tw.observer Open in urlscan Pro
2606:4700:30::681c:cfe Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://tw.observer/
Effective URL:
https://tw.observer/
Submission: On June 03 via manual (June 3rd 2019, 3:22:19 pm UTC) from US

Summary HTTP 22 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 12 IPs in 5 countries across 12 domains to perform 22 HTTP transactions. The main IP is 2606:4700:30::681c:cfe, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is tw.observer.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on June 3rd 2019. Valid for: 6 months.

This is the only time tw.observer was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:30:... 2606:4700:30::681c:dfe	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
8	2606:4700:30:... 2606:4700:30::681c:cfe	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:819::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
1	172.217.21.194 172.217.21.194	15169 (GOOGLE) (GOOGLE - Google LLC)
3	2a04:4e42::621 2a04:4e42::621	54113 (FASTLY) (FASTLY - Fastly)
1 2	2a00:1450:400... 2a00:1450:4001:814::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:81e::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:400c:c06::9d	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:821::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:824::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2606:2800:234... 2606:2800:234:1f1f:1754:1fef:718:1223	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
1	95.211.229.246 95.211.229.246	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1	35.206.81.245 35.206.81.245	19527 (GOOGLE-2) (GOOGLE-2 - Google LLC)
1	2606:4700:30:... 2606:4700:30::681c:1c04	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
22	12

1 2606:4700:30::681c:dfe (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

tw.observer	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:30::681c:cfe (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

tw.observer	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.21.194 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s12-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:4e42::621 (Ascension Island)

ASN54113 (FASTLY - Fastly, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:814::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9d (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:234:1f1f:1754:1fef:718:1223 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

ads.exoclick.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.211.229.246 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

syndication.exoclick.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.206.81.245 (Mountain View, United States)

ASN19527 (GOOGLE-2 - Google LLC, US)
PTR: 245.81.206.35.bc.googleusercontent.com

codeadnetwork.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:30::681c:1c04 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

crrepo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	tw.observer 1 redirects tw.observer	97 KB
3	jsdelivr.net cdn.jsdelivr.net	9 KB
2	exoclick.com ads.exoclick.com syndication.exoclick.com	14 KB
2	google.de www.google.de adservice.google.de	280 B
2	google.com 1 redirects www.google.com adservice.google.com	351 B
2	google-analytics.com 1 redirects www.google-analytics.com	17 KB
1	crrepo.com crrepo.com	45 KB
1	codeadnetwork.com codeadnetwork.com	137 B
1	doubleclick.net 1 redirects stats.g.doubleclick.net	165 B
1	gstatic.com fonts.gstatic.com	60 KB
1	googlesyndication.com pagead2.googlesyndication.com	33 KB
1	googleapis.com fonts.googleapis.com	419 B
22	12

	Domain	Requested by
9	tw.observer	1 redirects tw.observer
3	cdn.jsdelivr.net	tw.observer
2	www.google-analytics.com	1 redirects tw.observer
1	crrepo.com
1	codeadnetwork.com
1	syndication.exoclick.com	ads.exoclick.com
1	ads.exoclick.com	tw.observer
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	www.google.de	tw.observer
1	www.google.com	1 redirects
1	stats.g.doubleclick.net	1 redirects
1	fonts.gstatic.com	tw.observer
1	pagead2.googlesyndication.com	tw.observer
1	fonts.googleapis.com	tw.observer
22	15

This site contains links to these domains. Also see Links.

Domain
www.facebook.com

Subject Issuer	Validity	Valid
sni62506.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-06-03` - `2019-12-10`	6 months	crt.sh
*.googleapis.com Google Internet Authority G3	`2019-05-14` - `2019-08-06`	3 months	crt.sh
*.g.doubleclick.net Google Internet Authority G3	`2019-05-14` - `2019-08-06`	3 months	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-05-29` - `2020-04-23`	a year	crt.sh
*.google-analytics.com Google Internet Authority G3	`2019-05-14` - `2019-08-06`	3 months	crt.sh
*.google.com Google Internet Authority G3	`2019-05-14` - `2019-08-06`	3 months	crt.sh
www.google.de Google Internet Authority G3	`2019-05-14` - `2019-08-06`	3 months	crt.sh
*.exoclick.com DigiCert SHA2 Secure Server CA	`2017-12-12` - `2020-12-16`	3 years	crt.sh
codeadnetwork.com COMODO RSA Domain Validation Secure Server CA	`2018-07-11` - `2020-07-10`	2 years	crt.sh
sni110177.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-05-06` - `2019-11-12`	6 months	crt.sh

This page contains 2 frames:

Primary Page: https://tw.observer/
Frame ID: FD9CEC2779963A0043726C7B1D0F7B41
Requests: 17 HTTP requests in this frame

Frame: https://tw.observer/ad/normal.html
Frame ID: 89D4AB08FFDEE3A2197F7155A1A13773
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://tw.observer/ HTTP 301
https://tw.observer/ Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i
env /^google_ad_/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

webpack (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

env /^webpackJsonp$/i

Page Statistics

22
Requests

100 %
HTTPS

80 %
IPv6

12
Domains

15
Subdomains

12
IPs

5
Countries

275 kB
Transfer

648 kB
Size

4
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/v2.9/dialog/oauth?client_id=715619321959330&scope=email&redirect_uri=https://tw.observer/login
Title: 登入

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://tw.observer/ HTTP 301
https://tw.observer/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13

https://www.google-analytics.com/r/collect?v=1&_v=j76&a=83383713&t=pageview&_s=1&dl=https%3A%2F%2Ftw.observer%2F&ul=en-us&de=UTF-8&dt=%E6%B7%B1%E5%8D%A1&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAEAB~&jid=592746053&gjid=694284829&cid=1608275181.1559575321&tid=UA-101083363-1&_gid=190920032.1559575321&_r=1&z=1603494448 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-101083363-1&cid=1608275181.1559575321&jid=592746053&_gid=190920032.1559575321&gjid=694284829&_v=j76&z=1603494448 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-101083363-1&cid=1608275181.1559575321&jid=592746053&_v=j76&z=1603494448 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-101083363-1&cid=1608275181.1559575321&jid=592746053&_v=j76&z=1603494448&slf_rd=1&random=607171175

22 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
tw.observer/
Redirect Chain

http://tw.observer/
https://tw.observer/

12 KB
4 KB

644ms
544ms

Document
text/html

2606:4700:30::681c:cfe
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.observer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681c:cfe , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

02fd054a37bb2b31eb088887dd2c72a6ebea1419881f537dbd886e986caf0c01

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

:method: GET
:authority: tw.observer
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Mon, 03 Jun 2019 15:21:57 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=dcc0cfc39a57c8ee9bc35630664deb3271559575317; expires=Tue, 02-Jun-20 15:21:57 GMT; path=/; domain=.tw.observer; HttpOnly
cache-control: max-age=300
cf-cache-status: EXPIRED
strict-transport-security: max-age=2592000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 4e12a8e57e82c2db-FRA
content-encoding: br

Redirect headers

Date: Mon, 03 Jun 2019 15:21:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 03 Jun 2019 16:21:57 GMT
Location: https://tw.observer/
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 4e12a8e4c927d6d5-FRA

GET
H2 200 manifest.843b95450105d616c4e5.js Show response
tw.observer/static/js/ 1 KB
893 B 15ms
14ms Script
application/javascript 2606:4700:30::681c:cfe
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.observer/static/js/manifest.843b95450105d616c4e5.js

Requested by

Host: tw.observer
URL: https://tw.observer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681c:cfe , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

57748e3cd2ec90a9dedbf3639026bb1cd2132c7a9655fbe11018d9c1aa51aa01

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://tw.observer/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 03 Jun 2019 15:21:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 26 Sep 2017 01:13:51 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=2592000
cf-ray: 4e12a8e90a48c2db-FRA

GET
H2 200 vendor.1060a1b436c75c77e59f.js Show response
tw.observer/static/js/ 183 KB
60 KB 16ms
15ms Script
application/javascript 2606:4700:30::681c:cfe
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.observer/static/js/vendor.1060a1b436c75c77e59f.js

Requested by

Host: tw.observer
URL: https://tw.observer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681c:cfe , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2b100e1d50de722ecb299b2b03897ae2d710ddf5fcc91451bc44555476ef63d

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://tw.observer/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 03 Jun 2019 15:21:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 26 Sep 2017 01:13:51 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=2592000
cf-ray: 4e12a8e90a4cc2db-FRA

GET
H2 200 app.ab8523ff8aa34a8f5407.js Show response
tw.observer/static/js/ 153 KB
26 KB 23ms
22ms Script
application/javascript 2606:4700:30::681c:cfe
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.observer/static/js/app.ab8523ff8aa34a8f5407.js

Requested by

Host: tw.observer
URL: https://tw.observer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681c:cfe , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

05c2fd3fbc1cb2784bfbfff18242f5b324fedfe5cb2ee24c9ad3bab48c25322c

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://tw.observer/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 03 Jun 2019 15:21:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 26 Sep 2017 01:13:51 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=2592000
cf-ray: 4e12a8e90a4dc2db-FRA

GET
H2 200 icon
fonts.googleapis.com/ 574 B
419 B 36ms
26ms Stylesheet
text/css 2a00:1450:4001:819::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: tw.observer
URL: https://tw.observer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

8d750d26dce2ca11e8dde5cb2686a55c9d87281ff7acdea19342beebe04ebf55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://tw.observer/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 03 Jun 2019 15:21:57 GMT
server: ESF
access-control-allow-origin: *
date: Mon, 03 Jun 2019 15:21:57 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Mon, 03 Jun 2019 15:21:57 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 88 KB
33 KB 67ms
29ms Script
text/javascript 172.217.21.194
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tw.observer
URL: https://tw.observer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s12-in-f2.1e100.net

Software

cafe /

Resource Hash

0e127a267638382d3f53b4c6097764814abee72496112ff384803e8cc30d0a7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw.observer/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 03 Jun 2019 15:21:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 33166
x-xss-protection: 0
server: cafe
etag: 10167454169613984542
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 03 Jun 2019 15:21:57 GMT

GET
H2 200 app.ce0883376a91c769d5140f4b908f81a9.css
tw.observer/static/css/ 16 KB
4 KB 33ms
24ms Stylesheet
text/css 2606:4700:30::681c:cfe
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.observer/static/css/app.ce0883376a91c769d5140f4b908f81a9.css

Requested by

Host: tw.observer
URL: https://tw.observer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681c:cfe , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a29b9ec5eb0c669386117441b14f83b25b2a06715e3209337b1e9115f5aad8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://tw.observer/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 03 Jun 2019 15:21:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 26 Sep 2017 01:13:51 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=2592000
cf-ray: 4e12a8e91a7fc2db-FRA

GET
H2 200 1f469-1f3fb-1f3eb.png
cdn.jsdelivr.net/emojione/assets/3.1/png/128/ 4 KB
4 KB 18ms
16ms Image
image/png 2a04:4e42::621
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.jsdelivr.net/emojione/assets/3.1/png/128/1f469-1f3fb-1f3eb.png

Requested by

Host: tw.observer
URL: https://tw.observer/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

ac726518ac5a10883a573b72237592c5ec0b4aa53f1b3ec19aaf61da79cd90ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tw.observer/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
etag: W/"f02-XWCi1ISpsYKwyU7cGKzPgDCDJA0"
vary: Accept-Encoding
x-cache: HIT, HIT
content-type: image/png
status: 200
access-control-expose-headers: *
cache-control: public, max-age=31536000
date: Mon, 03 Jun 2019 15:21:57 GMT
accept-ranges: bytes
timing-allow-origin: *
content-length: 3842
x-served-by: cache-ams21024-AMS, cache-fra19148-FRA

GET
H2 200 1f603.png
cdn.jsdelivr.net/emojione/assets/3.1/png/128/ 3 KB
3 KB 12ms
7ms Image
image/png 2a04:4e42::621
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.jsdelivr.net/emojione/assets/3.1/png/128/1f603.png

Requested by

Host: tw.observer
URL: https://tw.observer/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

5f6e0b38adf7ddd316cc4d107ae3a9f131d86761570f5a6e1337a1536ef9d33c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tw.observer/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-cache: HIT, HIT
status: 200
date: Mon, 03 Jun 2019 15:21:57 GMT
content-length: 3003
x-served-by: cache-ams21022-AMS, cache-fra19148-FRA
jsd-meta: 1553647777437, 7bb68d0a491d, pr, /3.1/png/128/1f603.png, 0
etag: W/"bbb-atxhV5YU/rpdNiqeL9DxGwbpqQo"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 1f64f.png
cdn.jsdelivr.net/emojione/assets/3.1/png/128/ 2 KB
2 KB 48ms
12ms Image
image/png 2a04:4e42::621
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.jsdelivr.net/emojione/assets/3.1/png/128/1f64f.png

Requested by

Host: tw.observer
URL: https://tw.observer/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

32c8ab3bc07ceef6a1d40d9c185fd2a89116bef3627cd465688c08e9899e7ebf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tw.observer/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
etag: W/"8ab-2605PIOUU+m038qO6DytrC38u6o"
vary: Accept-Encoding
x-cache: HIT, HIT
content-type: image/png
status: 200
access-control-expose-headers: *
cache-control: public, max-age=31536000
date: Mon, 03 Jun 2019 15:21:58 GMT
accept-ranges: bytes
timing-allow-origin: *
content-length: 2219
x-served-by: cache-ams21051-AMS, cache-fra19148-FRA

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 42ms
7ms Script
text/javascript 2a00:1450:4001:814::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: tw.observer
URL: https://tw.observer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8f88cb7a1cd4134f5d616b9fca90b9069fa16c162b7ae66ba1b500c490b41dd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tw.observer/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 21 May 2019 23:53:44 GMT
server: Golfe2
age: 6563
date: Mon, 03 Jun 2019 13:32:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 17595
expires: Mon, 03 Jun 2019 15:32:35 GMT

GET
H2 200 detect-private-browsing.js
tw.observer/static/test/ 0
729 B 42ms
18ms Other
application/javascript 2606:4700:30::681c:cfe
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.observer/static/test/detect-private-browsing.js

Requested by

Host: tw.observer
URL: https://tw.observer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681c:cfe , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Purpose: prefetch
Referer: https://tw.observer/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 03 Jun 2019 15:21:58 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 26 Sep 2017 01:13:51 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=600
strict-transport-security: max-age=2592000
cf-ray: 4e12a8e98c3fc2db-FRA

GET
H2 200 normal.html Show response
tw.observer/ad/ Frame 89D4 930 B
483 B 30ms
17ms Document
text/html 2606:4700:30::681c:cfe
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.observer/ad/normal.html

Requested by

Host: tw.observer
URL: https://tw.observer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681c:cfe , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

42152b7bde71d00b59dc8f351a5df7a95f83b0f477a97b2ad84ecf7b4c908aef

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

:method: GET
:authority: tw.observer
:scheme: https
:path: /ad/normal.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://tw.observer/
accept-encoding: gzip, deflate, br
cookie: __cfduid=dcc0cfc39a57c8ee9bc35630664deb3271559575317
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://tw.observer/

Response headers

status: 200
date: Mon, 03 Jun 2019 15:21:58 GMT
content-type: text/html; charset=utf-8
last-modified: Thu, 10 Aug 2017 14:21:23 GMT
cache-control: max-age=600
cf-cache-status: HIT
strict-transport-security: max-age=2592000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 4e12a8e98c3ec2db-FRA
content-encoding: br

GET
H2 200 flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.woff2
fonts.gstatic.com/s/materialicons/v47/ 59 KB
60 KB 25ms
15ms Font
font/woff2 2a00:1450:4001:81e::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/materialicons/v47/flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.woff2

Requested by

Host: tw.observer
URL: https://tw.observer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

0c9a3f7fdc13a3ff04b74e9b982c28fa738fa9373bd43bd24dbca5f2dc360f24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/icon?family=Material+Icons
Origin: https://tw.observer

Response headers

date: Fri, 31 May 2019 19:56:52 GMT
x-content-type-options: nosniff
last-modified: Tue, 26 Mar 2019 18:13:56 GMT
server: sffe
age: 242706
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 60840
x-xss-protection: 0
expires: Sat, 30 May 2020 19:56:52 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j76&a=83383713&t=pageview&_s=1&dl=https%3A%2F%2Ftw.observer%2F&ul=en-us&de=UTF-8&dt=%E6%B7%B1%E5%8D%A1&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-101083363-1&cid=1608275181.1559575321&jid=592746053&_gid=190920032.1559575321&gjid=694284829&_v=j76&z=1603494448
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-101083363-1&cid=1608275181.1559575321&jid=592746053&_v=j76&z=1603494448
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-101083363-1&cid=1608275181.1559575321&jid=592746053&_v=j76&z=1603494448&slf_rd=1&random=607171175

42 B
109 B

24ms
23ms

Image
image/gif

2a00:1450:4001:81e::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-101083363-1&cid=1608275181.1559575321&jid=592746053&_v=j76&z=1603494448&slf_rd=1&random=607171175

Requested by

Host: tw.observer
URL: https://tw.observer/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw.observer/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jun 2019 15:22:01 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 03 Jun 2019 15:22:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-101083363-1&cid=1608275181.1559575321&jid=592746053&_v=j76&z=1603494448&slf_rd=1&random=607171175
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
171 B 16ms
15ms Script
application/javascript 2a00:1450:4001:821::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=tw.observer

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw.observer/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 03 Jun 2019 15:22:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
171 B 19ms
18ms Script
application/javascript 2a00:1450:4001:824::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=tw.observer

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw.observer/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 03 Jun 2019 15:22:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 104
x-xss-protection: 0

GET
H2 200 nativeads.js Show response
ads.exoclick.com/ Frame 89D4 32 KB
10 KB 118ms
7ms Script
text/html 2606:2800:234:1f1f:1754:1fef:718:1223
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.exoclick.com/nativeads.js
Requested by: Host: tw.observer
URL: https://tw.observer/ad/normal.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:1f1f:1754:1fef:718:1223 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40B0) /
Resource Hash: 56122db5b201606c1f4b1b832e404bd3a1b0cedca12b05e1fbab9e715848a90b

Request headers

Referer: https://tw.observer/ad/normal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 03 Jun 2019 15:22:00 GMT
content-encoding: gzip
last-modified: Mon, 03 Jun 2019 14:13:04 GMT
server: ECS (fcn/40B0)
vary: Accept-Encoding
x-cache: HIT
content-type: text/html; charset=UTF-8
status: 200
cache-control: max-age=10800
accept-ranges: bytes
content-length: 10233
expires: Mon, 03 Jun 2019 18:22:00 GMT

GET
H2 200 1 Show response
tw.observer/api/comments/ 2 B
111 B 563ms
563ms XHR
application/json 2606:4700:30::681c:cfe
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.observer/api/comments/1

Requested by

Host: tw.observer
URL: https://tw.observer/static/js/vendor.1060a1b436c75c77e59f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681c:cfe , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Accept: application/json, text/plain, */*
Referer: https://tw.observer/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 03 Jun 2019 15:22:01 GMT
cf-cache-status: EXPIRED
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
status: 200
cache-control: max-age=300
strict-transport-security: max-age=2592000
accept-ranges: bytes
cf-ray: 4e12a8fd3adfc2db-FRA
content-length: 2

GET
H/1.1 200
OK splash.php Show response
syndication.exoclick.com/ Frame 89D4 5 KB
4 KB 623ms
307ms XHR
text/html 95.211.229.246
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://syndication.exoclick.com/splash.php?native-settings=1&idzone=2669178&p=https%3A%2F%2Ftw.observer%2F
Requested by: Host: ads.exoclick.com
URL: https://ads.exoclick.com/nativeads.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 95.211.229.246 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx /
Resource Hash: f93cb7fa4bc8e526fa050376ba1f7be82af3ded207582033443663c5017c9119

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://tw.observer/ad/normal.html
Origin: https://tw.observer

Response headers

Date: Mon, 03 Jun 2019 15:22:01 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: https://tw.observer
Access-Control-Allow-Credentials: true
Connection: keep-alive

GET
H/1.1 204
No Content win.php
codeadnetwork.com/adx/openrtb/2/ Frame 89D4 0
137 B 513ms
133ms Image
text/plain 35.206.81.245
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://codeadnetwork.com/adx/openrtb/2/win.php?adx_price=0.091723&stamat=m%7C%2C%2CQjOSI2d3tGU3B0-GH0dEdHP3xP.686%2Cy5rs23SfFerQm_GaLSOjPlSQd75AXoNCxwfgYQJgYyVoUM2iZAwKI5STtQZ6p_VgVOk-dWfpVntOWDemUGCKsHcyhKvh7DjY21pjH95aijV_4bikf661k8RygybeQCIINogRaGOSm16S4eBMUSTjuU9I9Y80XQ8gY69amcyumSrAKzi5HdiEUf0nKOyM0ZAsy6J2d-qS28FI9LR-nd1gMgUmyijjz0usqPS7QYRFbRqqkHEeRPz6o3S6I03IZt1RIOsW11ZNJ-iNfuOYTYsZxyPpWutgp2j2_d0x7OAcoZnyEe-9-y_majRCt3-TSbCYWMt_AGvo0bN4g_OELzzO2tRuqvW61OEGCyGSRzJlA1jouaUPnEvnEnLxat0AyBwAdvTwn3QSVXOfZzi03qZi59Nma1qkDdhxLREnMR7QLs9IuYrsbhZ2Ua2jqtgWf6mKyxW91l_JIGX1_vD_jrC7gRRpQhPLvsQD5s--OTusbGmQAZBHnr1lcbixf-Z0yaNrSBzowihpWctixmoHpo2uggN5r8fU3vS8GKaBksMt6NNbtf4LD4WlWhLDhAtf_3RQynYan-cBgNTtuWwGi22W4r5lfLL-v1IPpFi0FhNDx08%2C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.206.81.245 Mountain View, United States, ASN19527 (GOOGLE-2 - Google LLC, US),
Reverse DNS: 245.81.206.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tw.observer/ad/normal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 15:22:02 GMT
Referrer-Policy: no-referrer
Server: openresty
Connection: keep-alive

GET
H2 200 5b1baf8b50ff10ad43c1176b9f55bcf9_9820.jpg
crrepo.com/extban/153509220/creatives/22669396/ Frame 89D4 44 KB
45 KB 258ms
162ms Image
image/jpeg 2606:4700:30::681c:1c04
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crrepo.com/extban/153509220/creatives/22669396/5b1baf8b50ff10ad43c1176b9f55bcf9_9820.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:1c04 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f9b349ffe66c58f6f6601ddf7d99f3ba276e7fe33d9d2bd80ea30de3486f70c0

Request headers

Referer: https://tw.observer/ad/normal.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 03 Jun 2019 15:22:02 GMT
via: 1.1 google
cf-cache-status: REVALIDATED
last-modified: Mon, 20 May 2019 09:01:31 GMT
server: cloudflare
etag: W/"5ce26ceb-b0ec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: public, max-age=14400
cf-ray: 4e12a9024f41beb0-FRA
expires: Mon, 03 Jun 2019 19:22:02 GMT

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.tw.observer/	1970-01-19 01:14:21	Name: _gid Value: GA1.2.190920032.1559575321
.tw.observer/	1970-01-19 18:44:07	Name: _ga Value: GA1.2.1608275181.1559575321
.tw.observer/	1970-01-19 01:12:55	Name: _gat Value: 1
.tw.observer/	1970-01-19 09:58:31	Name: __cfduid Value: dcc0cfc39a57c8ee9bc35630664deb3271559575317

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://tw.observer/static/js/app.ab8523ff8aa34a8f5407.js(Line 1) Message: %c🍌深深Der卡🍌

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=2592000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.exoclick.com
adservice.google.com
adservice.google.de
cdn.jsdelivr.net
codeadnetwork.com
crrepo.com
fonts.googleapis.com
fonts.gstatic.com
pagead2.googlesyndication.com
stats.g.doubleclick.net
syndication.exoclick.com
tw.observer
www.google-analytics.com
www.google.com
www.google.de
172.217.21.194
2606:2800:234:1f1f:1754:1fef:718:1223
2606:4700:30::681c:1c04
2606:4700:30::681c:cfe
2606:4700:30::681c:dfe
2a00:1450:4001:809::2004
2a00:1450:4001:814::200e
2a00:1450:4001:819::200a
2a00:1450:4001:81e::2003
2a00:1450:4001:821::2002
2a00:1450:4001:824::2002
2a00:1450:400c:c06::9d
2a04:4e42::621
35.206.81.245
95.211.229.246
02fd054a37bb2b31eb088887dd2c72a6ebea1419881f537dbd886e986caf0c01
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
05c2fd3fbc1cb2784bfbfff18242f5b324fedfe5cb2ee24c9ad3bab48c25322c
0c9a3f7fdc13a3ff04b74e9b982c28fa738fa9373bd43bd24dbca5f2dc360f24
0e127a267638382d3f53b4c6097764814abee72496112ff384803e8cc30d0a7b
32c8ab3bc07ceef6a1d40d9c185fd2a89116bef3627cd465688c08e9899e7ebf
42152b7bde71d00b59dc8f351a5df7a95f83b0f477a97b2ad84ecf7b4c908aef
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
56122db5b201606c1f4b1b832e404bd3a1b0cedca12b05e1fbab9e715848a90b
57748e3cd2ec90a9dedbf3639026bb1cd2132c7a9655fbe11018d9c1aa51aa01
5f6e0b38adf7ddd316cc4d107ae3a9f131d86761570f5a6e1337a1536ef9d33c
6a29b9ec5eb0c669386117441b14f83b25b2a06715e3209337b1e9115f5aad8f
8d750d26dce2ca11e8dde5cb2686a55c9d87281ff7acdea19342beebe04ebf55
8f88cb7a1cd4134f5d616b9fca90b9069fa16c162b7ae66ba1b500c490b41dd2
ac726518ac5a10883a573b72237592c5ec0b4aa53f1b3ec19aaf61da79cd90ab
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2b100e1d50de722ecb299b2b03897ae2d710ddf5fcc91451bc44555476ef63d
f93cb7fa4bc8e526fa050376ba1f7be82af3ded207582033443663c5017c9119
f9b349ffe66c58f6f6601ddf7d99f3ba276e7fe33d9d2bd80ea30de3486f70c0

tw.observer Open in urlscan Pro 2606:4700:30::681c:cfe Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

22 Requests

100 %HTTPS

80 %IPv6

12 Domains

15 Subdomains

12 IPs

5 Countries

275 kBTransfer

648 kBSize

4 Cookies

1 Outgoing links

Page URL History

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

4 Cookies

1 Console Messages

Security Headers

Indicators

tw.observer Open in urlscan Pro
2606:4700:30::681c:cfe Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

100 %
HTTPS

80 %
IPv6

12
Domains

15
Subdomains

12
IPs

5
Countries

275 kB
Transfer

648 kB
Size

4
Cookies

22 HTTP transactions
0 data transactions