzVHRaaWNqQnBid3FaWUpWeWhjWDVzZkZYcDdaWE03SjJSUXlNbkdDSEJSR2V0ZXZ5dVpCOEozWEdhNkFrNGpjRzBRc0xNMVlTcnBwb0lxRzNHWEdqV2Q2ZVVVZlBubE9HWEU3UGltVFJxYXNwL1Q1OGhpb1lTRnY2RjFEdTRZL240Nkd2NkZsa0NXMU4yY2ZpOWYrZktEVXMxUmc2cUhMYXRCMTFXSEpkYXVVT0J2NTEvNm1LZzJhMVdva2p0ZnpXZlRuUjFQcG1YOVlieDdKMktTa2Z6WnBrUT09In0=
.teamblind.com/	1970-01-19 17:36:43	Name: _gid Value: GA1.2.1928693589.1618517219
.teamblind.com/	1970-01-19 17:35:17	Name: _gat_company Value: 1
.teamblind.com/	1970-01-19 19:44:53	Name: _fbp Value: fb.1.1618517219212.1122135450
.teamblind.com/	1970-01-20 11:06:29	Name: _ga Value: GA1.2.1620706719.1618517219
.teamblind.com/	1970-01-19 19:44:53	Name: _gcl_au Value: 1.1.1426247164.1618517219

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://www.teamblind.com/_nuxt/af446fab3a380652e754.js(Line 2) Message: TypeError: Cannot read property 'removeItem' of null
console-api	error	URL: https://www.teamblind.com/_nuxt/af446fab3a380652e754.js(Line 2) Message: TypeError: Cannot read property 'getItem' of null
console-api	error	URL: https://www.teamblind.com/_nuxt/af446fab3a380652e754.js(Line 2) Message: TypeError: Cannot read property 'getItem' of null
console-api	log	URL: https://s3.amazonaws.com/cdn.aimtell.com/trackpush/trackpush.min.js(Line 1) Message: Push notifications powered by Aimtell. Learn more at https://aimtell.com/developers
console-api	error	URL: https://s3.amazonaws.com/cdn.aimtell.com/trackpush/trackpush.min.js(Line 1) Message: [aimtell] Browser does not support push

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

23f66cae13c36062a0a9ea36e083e83b.safeframe.googlesyndication.com
6a88d704ba38fe49dea94b4cd772f2fb.safeframe.googlesyndication.com
a.rfihub.com
ad.doubleclick.net
ade.googlesyndication.com
adopdmp.adop.cc
adservice.google.com
adservice.google.de
amplify.outbrain.com
ap.lijit.com
bidder.criteo.com
c1.adform.net
cdn.doubleverify.com
cdn3.doubleverify.com
cm.g.doubleclick.net
cms.quantserve.com
compass.adop.cc
connect.facebook.net
d.agkn.com
d2u3dcdbebyaiu.cloudfront.net
data.adop.cc
dfca600f203e86af9af13c531202040e.safeframe.googlesyndication.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
ib.adnxs.com
links98.mixmaxusercontent.com
match.adsrvr.org
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-sync.sitescout.com
pr-bh.ybp.yahoo.com
px.ads.linkedin.com
rtb.openx.net
rtb2.doubleverify.com
s0.2mdn.net
s3.amazonaws.com
securepubads.g.doubleclick.net
snap.licdn.com
ssbsync.smartadserver.com
static.criteo.net
stats.g.doubleclick.net
teamblindstatics.s3.ap-northeast-1.amazonaws.com
tpc.googlesyndication.com
tps.doubleverify.com
tps20226.doubleverify.com
tps20234.doubleverify.com
tps20239.doubleverify.com
tps20241.doubleverify.com
tps20246.doubleverify.com
tps20519.doubleverify.com
tps20520.doubleverify.com
tr.blismedia.com
tr.outbrain.com
um.simpli.fi
ups.analytics.yahoo.com
uswwwnotifier.teamblind.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.teamblind.com
x.bidswitch.net
13.124.92.103
142.250.185.226
142.250.185.66
142.250.185.98
142.250.186.102
142.250.186.98
169.50.137.190
178.250.0.165
18.210.203.176
185.86.137.121
193.0.160.129
2.18.234.190
2.18.234.21
213.254.244.14
213.254.244.16
213.254.244.22
2600:9000:2156:ee00:18:69f:d880:93a1
2620:116:800d:21:51e4:db4b:4436:b305
2620:119:50e3:101::6cae:b45
2a00:1288:110:c305::8000
2a00:1450:4001:800::2001
2a00:1450:4001:801::200a
2a00:1450:4001:802::2002
2a00:1450:4001:808::2001
2a00:1450:4001:809::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2002
2a00:1450:4001:813::2003
2a00:1450:4001:813::2004
2a00:1450:4001:827::2002
2a00:1450:4001:827::2006
2a00:1450:4001:828::2004
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::200e
2a00:1450:400c:c0d::9c
2a02:2638:1::3
2a02:2638::1c
2a02:26f0:10c:58e::25ea
2a02:26f0:10c:59c::4469
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
3.126.158.103
3.126.239.96
3.126.56.137
34.96.105.8
35.186.193.173
35.186.253.211
37.157.6.242
37.252.173.22
52.17.19.0
52.217.18.110
52.219.16.231
52.42.113.144
66.155.71.149
70.42.32.159
72.251.249.9
99.84.155.72
99.84.156.54
99.84.156.98
0216d870844c21ce7c5c72f3471b81013c6d1879d5c4701b81a6c0c22870e081
03f3a4042cc05c83eb411986cd1ec89b0d3e7812e96bf6fe6fcf61efe12bf8db
04b2c3919eab959d0535139f9decd6b513be3d0356379bdb42e7fedc0ac32667
070f83011d08921c13cab92929522f04c124862b1f16cadd94f4ad12a18627d7
074a51b3011aa6b78ebe9c4862a4e5582e35c1046eb1d789c8b99e34ea8cbdd9
0b080ef57a7cae7c33280c8889743a107d45d4572a2f555f6fe7ae9d44a1fc9c
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ccdd423d1d7baedd48712380907f12d4b1358a8a5200ff7ebe7b05268872514
0d706be32ab771038880beeb037bbe46a7310f00e4cb993112ae5194a2bc49a2
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
132135db68b691f135b7a4b204749287cae61fc557d9bab5bad2727b3ed938f3
13d8d24d56ed11238a516563650af59e3537d6460229c777bdb43ae6e8fa33cd
166a4ec3cb90d525f7f744c7616c01b36bebd6dcecd486c8f5be14ccc0a7b3da
17519c326c34a1ba56b0e73c316b333974ab59bb64c50308ca61b0c938e42854
1b441c58d9eca505d906bae067895b62fdfc6916fcedaf35dff03badbad6bb57
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580
1dfedaa4297bda780ac46ebab35b55e8fe26415a2f84ce832ffff0736df5284c
20039be919968b930cff518868ad1ef9ded693de4a14d265aa2ff7a3f7254498
21684099693050fe6fecb937bb35c94dac2dc990158ed38a53d44ae28fd9c6e8
219d1535e2b21dfba0bfcd06627390f28ef2edae88dd4ed4711565dec0ce1e10
231064110361844d6320331a5c35979c2a492a546604d97181eb6cf7aa4ae1cd
25d989b3ed89abc5bb5a814c257dc57619d7f45908013cd08aa508c22e4f6a0a
29f21aea7fc613d2618b70a483e0b4bf50ba3f4ce4109fa429ce580ec57ef991
2dea8a79d16c66887e8e766c7e8249d4828dc753e637f254600d2db24654d303
30d7e1e073346bcca8b4e2756a6aea26252657b4fc82aed859a15715b4d163ce
32200079af3431dac0a17d4fc12fefa2f8f598be001d9b36cf0f4c76fca4ed3b
33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c
34bd88854d8b0eb5be11fc8fbe2c1e3ca118a24b88a6d9e8510ca370e799f374
34bdd0318860430860853f8e2000dc329cb5f4f2938e259a9efab81ced5f0fe6
3688ea0b958780bd7c481db25d847cdc7027b0ca122d532d9bbf000579bf3164
3eb6d86c3dd1154f134f4620312eb4b4efabe6bd46f49d29eb8a36afb4bcacae
40adb937145b21abf0b1dde7dfa4d0a80be21ce7bf7d4f85ca944022a23c6785
41127f26377bf4e71f1d329d3cb41acb455a0589da47bfc5b76c3d97491c81da
431dd0e3bb9f5485ed8702dbc474d9b28820cfd55d567731ee50c91132d0cc7e
443e77a7b3caebac5126bac4ef0f4d3ba96a0569a1b2ceac6aa91be6237aad47
4469534a5394e88a1adb26a265f582d8232e3ded722c333048e5ab22554c0495
4545eb1dec25fe868d19dc292d417d8a9e41c0276d75a4eaf524a9db21aa705a
455b1caff0664a32ffc448ada91ef26315a17335812b2b4d881c4765ee19c04c
4634a8b80b516b7224c93c4e2170929d261e6f46277040da4fccfa10179e1428
46c227fca1e6f03da19dd5b2607d321ffda785e6da71bd523cf693cc3ba8f1a0
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
472dc749acd81926fc743a1c840a99c0ed3c255fc062dec09b0ffa569b52aa00
49f7dca11b1d6ec82fb96142bf05e5588fd6a6276ea79a9b56af916c29838f65
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4ce43b5281d10d1f3023c8caddb4402c0d5ab46aee3db71ad264939305d5a178
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50d39d7981a0feeddc52b74c4f4b32e680a3e16324d5eba9f599bf304c98bf44
53280905b2db2aa2c72a68c4dc4c3e63d640fc581343f26842e830ed8866206c
53b12bb0978b2dc52d02ff9c820c4ec89fb32acf07b86737eb7d731f5841c272
554bc1440e7f58e518aae4facf8b6d5f34af6695c3a8d03c12003d1eb973989b
59883dc82297de1d8ff485a115678ff6e56102eb1fc170c9808737535f6f8070
5ae680e450aefa4591c209425757cbad14cc0a6f961dc6ac733499d9bd8bda63
5e20480a6db05edcb97721f4b34f3ab0f7d7ad532dedc10d3da60b2b7a29810b
5f07d43571a20235b2506061c9729d91179d32b8b3c75123aa8fcd45e60d7541
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2
6095f802f70da16a4e09cc05554f17ceae41f8a8a2216d9ba3f3d03601235683
613b31e17ab2a749e393f68251fd890dfc7b8df27d6349cb17334aa6ede7f28b
6166176f087dcb2e34b8ab4aac5f3ceab876353aaeb4f701b140868fc62ef8cf
63491c0480e03922f0cccc1f9f459c0264a37ab65ad3639a327cb0c930851176
672f87491a9cfd714220241474c8dfe02480890e07ca9a59e98aabe9f9e5325e
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
68ab8f9b3d4ac03fc0a526843c8f50dc2b6c98d9950f517447f8f56018b393f9
69e6c95db83ba72c39b5bf799a603ad0bb3e9ac98cd1f16079502e08331ee045
6a3696975c783c5019b7f4e0eed0595e74670023da3b94e828adf9b77ff2b99d
6a91d2c8e11934ec55a15d7a22b9dc32a1428b8a98241ba84b297a4edb8e6f20
6fb69481ea7b123e0f401570d39621586a0213ead61855be488ab5aeb945b5b8
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
74e1cf077493c33fe895c7ce5732cda76b195e2d357d928f094bc3367cc7a75f
75511cd36cb96f4546a39a51c814ce60ee692430d84eeacf33e06e62baa6745d
780849559953abc98981f7964d063930d1b9cdf5f9aff09e60bd64cc2d9de59a
78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416
79b7fcaf481cec05c49e24a7a05758d480e481db900b1029903f16c2cb7e764d
79f9f187afa2b55da1fdb60bd14ab8b14451ab6fd0e8031deb0e0076eb18aa8a
7b4c2bf3f3ac9dd6facfbb6252788c8201a97f1ee9c6fad66326d662d395a7ff
7e739cb08237c433c5fc87622578034ce4d4b9233f7cef03d0c9183d3295e9ca
7ec5836e36d08e44e48f7c03716bb2da5d1cdf0b26e8c205baf764eebb7fcfd5
82f5a74dad766a03768acadfb541c9e413bc11691f368abb91bdf0a2484afc68
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86be5d6a3d661fd3d5d72f254a347dec5c66cad569117f51dad297acba02f558
8acac48bc106c4eae580c08071597f9dafab96d959deff65bec44514da907b1d
8c8c7cade5836e30a31c5ab7a397864bbc5d67cd48f1721317d484ff972ab05c
8d2c8ea830e583681b95c707f9aa6fe2a6c7ae6c132b7e683fa7b1c20a2d6b69
8d6487dc2599772b6ccb8ed3c214aefeddf16e73d868abb94f2223c133af06d0
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8f1925cead7a157cc194d449223e5a94ff63257f67f020507779e8fefcf5e027
91b80b914661c7d5e3cecf23fbb5474f534e7e2bc17ebe847d6753c49c5982d3
93a95660fef2314044a7f8512cb4020aad4c6393e0b962a9ca8fdfe0af1dce34
93f65e62efde85a918b157b625be0d992e6a5f4361382cbed32fcc48cc943c54
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
96b6681f28903bd40dea8277fd55e57ae37b4eda06dc3e68150f81fe3b032bce
97c7d63bf3cb301f9bb85e1bfad7b40c7d6b011f4c86185bb3af8caee3491aec
98fb894f615476d2c142ab2b8dfb56035ecd9e58393bbb3feb8f067f5490d5f4
99fcd335db15dc4bc00ae60c1c2e70a332743edf8b7e36d39efb1f9a22fb65ae
9a6593db707489a4b3966aa68899741fd3ea0ef0c20f65250fbadfed8e83d22f
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b7a85aa81026897ad8e44045b19deda17aaa6edb8ac44318377d17ec57bb753
9dc4d51f4ccf537a31e9b2791d9d1b7f35334a19ce7b316100a658cfc4a5027d
9ddca568ff519cd935a816baec6f7bfce459656ec5022ec2ba6a6225891022eb
9f98af25136d691914cb644e8621ef6ef17f52d47abb1a828fadb1ce3867f42c
9fda17a1f3f9bfaef174418e93302fa68dcaff37546a25d286fb3a066168e49f
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a131c13741a159b975b0fe5c57ed1bb636d7191a624dc066e475ae042e4c1f64
a20c352f37c2c118fb34ade78fc8e5ae1a870827829194cd05bac70ca6a25d94
a2a292ee40c2422d82f43b270984343ea18e7c05384459c1d7adbee2c241be30
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a3c7456ae6bd6bc3fb2f7a7c10452e8539643a7bf9c46456e72679c94db8796c
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a
a6fe0e318101ee9a296bf6e6b7e001f7dfeea246192bdf1a308507ca26304ff8
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a8a84232885a62ee3a6531fd71552fd77acb7718370cee1f2d527475074fddc7
a90b2ad56322cc76f001a774145f0603fd0a364f0472538e916cd9e6d7dc3ce6
a9a2f1dd042cb6f1eded53dc0a1c66ed8694fc093dc3520cdac1a541d615d474
ae7d05618d5b0db7b893212ff02b6f0ff33c4a0dfc9184f008c5b6def805d0ac
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b0bc5e3662f35ed2dc29a0687c30b85ed673275ad4ebcc2e5d6422316db85b50
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b6846c26f2d487e6b10fc3addd1dcd73dfa35578b39c1180fa57c1618d3d6013
b8c57089189642eacb35c295bef554bdccb819ed773936e496c17334bfd478e7
b9c90c601bc81ad71ed8be557ff9b095de5aae947926e84011e2728cf65250a6
bcb2fb925d9f5f725bfcb8e0513bda0e532cc9d61863d5e906bc5a4c447efd29
c1e484c08f5ca34c45c51c5e73a54369fea83e13a0fd54e880dc5841e8d89d92
c3f20d5ebd038ac86b6170aacc5a3cc348f1cdeb80b856259fb7910cb0743b4d
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
ca5c5368c6273b25608c7ba90b914072355b10df231585a4b2cd1e6408760f92
cad3d12505a78bcab262663591b8a66cb6c8353aa7c97fcc7b80155a29075ac5
ce2216da03d856edb71b34855ce2c67476f6053791b3e85da74477d9a37360a9
ce4847cc22bfbdd4aba09bf80442cccbe1d89606d456e6df512587e96bf82497
cec04fe7936fce4f9e63fd026c4466f66deda2e5fa9e1b6aac3bfbb18d787b04
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d03755898b05a3d69377bf7da16ccb307e789a0f569b4dbbcb7b29bdecf967c5
d07e79e862add2cf902bd1cbfdfbfa356b5c36bbe569fa017dd7c0baa5790a30
d22a85c3f4e82768c699c75ec2893d3b278f4e8e57225396b9039461f1cbe08b
d5fb8d1ad9708db8272c7da7aa795a4bf6cc3784afffcdd11b84c0707760996f
d719d335250de336d88b878985a732ec3f0b499b46564acbae5bebab2e320e33
d7272d71b8b5e6750cd47d2d26bf7a8ec8c531f8aff15297c9101491bea4c26f
d94fd083706070305d8283c037e8d06e82cd891d2100d313073226114ebb481a
da0ac2c24ae3674e3be8223e15ac405811ce758be6cdaff540adfecdcf67ac40
da1febf9bfaf1967fcbc91dd2ed2a84f86df03aebb879714db3a87967b8f56f0
dc2127679b8d871e3955b5209a0bbce29a6088e0ce0bb633984f98c2f3220b05
e15eca5878352d8972f4e93b9aed80e34860514c23bfe9ee0a01767a291cf28a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770
ebd74ccd61864d807768b9d61cf9f71c5e175a4ec83fdc0fe78d7daa229c8ffc
ebdca285c848e8ea65777d7005c5e9a0bad20d802142bd91c2747ea762f2b1ab
ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a
edc568237e683ce7291b503fabd667ba40efecde7dda0309e1f6a6e31d3c5699
ee1877443e0f173670382e5b361173797bacf77dd756f49269c67ca1bc2623a4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f31fe92c2b78d3cbfabbe34b05b7c7d6aba7127e15178f3cafb98cc4c0fd9d1c
f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df
f559686546104588d06b32906a6490501a1842a3231a2d58fbe2be62418e97a1
f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4
f9b0195ab22815c68db0b05e89abfc88fcb0b46b8b9a28d70ca731f17e07053e
fab63f45faed7d68abbc9d5e065358998f9c86daa35bbd9f268b2e892503f4ec
fcaa388452305a1fbfa2305fa10aa3739704956fc0b82a20bafa76cbd3ed68ba
fe58c8a357e8f05d088e7046505c903d241444f23b06740bacc414532e6cd48c

www.teamblind.com Open in urlscan Pro 99.84.156.98 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

338 Requests

100 %HTTPS

47 %IPv6

40 Domains

70 Subdomains

55 IPs

10 Countries

3990 kBTransfer

12028 kBSize

12 Cookies

10 Outgoing links

Page URL History

Redirected requests

338 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.teamblind.com Open in urlscan Pro
99.84.156.98 Public Scan

Screenshot
Live screenshot

Full Image

338
Requests

100 %
HTTPS

47 %
IPv6

40
Domains

70
Subdomains

55
IPs

10
Countries

3990 kB
Transfer

12028 kB
Size

12
Cookies

338 HTTP transactions
3 data transactions