Submitted URL: http://framed.wtf/
Effective URL: https://framed.wtf/
Submission: On October 27 via manual from GB — Scanned from GB

Summary

This website contacted 24 IPs in 4 countries across 20 domains to perform 53 HTTP transactions. The main IP is 2606:4700:20::681a:b59, located in United States and belongs to CLOUDFLARENET, US. The main domain is framed.wtf. The Cisco Umbrella rank of the primary domain is 121312.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 25th 2022. Valid for: a year.
This is the only time framed.wtf was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 21 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:205... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
2 2600:9000:211... 16509 (AMAZON-02)
1 88.221.168.201 16625 (AKAMAI-AS)
3 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 52.15.219.226 16509 (AMAZON-02)
1 52.9.68.145 16509 (AMAZON-02)
1 2620:116:800d... 16509 (AMAZON-02)
1 2600:9000:211... 16509 (AMAZON-02)
1 2600:9000:219... 16509 (AMAZON-02)
3 2600:9000:211... 16509 (AMAZON-02)
1 18.156.50.186 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2 2a02:2638:1::13 44788 (ASN-CRITE...)
2 178.250.0.157 44788 (ASN-CRITE...)
1 34.251.218.252 16509 (AMAZON-02)
1 15.197.193.217 16509 (AMAZON-02)
53 24
Apex Domain
Subdomains
Transfer
21 framed.wtf
framed.wtf — Cisco Umbrella Rank: 121312
197 KB
5 quantcast.com
test.cmp.quantcast.com — Cisco Umbrella Rank: 10950
cmp.quantcast.com — Cisco Umbrella Rank: 3108
audit-tcfv2.cmp.quantcast.com — Cisco Umbrella Rank: 12657
145 KB
4 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 425
mug.criteo.com — Cisco Umbrella Rank: 2786
1 KB
3 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2668
www.google-analytics.com — Cisco Umbrella Rank: 32
20 KB
3 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 188
155 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 61
119 KB
2 confiant-integrations.net
cdn.confiant-integrations.net — Cisco Umbrella Rank: 1515
83 KB
2 consensu.org
quantcast.mgr.consensu.org — Cisco Umbrella Rank: 2424
46 KB
2 thisiswaldo.com
cdn.thisiswaldo.com — Cisco Umbrella Rank: 45505
thisiswaldo.com — Cisco Umbrella Rank: 40002
121 KB
1 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 356
386 B
1 crwdcntrl.net
id.crwdcntrl.net — Cisco Umbrella Rank: 1481
332 B
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 876
641 B
1 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 948
10 KB
1 ipfind.co
ipfind.co — Cisco Umbrella Rank: 54769
457 B
1 pubmatic.com
ads.pubmatic.com — Cisco Umbrella Rank: 495
61 KB
1 gstatic.com
fonts.gstatic.com
17 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 44
1 KB
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 1116
6 KB
0 4dex.io Failed
script.4dex.io Failed
0 rlcdn.com Failed
api.rlcdn.com Failed
53 20
Domain Requested by
21 framed.wtf 1 redirects framed.wtf
static.cloudflareinsights.com
3 cmp.quantcast.com quantcast.mgr.consensu.org
3 securepubads.g.doubleclick.net cdn.thisiswaldo.com
securepubads.g.doubleclick.net
2 mug.criteo.com
2 gum.criteo.com 1 redirects
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 www.googletagmanager.com framed.wtf
www.googletagmanager.com
2 cdn.confiant-integrations.net cdn.thisiswaldo.com
cdn.confiant-integrations.net
2 quantcast.mgr.consensu.org cdn.thisiswaldo.com
quantcast.mgr.consensu.org
1 match.adsrvr.org ads.pubmatic.com
1 id.crwdcntrl.net ads.pubmatic.com
1 region1.google-analytics.com www.googletagmanager.com
1 audit-tcfv2.cmp.quantcast.com cmp.quantcast.com
1 rules.quantcount.com secure.quantserve.com
1 test.cmp.quantcast.com quantcast.mgr.consensu.org
1 secure.quantserve.com quantcast.mgr.consensu.org
1 ipfind.co cdn.thisiswaldo.com
1 thisiswaldo.com cdn.thisiswaldo.com
1 ads.pubmatic.com cdn.thisiswaldo.com
1 fonts.gstatic.com fonts.googleapis.com
1 cdn.thisiswaldo.com framed.wtf
1 fonts.googleapis.com framed.wtf
1 static.cloudflareinsights.com framed.wtf
0 script.4dex.io Failed cdn.thisiswaldo.com
0 api.rlcdn.com Failed ads.pubmatic.com
53 25

This site contains links to these domains. Also see Links.

Domain
episode.wtf
plotwords.com
numble.wtf
shotdeck.com
Subject Issuer Validity Valid
framed.wtf
Cloudflare Inc ECC CA-3
2022-03-25 -
2023-03-24
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-05-11 -
2023-05-10
a year crt.sh
upload.video.google.com
GTS CA 1C3
2022-09-26 -
2022-12-19
3 months crt.sh
cdn.thisiswaldo.com
Go Daddy Secure Certificate Authority - G2
2022-06-01 -
2023-06-16
a year crt.sh
*.gstatic.com
GTS CA 1C3
2022-09-26 -
2022-12-19
3 months crt.sh
*.cmp.quantcast.com
R3
2022-10-20 -
2023-01-18
3 months crt.sh
*.pubmatic.com
DigiCert SHA2 Secure Server CA
2022-02-04 -
2023-02-03
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-09-26 -
2022-12-19
3 months crt.sh
*.confiant-integrations.net
E1
2022-09-26 -
2022-12-25
3 months crt.sh
thisiswaldo.com
R3
2022-10-16 -
2023-01-14
3 months crt.sh
ipfind.co
Amazon
2022-01-03 -
2023-02-01
a year crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1
2022-08-09 -
2023-09-09
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2022-09-26 -
2022-12-19
3 months crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-08-27 -
2022-11-22
3 months crt.sh
*.crwdcntrl.net
Go Daddy Secure Certificate Authority - G2
2022-05-01 -
2023-06-02
a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2022-03-31 -
2023-05-02
a year crt.sh

This page contains 1 frames:

Primary Page: https://framed.wtf/
Frame ID: 5EDB544E63245AA200E6F9469B95ED36
Requests: 53 HTTP requests in this frame

Screenshot

Page Title

Framed - The daily movie guessing game

Page URL History Show full URLs

  1. http://framed.wtf/ HTTP 301
    https://framed.wtf/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+data-react

Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com

Overall confidence: 100%
Detected patterns
  • quantcast\.mgr\.consensu\.org

Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js

Page Statistics

53
Requests

94 %
HTTPS

70 %
IPv6

20
Domains

25
Subdomains

24
IPs

4
Countries

982 kB
Transfer

3175 kB
Size

15
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://framed.wtf/ HTTP 301
    https://framed.wtf/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 48
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fframed.wtf%2F&domain=framed.wtf&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=UAVgyXxmYUw4ZzFweFZheGQ2VkFoUE9tMmlBUE0vOGlHUkpNQVNTV21PL1JPNjNrV2ZUSTRCM3pxZWhnUGZZSGFiclk2RHZtaFZKSE5jUWVsenVQODZsdlZjb0lGeUtUbVNvbElPRHhKdkNqMWJRdDl1bjRVZ0V1T3lrSStyUGtSOVVUbXpiUHBJU3Vsc1NSS3E3eWdGY2pTdTdZcDU2QlhqMDdVSCsvQnh3ZitUN0k1YW9aaTVpcU1NY3V4UVUzSDk5ZURqeG52bWwvWlY3MUd5SDRxSkZyWjcvU1l5MDUzYS92ZzhsQXY0OExiYjVzPXw&cppv=2

53 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
framed.wtf/
Redirect Chain
  • http://framed.wtf/
  • https://framed.wtf/
7 KB
3 KB
Document
General
Full URL
https://framed.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
983db33ba0be052bc481894c2f52fefea786909d6c90f8782552427714de49c3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
760b90210aa47595-LHR
content-encoding
br
content-type
text/html; charset=utf-8
date
Thu, 27 Oct 2022 12:51:25 GMT
link
</_next/static/css/db5b8f318a85e932.css>; rel="preload"; as=style
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g9zaWckHR5qxGVvsSiU7R7N8fjSP7CAGoT65%2Br4EMS8JjDjzEjurSJ8e4XWz8mabYAoP45HXKIgWdeBYU6FFbqU7YMC9lS1TiaTPL0O4rGJQsSvbRo3n3B3wUvXkTjICQ7tBDq%2BeBrsp"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff

Redirect headers

CF-Cache-Status
DYNAMIC
CF-RAY
760b901fee96072e-LHR
Cache-Control
max-age=3600
Connection
keep-alive
Date
Thu, 27 Oct 2022 12:51:24 GMT
Expires
Thu, 27 Oct 2022 13:51:24 GMT
Location
https://framed.wtf/
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F6kKxycHNuSrpHp3KXBtLgeJy08elAv%2BhRQoPt%2BZsYJgKBU9%2BO3C2FV9M2fG%2FWKnOvK%2BZ%2BoAdTL%2FSob8Vyv3LusT99mxj5EclZL7CFrfSdoOeOkHBEmUyGMyW%2FJgmlRkNZqPwn2pxf8e"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Server-Timing
cf-q-config;dur=6.0000020312145e-06
Transfer-Encoding
chunked
Vary
Accept-Encoding
db5b8f318a85e932.css
framed.wtf/_next/static/css/
10 KB
3 KB
Stylesheet
General
Full URL
https://framed.wtf/_next/static/css/db5b8f318a85e932.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0e216b2bddb39c2382d912dd8746875f4d638a0a3a3fb1480ad4bc8aa79e12a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-cache-status
HIT
age
2551
etag
W/"b311cf6545b61da1984a00b4e57f3339"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VXF0YTREzS4OMZaRf2LkcT1GB46PkTgjHU05J%2FGjJx8M9JgOu2c1FFmGeFjq15iwuxZfXADazCbUyIT32gsQMPAnZ9Yh0uGUEVM92KKRSxnLxq9YWGs%2BmgyV2eiFt%2FYjeTKpT4I6KVZe"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=14400, must-revalidate
cf-ray
760b9021cbd17595-LHR
webpack-4f1d983e64e0b154.js
framed.wtf/_next/static/chunks/
3 KB
2 KB
Script
General
Full URL
https://framed.wtf/_next/static/chunks/webpack-4f1d983e64e0b154.js
Requested by
Host: framed.wtf
URL: https://framed.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e4ff4be2cc571fda16a38af76e4fe93bfa7b9c32a231e51e21387b4bd35692b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-cache-status
HIT
age
1708
etag
W/"c41c193a3dfdcdb1366512cc68b8385a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BFb4Ylf2pInsJ1S6InFUwZK%2Fl32Z7Aphw73Xxt0S6nqydfSt7wErCm3v1E1X%2BW5aq7ewuSy1Ab304wr333nuSmNmyhyfFRv%2BRgvdJhlNJHKDtczGqRuJ74wNrwQC"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400, must-revalidate
cf-ray
760b9021cbd77595-LHR
framework-5f4595e5518b5600.js
framed.wtf/_next/static/chunks/
127 KB
42 KB
Script
General
Full URL
https://framed.wtf/_next/static/chunks/framework-5f4595e5518b5600.js
Requested by
Host: framed.wtf
URL: https://framed.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e89e1175a6145d737446d673ffa073f4c469c8fe3972f5287b1e7e9b241282b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4547
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"5a6c48d6423442bc08036acfd6279f76"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ydyC0qLeu%2Fa97QGuOIafY%2BVuq2q%2FJ%2FWu6lIG8XKKKp5sMZtDMJ08VmjGQcnj4oabtjpPJmV%2F3glqhsAxg%2FYkOg12xBJvzGktdck%2BMTrrgCxYMvarAp%2FmU9fCMdy8"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400, must-revalidate
cf-ray
760b90220c3a7595-LHR
main-63b79767fca3418f.js
framed.wtf/_next/static/chunks/
98 KB
27 KB
Script
General
Full URL
https://framed.wtf/_next/static/chunks/main-63b79767fca3418f.js
Requested by
Host: framed.wtf
URL: https://framed.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a637e596681ed9976af5267d2e8b7f07c3bef2d0e8404160c46ab14b99c317cf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5793
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"d36f10025abd57cb51eb9a7c546c939c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AbWKAfcNRqayDpSVL4mCGEBsRFaf0UFr7%2FMkEv7uuoe1xm%2Bgud4WGFeCdg%2Bh2y6%2FF%2BgxvKfHSEpHyzPpm%2BBZB6q8S%2FxDiHey%2FgpssK4VMLd%2Fv0RvaaOkvZBId%2FF3"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400, must-revalidate
cf-ray
760b90220c3d7595-LHR
_app-787cba108c7963af.js
framed.wtf/_next/static/chunks/pages/
3 KB
2 KB
Script
General
Full URL
https://framed.wtf/_next/static/chunks/pages/_app-787cba108c7963af.js
Requested by
Host: framed.wtf
URL: https://framed.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d18a51022cad31a082121a039cea94605f0a4798cb543b527d25f52599eff81e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-cache-status
HIT
age
6948
etag
W/"ac985ba7766f799bb33841bb32cbc301"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v0dqFQmzVuZzQU4HMCXJ3mUbEiisxXygrlp5UWsCYUkWxGwJWyQtUCrmFgY2dq6MBmHtCb57g51Cd%2F%2BarX8TGfO7lUtcqFIgGSMEagPJ7KXDcdLJRysaQ7t9D%2FVk%2BwEuQEpuCP9Vj9RM"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400, must-revalidate
cf-ray
760b90220c3f7595-LHR
696-f8ab7e42bad5e644.js
framed.wtf/_next/static/chunks/
54 KB
19 KB
Script
General
Full URL
https://framed.wtf/_next/static/chunks/696-f8ab7e42bad5e644.js
Requested by
Host: framed.wtf
URL: https://framed.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe526bc3f526ec0fbeb6d7324c8efeb5ee159286703c25afb8898d982a24d4fc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-cache-status
HIT
age
6920
etag
W/"06a0bd5d426f18af616c49a33e042ecb"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w7Tz0sC2Km8G73H2pA2ZqOUIkJik8AZPQpCjnhEUPYowsuHOjHgrhnVSaL5c7o4%2Bokmeg3bLJK%2FqhPfD5SwJrzb1E1f6934xznIz8exEL9t0Y5f5Dvf%2FN1oPRnOk"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400, must-revalidate
cf-ray
760b90220c407595-LHR
873-b6a4e1e237581b9d.js
framed.wtf/_next/static/chunks/
16 KB
4 KB
Script
General
Full URL
https://framed.wtf/_next/static/chunks/873-b6a4e1e237581b9d.js
Requested by
Host: framed.wtf
URL: https://framed.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e385b1573271e796607e24414c53d0db2ab9ae5da1c207725601c596255919ef
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-cache-status
HIT
age
1708
etag
W/"dd7e380a26d4b2514460fb2b0735f761"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tE7bXqbRNlg6ysw7h9ThzQeXn521U7m%2B2jfwgchdR0hlGkDOIE6rLm25snz0wpngOVTWBXGPpkl1d8YnS1%2FUtZe6FduGeJDhuH%2FAzRoCthYvdeR%2BHU6Fh2UEEoth"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400, must-revalidate
cf-ray
760b90220c437595-LHR
index-037098437ff5c0c7.js
framed.wtf/_next/static/chunks/pages/
3 KB
2 KB
Script
General
Full URL
https://framed.wtf/_next/static/chunks/pages/index-037098437ff5c0c7.js
Requested by
Host: framed.wtf
URL: https://framed.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f5343063dba417136e1ff9732d3dd0d3f9be1f53024d618b0f7e8931166df252
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-cache-status
HIT
age
6948
etag
W/"a27a081dfd043c5282f7f279c16acdc8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F8vjz9xt%2F%2Bn8vS5KeN4Jzrc%2BhBgAmetuUlP3Nbjzg3rdjyL46DYjxbGKTUaJlD6ddYuf9kYuJhYOMOkh4cS2WIWrTSP3EQTZNS1FbG16mKu36aI6fdMoP0N2yXVBdXjJyE2GTbPsSIqA"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400, must-revalidate
cf-ray
760b90220c467595-LHR
_buildManifest.js
framed.wtf/_next/static/Tgmod5oznxS1cHH6mg_7R/
604 B
602 B
Script
General
Full URL
https://framed.wtf/_next/static/Tgmod5oznxS1cHH6mg_7R/_buildManifest.js
Requested by
Host: framed.wtf
URL: https://framed.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c52adb4af77b473dc2143b4edd8c227f0359af631f415a78da811d4419ecbfaf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-cache-status
HIT
age
1708
etag
W/"e824b4daa945e69b05635de3c5c35c56"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K5PPlCfuOtgLJDU1GpzBO%2By8TupRlU3J%2F9SWZzwG8YzgKM441CMKf9SLWqD3PAS9mtL1KAMJUbiy99SVF5HTAHUNKmn41uT50VsUvtlyxQwDLisA%2B7iztptWCVE9"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400, must-revalidate
cf-ray
760b90220c487595-LHR
_ssgManifest.js
framed.wtf/_next/static/Tgmod5oznxS1cHH6mg_7R/
77 B
345 B
Script
General
Full URL
https://framed.wtf/_next/static/Tgmod5oznxS1cHH6mg_7R/_ssgManifest.js
Requested by
Host: framed.wtf
URL: https://framed.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-cache-status
HIT
age
1713
etag
W/"99dfad1d4dc538d0f87b1326c3f89efb"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6yM5eGnX3Opi7wBtdyyscSZG%2B4go6RXXkNElDgDM8daRrLydgwXAszwAjWokO16dnBuhups8v044nnzapHWSBzWJugZ2NiFJazeCfT6rWML70rP%2FujfZhjsUSUpr"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400, must-revalidate
cf-ray
760b90220c4d7595-LHR
_middlewareManifest.js
framed.wtf/_next/static/Tgmod5oznxS1cHH6mg_7R/
92 B
347 B
Script
General
Full URL
https://framed.wtf/_next/static/Tgmod5oznxS1cHH6mg_7R/_middlewareManifest.js
Requested by
Host: framed.wtf
URL: https://framed.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-cache-status
HIT
age
1776
etag
W/"da720783325824640d5868af4b16024d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jp7UNfuYYhCTgY%2F4GVyVgw1eUo8wC8pSaxxLeyJMqjY%2Frs8fVLXwAGMTFsAr3XpUUQm7OyhDU4J3OLSNyjgMoBE98o%2BgTdsPwKObewatxlIikYcqcBRkwlan202x"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400, must-revalidate
cf-ray
760b90221c527595-LHR
vaafb692b2aea4879b33c060e79fe94621666317369993
static.cloudflareinsights.com/beacon.min.js/
17 KB
6 KB
Script
General
Full URL
https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
Requested by
Host: framed.wtf
URL: https://framed.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3

Request headers

Referer
https://framed.wtf/
Origin
https://framed.wtf
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
content-encoding
gzip
last-modified
Fri, 21 Oct 2022 01:56:09 GMT
server
cloudflare
etag
W/2022.10.1
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
760b90227e860722-LHR
css2
fonts.googleapis.com/
3 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Anton&family=Quicksand:wght@500;600&display=swap
Requested by
Host: framed.wtf
URL: https://framed.wtf/_next/static/css/db5b8f318a85e932.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a5ef40eb24b6e13b9d465ffc7e24d6b54c241709c21904aa9c6f8a77607f7630
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 27 Oct 2022 12:51:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 27 Oct 2022 12:51:25 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 27 Oct 2022 12:51:25 GMT
truncated
/
78 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
eb485281714afc47547b0bfee38e7bf4a8bb241b305cbff75557dc716e52f297

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
42 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/gif
221.b9221f0e0dc9408b.js
framed.wtf/_next/static/chunks/
15 KB
6 KB
Script
General
Full URL
https://framed.wtf/_next/static/chunks/221.b9221f0e0dc9408b.js
Requested by
Host: framed.wtf
URL: https://framed.wtf/_next/static/chunks/webpack-4f1d983e64e0b154.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1e3203597f19d5f730f978389436ffcb5da41cada56c7b61dc07e2ea1c941a55
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3955
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"e64e4f94e4c27d3be871f809c0b15e97"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bPB5OcFDqZ2kbDxZfyy%2FxIqwVo2a4EdClay9yGA9MY4wyEaJVjUFODQ%2B2NgrxpbgzIgn96pR2VYnbiR6Zw9J3pWuYnE%2FLwZNJsec9fvVMp27L70%2BxuTHrkNkdTKw"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400, must-revalidate
cf-ray
760b90231dc67595-LHR
872.286d8b7069885f68.js
framed.wtf/_next/static/chunks/
73 KB
29 KB
Script
General
Full URL
https://framed.wtf/_next/static/chunks/872.286d8b7069885f68.js
Requested by
Host: framed.wtf
URL: https://framed.wtf/_next/static/chunks/webpack-4f1d983e64e0b154.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6809221c66200bb010e24ef4f8bddca4101a91d9be4daf4e561ea72148300f9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-cache-status
HIT
age
1708
etag
W/"815c117b4d5c6d36e79fe6995c7cb695"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PL6rjh8a16zqIhi3DkKjEywZ3mKF3QZqakgGa3gXByHHBGgDDkJ39XYfHs9X7SHHialj87GtyDows4mhUauH3yFxf0HfFm51uEi97vh4rAoRe5W6Ght7OL48kqnE"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400, must-revalidate
cf-ray
760b90231dc87595-LHR
561.f064bcd98e49002d.js
framed.wtf/_next/static/chunks/
4 KB
2 KB
Script
General
Full URL
https://framed.wtf/_next/static/chunks/561.f064bcd98e49002d.js
Requested by
Host: framed.wtf
URL: https://framed.wtf/_next/static/chunks/webpack-4f1d983e64e0b154.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5f434fead8bc24d955abb2164311435306173bea2330767523bbd53e4cbd04de
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-cache-status
HIT
age
5793
etag
W/"a72e6d78db40764717e9e3392a536afe"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AHqvQX%2FUfGlp%2FFnNFCQLi%2Fvl4ROu5DMj%2BHR3fKJlX1fkMQmUzGaeXZ80RdDmrV3ECp9rkrcS%2FxRWAU26vPQ7TT2i0qLuxwk1ANkHqpyACwbyPGunU8RM3q9RR6kr"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400, must-revalidate
cf-ray
760b90231dcb7595-LHR
13746.js
cdn.thisiswaldo.com/static/js/
398 KB
120 KB
Script
General
Full URL
https://cdn.thisiswaldo.com/static/js/13746.js
Requested by
Host: framed.wtf
URL: https://framed.wtf/_next/static/chunks/main-63b79767fca3418f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:2200:f:458e:2a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
80f8db8a593480cb84675a01e47d03f3c3ae4b22e4f4c665b423906369c3a2c0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 26 Oct 2022 13:14:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 26 Oct 2022 13:14:18 GMT
server
Apache/2.4.29 (Ubuntu)
via
1.1 df86e917220bc08caa68b0eb8ddabe90.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
etag
"6390a-5ebefcd61706f-gzip"
age
84996
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
x-amz-cf-id
2al2e0y4O6n98jIst_QQrdq7CghkaHykkvQn8wYK9k0ycoFahDx2FQ==
1Ptgg87LROyAm3Kz-C8.woff2
fonts.gstatic.com/s/anton/v23/
17 KB
17 KB
Font
General
Full URL
https://fonts.gstatic.com/s/anton/v23/1Ptgg87LROyAm3Kz-C8.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Anton&family=Quicksand:wght@500;600&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
feb9617bd3fcda1a52cbf8539985fddac2aaab0e6df8dbdac21ec3e9a179a4be
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://framed.wtf
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 25 Oct 2022 22:48:30 GMT
x-content-type-options
nosniff
age
136975
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17020
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 18:51:08 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 25 Oct 2023 22:48:30 GMT
shotdeck.png
framed.wtf/
1 KB
2 KB
Image
General
Full URL
https://framed.wtf/shotdeck.png?w=96&q=75
Requested by
Host: framed.wtf
URL: https://framed.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77b373cbc8ce1c3f064c48149f341ef7b7f8a468712aaf633a41de5fdfb9a5fe
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3069
content-length
1380
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
"7601d5db97199c32893d53413c9c3aa7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vgx%2BaWs27H8ozEtsKsRGgtl7T8OtCrVYotNH95hOHOENqIFOk%2BK2XY6pJkAMzgUq5o35QKGaoLBJp3Ps3leg1MIU2zOmj71xRM81mAjvKDxy9kx2xvvpJRNo%2BDOf"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=14400, must-revalidate
accept-ranges
bytes
cf-ray
760b90233df87595-LHR
archive-769371ebdcb6264c.js
framed.wtf/_next/static/chunks/pages/
0
2 KB
Other
General
Full URL
https://framed.wtf/_next/static/chunks/pages/archive-769371ebdcb6264c.js
Requested by
Host: framed.wtf
URL: https://framed.wtf/_next/static/chunks/main-63b79767fca3418f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-cache-status
HIT
age
6889
etag
W/"7246be18ac8c7166d8442f54752adfe0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xoToYRVNu4qX3u8Fi0N8Iql4e0iqYbw%2B%2BLkuzfFn5YlRny%2FT%2FHRwWE4UtNdvJg2Yc7ct7wR7HdDusH%2F%2BBLsqCRgQXxzqjLqipKogianN4PRUMRbmfrM%2BPTa1m%2FThbe7xJDx1Cy4mP4cf"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400, must-revalidate
cf-ray
760b90233dfa7595-LHR
001.jpeg
framed.wtf/images/235/
50 KB
51 KB
Image
General
Full URL
https://framed.wtf/images/235/001.jpeg?w=1920&q=75
Requested by
Host: framed.wtf
URL: https://framed.wtf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a903cbfa9355517191008b71d557ecc547638e319bec2fd371bef0abc975d0ea
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2107
content-length
51578
referrer-policy
strict-origin-when-cross-origin
cf-bgj
h2pri
server
cloudflare
etag
"65d6c0fbb8d059ba61eeaa321b31b992"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tkCHaOHsGXZwk%2FXEkF2TPArpfopQbXhUmp2PMWyQZhjORbrYDoQdCIpz8s0nUaZGkUuXNoA8Yi7KQ2y1qH0SYgbAAMgiGeOwWVJFVLpKF3%2F2omapSaNFAKz0xmnp"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=14400, must-revalidate
accept-ranges
bytes
cf-ray
760b90237e667595-LHR
archive-769371ebdcb6264c.js
framed.wtf/_next/static/chunks/pages/
3 KB
1 KB
Script
General
Full URL
https://framed.wtf/_next/static/chunks/pages/archive-769371ebdcb6264c.js
Requested by
Host: framed.wtf
URL: https://framed.wtf/_next/static/chunks/main-63b79767fca3418f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cca1f110859b143e576a0230e5cc2777e54433e395d13c11ff44b3955c208d5e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-cache-status
HIT
age
6889
etag
W/"7246be18ac8c7166d8442f54752adfe0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xoToYRVNu4qX3u8Fi0N8Iql4e0iqYbw%2B%2BLkuzfFn5YlRny%2FT%2FHRwWE4UtNdvJg2Yc7ct7wR7HdDusH%2F%2BBLsqCRgQXxzqjLqipKogianN4PRUMRbmfrM%2BPTa1m%2FThbe7xJDx1Cy4mP4cf"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400, must-revalidate
cf-ray
760b90237e7a7595-LHR
choice.js
quantcast.mgr.consensu.org/choice/fTfJtcPmQDwZG/framed.wtf/
4 KB
2 KB
Script
General
Full URL
https://quantcast.mgr.consensu.org/choice/fTfJtcPmQDwZG/framed.wtf/choice.js
Requested by
Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/static/js/13746.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:2200:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4a843829d2a7a6784b64936438383030b3161521367b2420441ad0c860f3e80d

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:50:55 GMT
content-encoding
gzip
via
1.1 bfa7dfbe8ca6d4eb3690c4c82ca6c0fa.cloudfront.net (CloudFront)
last-modified
Thu, 11 Aug 2022 00:44:37 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
age
47
x-amz-server-side-encryption
AES256
etag
W/"828fc36b31632f34b4cf3eeb0e9c996d"
vary
Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=900
cross-origin-resource-policy
cross-origin
x-amz-cf-id
CfzCl1N8W-R-ZyO1xorjemULM1nXYrI_lkijXTk5qvV6gp21S_xZ4w==
pwt.js
ads.pubmatic.com/AdServer/js/pwt/160082/7676/
200 KB
61 KB
Script
General
Full URL
https://ads.pubmatic.com/AdServer/js/pwt/160082/7676/pwt.js
Requested by
Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/static/js/13746.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.168.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-168-201.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
92f2e7a10ee598ab334b0d16191836594aa28531ff4faaa10fafdf73c80b89e1

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
content-encoding
gzip
last-modified
Thu, 18 Aug 2022 20:39:43 GMT
server
Apache
vary
Accept-Encoding
content-type
application/javascript
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=105732
accept-ranges
bytes
content-length
62282
expires
Fri, 28 Oct 2022 18:13:37 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/
79 KB
27 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/static/js/13746.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
273c6ca4dffda641149495b2c9055a594fe772c1a9b5c5dbbc0033a3842ba85b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27377
x-xss-protection
0
server
sffe
etag
"1375 / 210 of 1000 / last-modified: 1666868841"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 27 Oct 2022 12:51:25 GMT
config.js
cdn.confiant-integrations.net/x0z5MxKG38JhHvRnq2EER8cBuec/gpt_and_prebid/
68 KB
16 KB
Script
General
Full URL
https://cdn.confiant-integrations.net/x0z5MxKG38JhHvRnq2EER8cBuec/gpt_and_prebid/config.js
Requested by
Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/static/js/13746.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:116b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
57d9c95fd885a8d0eb9fa21ba4665febdb0a4231a2465dd84827c129eb25f7bf

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 27 Oct 2022 10:56:10 GMT
server
cloudflare
x-amz-request-id
6YXDHYYPFYG2SBXQ
age
417
etag
W/"f39cd14f3a4e8703da526978870c9bdb"
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=900, stale-while-revalidate=3600
cf-ray
760b9025cb614089-LHR
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
Mar0CQfQJ4aSh7sGKiy3H2l5USoowPz8ZQbald1vvq7aBPSMvnH0lc8UZMknYuQwZKoBLx1SCfE=
track-impression
thisiswaldo.com/js/
1 B
376 B
XHR
General
Full URL
https://thisiswaldo.com/js/track-impression
Requested by
Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/static/js/13746.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.15.219.226 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-15-219-226.us-east-2.compute.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff, nosniff

Request headers

Referer
https://framed.wtf/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

Date
Thu, 27 Oct 2022 12:51:25 GMT
X-Content-Type-Options
nosniff, nosniff
Server
Apache/2.4.29 (Ubuntu)
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
1
Expires
Sun, 19 Nov 1978 05:00:00 GMT
me
ipfind.co/
355 B
457 B
XHR
General
Full URL
https://ipfind.co/me?auth=3757a9b9-5759-4813-bc1a-7fa0b8ba94c1
Requested by
Host: cdn.thisiswaldo.com
URL: https://cdn.thisiswaldo.com/static/js/13746.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.9.68.145 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-9-68-145.us-west-1.compute.amazonaws.com
Software
Apache/2.4.18 (Ubuntu) /
Resource Hash
929a69d05430e5283572b54ca6e905bf51890b80f87203ec0c86aafe323db21e

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:26 GMT
content-encoding
gzip
server
Apache/2.4.18 (Ubuntu)
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://framed.wtf
cache-control
no-cache, private
access-control-allow-credentials
true
content-length
239
quant.js
secure.quantserve.com/
25 KB
10 KB
Script
General
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/fTfJtcPmQDwZG/framed.wtf/choice.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:de2e:c7b3:55c0:d5a0 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
0abcbaec606af08d6edf26147541c4b227e1ebc967bff4a32c5f802df7c76570

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
content-encoding
gzip
etag
"4r2pl9hC8uAsTuw3B5O/bA=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Thu, 03 Nov 2022 12:51:25 GMT
cmp2.js
quantcast.mgr.consensu.org/tcfv2/
177 KB
43 KB
Script
General
Full URL
https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=framed.wtf
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/fTfJtcPmQDwZG/framed.wtf/choice.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:2200:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
18040dc7cf8a8f961919c1df6335166bf87b7cc8b193145002c7d8bdc3d14c2c

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:50:37 GMT
content-encoding
br
via
1.1 bfa7dfbe8ca6d4eb3690c4c82ca6c0fa.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
age
50
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 14 Sep 2022 18:13:49 GMT
server
AmazonS3
etag
W/"6d50b90bdafc3d438c55bd915fd5301d"
access-control-max-age
86400
access-control-allow-methods
GET
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=3600
x-amz-meta-qc-ineu
True
vary
Accept-Encoding
x-amz-cf-id
j_yNZd9_UI404zLvtzlh8MQhiVj7zoWDC79HOtid5MOmkTTSJV4x2Q==
wrap.js
cdn.confiant-integrations.net/gptprebidnative/202210171204/
212 KB
66 KB
Script
General
Full URL
https://cdn.confiant-integrations.net/gptprebidnative/202210171204/wrap.js
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/x0z5MxKG38JhHvRnq2EER8cBuec/gpt_and_prebid/config.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:116b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e095f4fbb86c7318a76ae06340cfd812a5247ea02b416ed57933365d67648df7

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 17 Oct 2022 16:14:48 GMT
server
cloudflare
x-amz-request-id
1KWAF34XY9G7164Y
age
847501
etag
W/"a7af60ecf4cf095070eed6b7b3e4664d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
760b90261bd54089-LHR
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
BSEA7l5C6x6oJeGvTwZdcdGlNXnE8ZjtjGbGD7WMaQ9H5/uziyWsHpib1prBl22aqlK6/R/9j4U=
pubads_impl_2022102001.js
securepubads.g.doubleclick.net/gpt/
378 KB
128 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102001.js?cb=31070528
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
26e336b5a4bcf66f5344dab464263c6379803de92d4643ac2688dfa8190dd7dd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:48:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
149
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
130516
x-xss-protection
0
last-modified
Thu, 20 Oct 2022 08:34:56 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 27 Oct 2023 12:48:56 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/
112 B
118 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=framed.wtf
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
19e9595813e41084b46a6586136f30a90bcb121187716ac58c4ae3db78bb4cba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
93
x-xss-protection
0
expires
Thu, 27 Oct 2022 12:51:25 GMT
cmp-list.json
test.cmp.quantcast.com/GVL-v2/
10 KB
3 KB
XHR
General
Full URL
https://test.cmp.quantcast.com/GVL-v2/cmp-list.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=framed.wtf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:c200:3:a4cd:8380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a516850efa3ee956c74740838465b2d9ba0252e81a4056a3c646baaefad3d3b3

Request headers

Accept
application/json, text/plain, */*
Referer
https://framed.wtf/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 03:00:41 GMT
x-amz-version-id
kSZtBt_BZH2e6X4wkdwH4ToD1vwHbb6H
content-encoding
br
via
1.1 daa2f44af77ac5ed09ff4b0024dfcd5c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
age
35445
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Sun, 16 Oct 2022 19:52:29 GMT
server
AmazonS3
etag
W/"f44973b40f5b1f2c0d2efb33eb66a4ea"
access-control-max-age
86400
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=172800
vary
Accept-Encoding
x-amz-cf-id
Eeh1SodD3OtOJRAO_1zMAfpicA9oyXmCbPtRZ8lZTEbfhq4KlihTXQ==
rules-p-fTfJtcPmQDwZG.js
rules.quantcount.com/
160 B
641 B
Script
General
Full URL
https://rules.quantcount.com/rules-p-fTfJtcPmQDwZG.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:219c:ae00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
922b0d2d4adb5ed473a915258165047db5642276b6edad0dc15a0d47ed4ea19c

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:41:51 GMT
via
1.1 35b5a9b189a6667de8569afe15ded36a.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG3-C2
age
649
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
160
last-modified
Fri, 14 Oct 2022 06:30:36 GMT
server
AmazonS3
etag
"65712c30333d33050e268b43b70b60ea"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
x-amz-cf-id
A-mFLXb7xY8GNn4JKsdO5SUb1bmigSByv55UCmJVEGXp7sgo1FZ5kA==
cmp2ui-en.js
cmp.quantcast.com/tcfv2/44/
248 KB
64 KB
Script
General
Full URL
https://cmp.quantcast.com/tcfv2/44/cmp2ui-en.js
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=framed.wtf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:7800:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ac5aac3b3876821a8dd731f14444b317ce82c031857398f4e3f2bca0b9cde20e

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 25 Oct 2022 20:21:50 GMT
content-encoding
gzip
via
1.1 0d5d2d408eb42296c7636196e25ef8a2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
age
161412
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Wed, 14 Sep 2022 18:13:35 GMT
server
AmazonS3
etag
W/"c26dab36f353a381230d68d0a5c0fa59"
access-control-max-age
86400
access-control-allow-methods
GET
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800
vary
Accept-Encoding
x-amz-cf-id
LPMN2PPkBVZBdwvy7Wh-3wPASAkuLv5gRTp_4kdMCk6AmyPoNkbx0Q==
vendor-list-trimmed-v1.json
cmp.quantcast.com/GVL-v2/
344 KB
42 KB
XHR
General
Full URL
https://cmp.quantcast.com/GVL-v2/vendor-list-trimmed-v1.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=framed.wtf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:7800:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a56f508328de4f2e4f3b46d8b66e47bfb811d7feba1494e2286b106f7afa7d95

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 03:00:42 GMT
content-encoding
br
via
1.1 cb1bcb02f5d0667fafd0890701965f18.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
age
35445
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Thu, 27 Oct 2022 03:00:33 GMT
server
AmazonS3
etag
W/"392d83cf316029d4698dc55bfdbd0c90"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
vary
Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
-TkrOqe4v0oSoY7gQwKGF6OmL_LdCpC5YSUsdn3xMXrcFp5r7vTK1A==
google-atp-list.json
cmp.quantcast.com/tcfv2/
151 KB
36 KB
XHR
General
Full URL
https://cmp.quantcast.com/tcfv2/google-atp-list.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=framed.wtf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:7800:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
13d358cb1bfedfd784d1b178d8edb89a01d1226eac18db3ed1bb0d055319d4ec

Request headers

Accept
application/json, text/plain, */*
Referer
https://framed.wtf/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 03:01:35 GMT
content-encoding
br
via
1.1 cb1bcb02f5d0667fafd0890701965f18.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
age
35392
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Thu, 27 Oct 2022 03:01:33 GMT
server
AmazonS3
etag
W/"6e00d81229963f8ec69beb244de7d635"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
vary
Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
Ywh2cBPSpXWYBev105wbz8mspRbUiwENzCLtuIo2EQozOT9c3k1Tig==
/
audit-tcfv2.cmp.quantcast.com/
2 B
101 B
XHR
General
Full URL
https://audit-tcfv2.cmp.quantcast.com/?log=%7B%22accountId%22%3A%22fTfJtcPmQDwZG%22%2C%22domain%22%3A%22framed.wtf%22%2C%22publisher%22%3A%22%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.44%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%227bnWU4gIqL1lnVt05b%2BUng%22%2C%22clientTimestamp%22%3A1666875086276%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-juzysqx3vfgl8ve1xqxn%22%7D
Requested by
Host: cmp.quantcast.com
URL: https://cmp.quantcast.com/tcfv2/44/cmp2ui-en.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.156.50.186 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-50-186.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept
application/json, text/plain, */*
Referer
https://framed.wtf/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 27 Oct 2022 12:51:26 GMT
content-length
2
content-type
text/plain; charset=utf-8
rum
framed.wtf/cdn-cgi/
0
178 B
XHR
General
Full URL
https://framed.wtf/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://framed.wtf/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
content-type
application/json

Response headers

date
Thu, 27 Oct 2022 12:51:26 GMT
x-content-type-options
nosniff
server
cloudflare
vary
Origin
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://framed.wtf
x-frame-options
DENY
access-control-allow-credentials
true
cf-ray
760b90298fb87595-LHR
js
www.googletagmanager.com/gtag/
216 KB
76 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-S57DN4M8WD
Requested by
Host: framed.wtf
URL: https://framed.wtf/_next/static/chunks/main-63b79767fca3418f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6cf2fac7492163218358af4e09c81a06f4d80b1e239b6053f48946dec4e38ab3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:26 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
77324
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 27 Oct 2022 12:51:26 GMT
js
www.googletagmanager.com/gtag/
109 KB
43 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-242572032-1&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S57DN4M8WD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
82e0afb120af5815303084c156d8f4001d82e1ca63d487424d64c32e4c67d3e2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 12:51:26 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43627
x-xss-protection
0
last-modified
Thu, 27 Oct 2022 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 27 Oct 2022 12:51:26 GMT
collect
region1.google-analytics.com/g/
0
343 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-S57DN4M8WD&gtm=2oeaq0&_p=1676650576&cid=1618154230.1666875087&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1666875086&sct=1&seg=0&dl=https%3A%2F%2Fframed.wtf%2F&dt=Framed%20-%20The%20daily%20movie%20guessing%20game&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S57DN4M8WD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Oct 2022 12:51:26 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://framed.wtf
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-242572032-1&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 27 Oct 2022 11:01:58 GMT
last-modified
Tue, 27 Sep 2022 22:01:05 GMT
server
Golfe2
age
6568
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20039
expires
Thu, 27 Oct 2022 13:01:58 GMT
collect
www.google-analytics.com/j/
1 B
21 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1676650576&t=pageview&_s=1&dl=https%3A%2F%2Fframed.wtf%2F&ul=en-us&de=UTF-8&dt=Framed%20-%20The%20daily%20movie%20guessing%20game&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1972666175&gjid=1043017632&cid=1618154230.1666875087&tid=UA-242572032-1&_gid=354705344.1666875087&_r=1&gtm=2ouaq0&z=1517085430
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://framed.wtf/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 27 Oct 2022 12:51:27 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://framed.wtf
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
json
gum.criteo.com/sid/
0
0
Preflight
General
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fframed.wtf%2F&domain=framed.wtf&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://framed.wtf
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://framed.wtf
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Thu, 27 Oct 2022 12:51:27 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
562669
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
sid
mug.criteo.com/
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fframed.wtf%2F&domain=framed.wtf&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=UAVgyXxmYUw4ZzFweFZheGQ2VkFoUE9tMmlBUE0vOGlHUkpNQVNTV21PL1JPNjNrV2ZUSTRCM3pxZWhnUGZZSGFiclk2RHZtaFZKSE5jUWVsenVQODZsdlZjb0lGeUtUbVNvbElPRHhKdkNqMWJRdDl1bjRVZ0V1T3lrSS...
367 B
653 B
XHR
General
Full URL
https://mug.criteo.com/sid?cpp=UAVgyXxmYUw4ZzFweFZheGQ2VkFoUE9tMmlBUE0vOGlHUkpNQVNTV21PL1JPNjNrV2ZUSTRCM3pxZWhnUGZZSGFiclk2RHZtaFZKSE5jUWVsenVQODZsdlZjb0lGeUtUbVNvbElPRHhKdkNqMWJRdDl1bjRVZ0V1T3lrSStyUGtSOVVUbXpiUHBJU3Vsc1NSS3E3eWdGY2pTdTdZcDU2QlhqMDdVSCsvQnh3ZitUN0k1YW9aaTVpcU1NY3V4UVUzSDk5ZURqeG52bWwvWlY3MUd5SDRxSkZyWjcvU1l5MDUzYS92ZzhsQXY0OExiYjVzPXw&cppv=2
Protocol
H2
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
44369fff21c6831ff28ee38417f27f62f2ec2631d60834c759332ff29e6853f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://framed.wtf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Oct 2022 12:51:27 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1366596
expires
0

Redirect headers

pragma
no-cache
date
Thu, 27 Oct 2022 12:51:27 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
access-control-allow-methods
GET
location
https://mug.criteo.com/sid?cpp=UAVgyXxmYUw4ZzFweFZheGQ2VkFoUE9tMmlBUE0vOGlHUkpNQVNTV21PL1JPNjNrV2ZUSTRCM3pxZWhnUGZZSGFiclk2RHZtaFZKSE5jUWVsenVQODZsdlZjb0lGeUtUbVNvbElPRHhKdkNqMWJRdDl1bjRVZ0V1T3lrSStyUGtSOVVUbXpiUHBJU3Vsc1NSS3E3eWdGY2pTdTdZcDU2QlhqMDdVSCsvQnh3ZitUN0k1YW9aaTVpcU1NY3V4UVUzSDk5ZURqeG52bWwvWlY3MUd5SDRxSkZyWjcvU1l5MDUzYS92ZzhsQXY0OExiYjVzPXw&cppv=2
access-control-allow-origin
https://framed.wtf
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
599284
content-length
0
expires
0
envelope
api.rlcdn.com/api/identity/
0
0

id
id.crwdcntrl.net/
63 B
332 B
XHR
General
Full URL
https://id.crwdcntrl.net/id
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/160082/7676/pwt.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.251.218.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-251-218-252.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
cac42c91a84b2ae392b4f0ee6ddb21b74025b282c8c61d58aca30160f124c6b6

Request headers

Referer
https://framed.wtf/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 27 Oct 2022 12:51:28 GMT
server
Jetty(9.4.38.v20210224)
content-type
application/json;charset=utf-8
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://framed.wtf
cache-control
no-cache
x-server
10.45.6.9
access-control-allow-credentials
true
content-length
63
expires
0
rid
match.adsrvr.org/track/
63 B
386 B
XHR
General
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/160082/7676/pwt.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
2c4ea33afa5b9533dc6916f8b995ecb5294b4480626344e65c2d41222bf6ec5b

Request headers

Referer
https://framed.wtf/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 27 Oct 2022 12:51:28 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://framed.wtf
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
63
expires
Sat, 26 Nov 2022 12:51:28 GMT
sid
mug.criteo.com/
0
0
Preflight
General
Full URL
https://mug.criteo.com/sid?cpp=UAVgyXxmYUw4ZzFweFZheGQ2VkFoUE9tMmlBUE0vOGlHUkpNQVNTV21PL1JPNjNrV2ZUSTRCM3pxZWhnUGZZSGFiclk2RHZtaFZKSE5jUWVsenVQODZsdlZjb0lGeUtUbVNvbElPRHhKdkNqMWJRdDl1bjRVZ0V1T3lrSStyUGtSOVVUbXpiUHBJU3Vsc1NSS3E3eWdGY2pTdTdZcDU2QlhqMDdVSCsvQnh3ZitUN0k1YW9aaTVpcU1NY3V4UVUzSDk5ZURqeG52bWwvWlY3MUd5SDRxSkZyWjcvU1l5MDUzYS92ZzhsQXY0OExiYjVzPXw&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Thu, 27 Oct 2022 12:51:27 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
762043
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
localstore.js
script.4dex.io/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
api.rlcdn.com
URL
https://api.rlcdn.com/api/identity/envelope?pid=1258
Domain
script.4dex.io
URL
https://script.4dex.io/localstore.js

Verdicts & Comments Add Verdict or Comment

160 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| webpackChunk_N_E object| regeneratorRuntime object| __NEXT_DATA__ function| __SSG_MANIFEST_CB object| __NEXT_P object| next object| _N_E function| __NEXT_PRELOADREADY object| __BUILD_MANIFEST object| __SSG_MANIFEST object| __MIDDLEWARE_MANIFEST object| __cfBeacon function| adDomainCheck function| waldoIsInArray function| waldoInitScripts function| waldoSetTagsOnPage function| isElementInViewport function| isElementInViewportTest function| isElementInViewport2 function| waldoInitScroll function| waldoRefreshIfViewable function| waldoSlotRenderEnded function| waldoInitGPT function| waldoInitGPTSingleSlot function| waldoAddSelectMediaCookie function| fetchHeaderBids function| waldoTriggerHB function| waldoAddCloseBtn function| waldoPassbackCheck function| waldoAdxClickFraud function| waldoAdxClickFraudRefresh function| waldoClickFraudNetworkWide function| waldoDelayAdClicks function| waldoInitTags function| hbRefreshBid function| waldoApplyBidGeoRestrictions function| hbRandomMinMaxRefreshMulti function| hbRandomMinMaxRefresh function| hbRandomMinMaxRefreshOnView function| getRandomNumber function| waldoGeoBidsCheck function| waldoGetUserData function| waldoLoadSlot function| waldoCreateCookie function| waldoReadCookie function| waldoEmailDetected function| waldoRecordImpression function| waldoAddCCPAWidget function| waldoSetPbjsUSPString number| refEn string| updateDate number| tagsInitDone object| gptAdSlots string| adDomain object| waldoBreakpoints number| domainValid number| PREBID_TIMEOUT number| interstitialDone object| waldoTimeOuts object| waldoAdRefreshes object| waldoAdXRefreshes object| allAdUnits object| blockAdsOn number| adTagsInitFlag number| siteId number| bidDivAvailable object| waldoTagsStatus object| googletag object| pbjs number| switchUserSync number| waldoImpressionDone string| blockedPageAds number| waldoGDPR object| waldoCountry object| waldoContinent object| waldoDataPointsDone number| closeBtnAdded object| unlimitedRefGeos object| waldoBlockRequestGeos object| waldoNoRefreshGeos object| waldoRefreshOnScollGeos object| waldoGPTSlots object| waldoTagsOnPage object| waldoSlotIds object| waldoDefinedSlots object| waldoAdUnitsAddedToPbjs object| waldoAdRefreshesOnView number| waldoCCPAWidgetAdded undefined| oriRenderAd undefined| waldoVideoSlot number| cmpVersion number| cmpFailureTimeout string| webInterstitialAdId object| waldoScrollSticky number| adTagsInitFinished number| adxOrderId number| enVariableHeightFix number| delayAdClicks number| allowAdClicks object| delayAdClickTimers number| delayAdClickSecs boolean| loadedOnAction boolean| loadOnAction number| waldoScrollRefreshEnabled boolean| waldoBlockRequests boolean| waldoNoRefresh number| waldoDisableGeoRestrictions object| countriesToExclude number| browserWidth object| adUnits object| passbackAdUnits undefined| affiliateBanners number| waldoCheckIndividualImps string| waldoOriPathName object| waldo function| __tcfapi function| __uspapi object| pbjsChunk object| _pbjsGlobals object| ADAGIO object| mnet string| nobidVersion object| nobid number| index object| _qevents object| confiant object| ggeac object| google_tag_data object| google_js_reporting_queue function| __tcfapiui object| IHPWT object| ihowpbjsChunk object| ihowpbjs string| partnerName string| key function| quantserve function| __qc object| ezt object| _qoptions undefined| google_measure_js_timing function| gtag object| dataLayer object| google_tag_manager function| onYouTubeIframeAPIReady object| gaGlobal string| GoogleAnalyticsObject function| ga object| gaplugins object| gaData

15 Cookies

Domain/Path Name / Value
framed.wtf/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.framed.wtf/ Name: _pubcid
Value: 81990000-ebc0-4714-93a1-c00920e38388
framed.wtf/ Name: waldo_country
Value: GB
framed.wtf/ Name: waldo_continent
Value: EU
framed.wtf/ Name: waldo_region
Value: ENG
.framed.wtf/ Name: _ga_S57DN4M8WD
Value: GS1.1.1666875086.1.0.1666875086.0.0.0
.framed.wtf/ Name: _ga
Value: GA1.2.1618154230.1666875087
.framed.wtf/ Name: _gid
Value: GA1.2.354705344.1666875087
.framed.wtf/ Name: _gat_gtag_UA_242572032_1
Value: 1
framed.wtf/ Name: _lr_retry_request
Value: true
framed.wtf/ Name: _lr_env_src_ats
Value: false
framed.wtf/ Name: pbjs-unifiedid
Value: %7B%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222022-10-27T12%3A51%3A28%22%7D
.framed.wtf/ Name: panoramaId_expiry
Value: 1666961488035
.framed.wtf/ Name: cto_bundle
Value: kffCVl9KV3dva2o3JTJCTGdhM2VwMEZscDBBeWJJQWo4aVlnanNhUHklMkIxckxFTnhFUDVleFp4SEtNUXZETEFQamltZGNFR3Z6c3J6OVdQT3dpWk9GSjcwSUFEMlpSMjIlMkIySjNIQjAzS0h1TnpaJTJCJTJGeGdWY3VzNk40R1A5aXdMc3RCZVc4enA
.framed.wtf/ Name: cto_bidid
Value: JGPNe18zNVVYVkRhdFhxWVJjRE1ZSTUlMkJsU2VnMk5FbWRuWHhHT1RMZzJWMUFLZG9kOW9rcEVoOSUyQmVYdVRQJTJGVmFKUWVPODRDcWU5eVh6ZXVvJTJCMm8xeWlYRzRBJTNEJTNE

2 Console Messages

Source Level URL
Text
javascript error URL: https://framed.wtf/
Message:
Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=1258' from origin 'https://framed.wtf' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=1258
Message:
Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.pubmatic.com
api.rlcdn.com
audit-tcfv2.cmp.quantcast.com
cdn.confiant-integrations.net
cdn.thisiswaldo.com
cmp.quantcast.com
fonts.googleapis.com
fonts.gstatic.com
framed.wtf
gum.criteo.com
id.crwdcntrl.net
ipfind.co
match.adsrvr.org
mug.criteo.com
quantcast.mgr.consensu.org
region1.google-analytics.com
rules.quantcount.com
script.4dex.io
secure.quantserve.com
securepubads.g.doubleclick.net
static.cloudflareinsights.com
test.cmp.quantcast.com
thisiswaldo.com
www.google-analytics.com
www.googletagmanager.com
api.rlcdn.com
script.4dex.io
15.197.193.217
178.250.0.157
18.156.50.186
2001:4860:4802:34::36
2600:9000:2057:2200:f:458e:2a80:93a1
2600:9000:211e:2200:9:46dc:4700:93a1
2600:9000:211e:7800:9:46dc:4700:93a1
2600:9000:211e:c200:3:a4cd:8380:93a1
2600:9000:219c:ae00:6:44e3:f8c0:93a1
2606:4700:20::681a:b59
2606:4700::6810:3865
2606:4700::6812:116b
2620:116:800d:21:de2e:c7b3:55c0:d5a0
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2003
2a00:1450:4001:830::2008
2a00:1450:4001:830::200a
2a00:1450:4001:831::2002
2a02:2638:1::13
34.251.218.252
52.15.219.226
52.9.68.145
88.221.168.201
0abcbaec606af08d6edf26147541c4b227e1ebc967bff4a32c5f802df7c76570
0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3
13d358cb1bfedfd784d1b178d8edb89a01d1226eac18db3ed1bb0d055319d4ec
18040dc7cf8a8f961919c1df6335166bf87b7cc8b193145002c7d8bdc3d14c2c
19e9595813e41084b46a6586136f30a90bcb121187716ac58c4ae3db78bb4cba
1e3203597f19d5f730f978389436ffcb5da41cada56c7b61dc07e2ea1c941a55
26e336b5a4bcf66f5344dab464263c6379803de92d4643ac2688dfa8190dd7dd
273c6ca4dffda641149495b2c9055a594fe772c1a9b5c5dbbc0033a3842ba85b
2c4ea33afa5b9533dc6916f8b995ecb5294b4480626344e65c2d41222bf6ec5b
44369fff21c6831ff28ee38417f27f62f2ec2631d60834c759332ff29e6853f2
4a843829d2a7a6784b64936438383030b3161521367b2420441ad0c860f3e80d
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57d9c95fd885a8d0eb9fa21ba4665febdb0a4231a2465dd84827c129eb25f7bf
5f434fead8bc24d955abb2164311435306173bea2330767523bbd53e4cbd04de
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6cf2fac7492163218358af4e09c81a06f4d80b1e239b6053f48946dec4e38ab3
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
77b373cbc8ce1c3f064c48149f341ef7b7f8a468712aaf633a41de5fdfb9a5fe
80f8db8a593480cb84675a01e47d03f3c3ae4b22e4f4c665b423906369c3a2c0
82e0afb120af5815303084c156d8f4001d82e1ca63d487424d64c32e4c67d3e2
8e4ff4be2cc571fda16a38af76e4fe93bfa7b9c32a231e51e21387b4bd35692b
8e89e1175a6145d737446d673ffa073f4c469c8fe3972f5287b1e7e9b241282b
922b0d2d4adb5ed473a915258165047db5642276b6edad0dc15a0d47ed4ea19c
929a69d05430e5283572b54ca6e905bf51890b80f87203ec0c86aafe323db21e
92f2e7a10ee598ab334b0d16191836594aa28531ff4faaa10fafdf73c80b89e1
983db33ba0be052bc481894c2f52fefea786909d6c90f8782552427714de49c3
a516850efa3ee956c74740838465b2d9ba0252e81a4056a3c646baaefad3d3b3
a56f508328de4f2e4f3b46d8b66e47bfb811d7feba1494e2286b106f7afa7d95
a5ef40eb24b6e13b9d465ffc7e24d6b54c241709c21904aa9c6f8a77607f7630
a637e596681ed9976af5267d2e8b7f07c3bef2d0e8404160c46ab14b99c317cf
a903cbfa9355517191008b71d557ecc547638e319bec2fd371bef0abc975d0ea
ac5aac3b3876821a8dd731f14444b317ce82c031857398f4e3f2bca0b9cde20e
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
c52adb4af77b473dc2143b4edd8c227f0359af631f415a78da811d4419ecbfaf
cac42c91a84b2ae392b4f0ee6ddb21b74025b282c8c61d58aca30160f124c6b6
cca1f110859b143e576a0230e5cc2777e54433e395d13c11ff44b3955c208d5e
d0e216b2bddb39c2382d912dd8746875f4d638a0a3a3fb1480ad4bc8aa79e12a
d18a51022cad31a082121a039cea94605f0a4798cb543b527d25f52599eff81e
de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a
e095f4fbb86c7318a76ae06340cfd812a5247ea02b416ed57933365d67648df7
e385b1573271e796607e24414c53d0db2ab9ae5da1c207725601c596255919ef
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6809221c66200bb010e24ef4f8bddca4101a91d9be4daf4e561ea72148300f9
eb485281714afc47547b0bfee38e7bf4a8bb241b305cbff75557dc716e52f297
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5343063dba417136e1ff9732d3dd0d3f9be1f53024d618b0f7e8931166df252
fe526bc3f526ec0fbeb6d7324c8efeb5ee159286703c25afb8898d982a24d4fc
feb9617bd3fcda1a52cbf8539985fddac2aaab0e6df8dbdac21ec3e9a179a4be