urlscan.io logo urlscan.io
SecurityTrails logo

leekduck.com Open in urlscan Pro
172.67.73.83  Public Scan

Go To Rescan Add Verdict Report
URL: https://leekduck.com/
Submission: On January 22 via api from US — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 63 IPs in 10 countries across 52 domains to perform 159 HTTP transactions. The main IP is 172.67.73.83, located in Ascension Island and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is leekduck.com. The Cisco Umbrella rank of the primary domain is 431960.
TLS certificate: Issued by WE1 on December 22nd 2025. Valid for: 3 months.
This is the only time leekduck.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
16 172.67.73.83 13335 (CLOUDFLAR...)
11 104.18.2.78 13335 (CLOUDFLAR...)
1 151.101.66.167 54113 (FASTLY)
2 2a00:1450:400... 15169 (GOOGLE)
4 2606:4700::68... 13335 (CLOUDFLAR...)
3 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2001:4860:480... 15169 (GOOGLE)
5 35.244.144.25 396982 (GOOGLE-CL...)
1 13.33.187.48 16509 (AMAZON-02)
4 172.64.144.166 13335 (CLOUDFLAR...)
1 2 18.244.18.122 16509 (AMAZON-02)
3 172.217.18.2 15169 (GOOGLE)
2 18.245.86.84 16509 (AMAZON-02)
3 13.33.52.91 16509 (AMAZON-02)
2 2606:4700:10:... 13335 (CLOUDFLAR...)
2 188.114.96.3 13335 (CLOUDFLAR...)
2 142.251.140.168 15169 (GOOGLE)
2 108.138.4.226 16509 (AMAZON-02)
1 18.245.31.92 16509 (AMAZON-02)
11 2606:4700:10:... 13335 (CLOUDFLAR...)
7 142.250.184.230 15169 (GOOGLE)
2 34.36.200.111 396982 (GOOGLE-CL...)
1 23.215.23.105 16625 (AKAMAI-AS)
1 13.226.244.95 16509 (AMAZON-02)
1 1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 34.241.211.209 16509 (AMAZON-02)
3 130.211.23.194 396982 (GOOGLE-CL...)
1 9 67.220.226.232 16509 (AMAZON-02)
1 1 35.227.244.76 396982 (GOOGLE-CL...)
2 2 185.184.8.90 204995 (RTB-HOUSE...)
2 2 82.145.213.8 39832 (NO-OPERA ...)
1 1 172.66.1.242 13335 (CLOUDFLAR...)
1 2 69.173.144.139 26667 (RUBICONPR...)
2 3 104.18.27.193 13335 (CLOUDFLAR...)
1 63.35.207.216 16509 (AMAZON-02)
1 6 34.98.64.218 396982 (GOOGLE-CL...)
2 3 35.212.104.44 15169 (GOOGLE)
2 2 2a02:fa8:8806... 41041 (VCLK-EU-S...)
3 98.82.156.207 14618 (AMAZON-AES)
1 18.198.188.210 16509 (AMAZON-02)
2 88.221.168.201 16625 (AKAMAI-AS)
1 4 208.93.169.131 46244 (WEBMD-IDC...)
1 35.207.140.152 15169 (GOOGLE)
2 76.223.111.18 16509 (AMAZON-02)
8 10 142.251.141.98 15169 (GOOGLE)
3 15.197.193.217 16509 (AMAZON-02)
2 2 2620:116:800d... 16509 (AMAZON-02)
2 2 37.157.5.49 198622 (ADFORM Ad...)
2 2 2a02:fa8:8806... 41041 (VCLK-EU-S...)
1 6 104.18.26.193 13335 (CLOUDFLAR...)
1 54.162.156.31 14618 (AMAZON-AES)
3 3 35.214.136.108 15169 (GOOGLE)
1 1 35.156.185.106 16509 (AMAZON-02)
1 64.74.236.159 22075 (AS-OUTBRAIN)
1 1 34.141.240.75 396982 (GOOGLE-CL...)
1 1 3.224.192.194 14618 (AMAZON-AES)
2 2a02:2638:3::d 44788 (ASN-CRITE...)
1 34.120.133.55 396982 (GOOGLE-CL...)
1 185.89.210.90 29990 (ASN-APPNEXUS)
1 44.214.66.220 14618 (AMAZON-AES)
1 2602:803:c004... 26667 (RUBICONPR...)
1 2602:803:c003... 26667 (RUBICONPR...)
1 18.203.177.31 16509 (AMAZON-02)
1 52.223.6.21 16509 (AMAZON-02)
1 34.36.209.34 396982 (GOOGLE-CL...)
1 34.192.42.219 14618 (AMAZON-AES)
4 3.71.19.94 16509 (AMAZON-02)
2 35.227.252.103 396982 (GOOGLE-CL...)
1 185.64.189.112 62713 (AS-PUBMATIC)
1 2600:9000:201... ()
2 88.221.169.246 ()
1 104.18.24.18 ()
1 2620:1ec:50::12 ()
159 63
16    172.67.73.83 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
leekduck.com
11    104.18.2.78 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
s.nitropay.com
1    151.101.66.167 (United States)

ASN54113 (FASTLY - Fastly, Inc., US)
embed.twitch.tv
2    2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.googletagmanager.com
4    2606:4700::6810:5049 (None, )

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
static.cloudflareinsights.com
cloudflareinsights.com
3    2606:4700:20::ac43:4953 (None, )

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdn.leekduck.com
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE - Google LLC, US)
region1.google-analytics.com
5    35.244.144.25 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 25.144.244.35.bc.googleusercontent.com
floors.nitropay.com
t.nit.ro
pbs.nitropay.com
1    13.33.187.48 (New York, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-33-187-48.fra60.r.cloudfront.net
ats-wrapper.privacymanager.io
4    172.64.144.166 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdn.confiant-integrations.net
2    18.244.18.122 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-18-244-18-122.fra56.r.cloudfront.net
sb.scorecardresearch.com
3    172.217.18.2 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra24s22-in-f2.1e100.net
securepubads.g.doubleclick.net
2    18.245.86.84 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-18-245-86-84.fra60.r.cloudfront.net
geo.privacymanager.io
3    13.33.52.91 (New York, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-33-52-91.fra56.r.cloudfront.net
c.amazon-adsystem.com
2    2606:4700:10::ac42:ab85 (None, )

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
btloader.com
2    188.114.96.3 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
consent.nitrocnct.com
2    142.251.140.168 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: lcfraa-bt-in-f8.1e100.net
www.googletagmanager.com
2    108.138.4.226 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-108-138-4-226.fra56.r.cloudfront.net
aax.amazon-adsystem.com
1    18.245.31.92 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-18-245-31-92.fra56.r.cloudfront.net
config.aps.amazon-adsystem.com
11    2606:4700:10::6814:2f50 (None, )

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
ad-delivery.net
7    142.250.184.230 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra24s12-in-f6.1e100.net
ad.doubleclick.net
2    34.36.200.111 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 111.200.36.34.bc.googleusercontent.com
ab.dns-finder.com
1    23.215.23.105 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-215-23-105.deploy.static.akamaitechnologies.com
secure.cdn.fastclick.net
1    13.226.244.95 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-226-244-95.fra56.r.cloudfront.net
tags.crwdcntrl.net
1    2606:4700:10::ac42:a677 (None, )

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdn.hadronid.net
1    2606:4700:10::ac42:949f (None, )

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
a.ad.gt
1    2606:4700:10::6814:170d (None, )

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdn.id5-sync.com
1    34.241.211.209 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-241-211-209.eu-west-1.compute.amazonaws.com
bcp.crwdcntrl.net
3    130.211.23.194 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 194.23.211.130.bc.googleusercontent.com
api.btloader.com
9    67.220.226.232 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
aax-eu.amazon-adsystem.com
1    35.227.244.76 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 76.244.227.35.bc.googleusercontent.com
cs.media.net
2    185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS RTB Marketing and Tech Services Ltd, CY)
PTR: ip-185-184-8-90.rtbhouse.net
creativecdn.com
2    82.145.213.8 (Amsterdam, Netherlands)

ASN39832 (NO-OPERA Opera Norway AS, NO)
PTR: n-sysadmin-jumpbox-03.feednews.opera.technology
t.adx.opera.com
1    172.66.1.242 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.temu.com
2    69.173.144.139 (Germany)

ASN26667 (RUBICONPROJECT - Magnite, Inc., US)
pixel.rubiconproject.com
token.rubiconproject.com
3    104.18.27.193 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
ssum-sec.casalemedia.com
1    63.35.207.216 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-63-35-207-216.eu-west-1.compute.amazonaws.com
ms-cookie-sync.presage.io
6    34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 218.64.98.34.bc.googleusercontent.com
u.openx.net
us-u.openx.net
eu-u.openx.net
ggsoftware-d.openx.net
3    35.212.104.44 (Washington, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 44.104.212.35.bc.googleusercontent.com
sync.inmobi.com
2    2a02:fa8:8806:13::1370 (Singapore)

ASN41041 (VCLK-EU-SE Conversant LLC, US)
amazon-tam-match.dotomi.com
3    98.82.156.207 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-98-82-156-207.compute-1.amazonaws.com
s.amazon-adsystem.com
1    18.198.188.210 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-198-188-210.eu-central-1.compute.amazonaws.com
match.sharethrough.com
2    88.221.168.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a88-221-168-201.deploy.static.akamaitechnologies.com
ads.pubmatic.com
4    208.93.169.131 (Amsterdam, Netherlands)

ASN46244 (WEBMD-IDC1-AS - WebMD, LLC, US)
bh.contextweb.com
1    35.207.140.152 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 152.140.207.35.bc.googleusercontent.com
cs-tam.yellowblue.io
2    76.223.111.18 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
eb2.3lift.com
10    142.251.141.98 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: tzfraa-ai-in-f2.1e100.net
cm.g.doubleclick.net
3    15.197.193.217 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
2    2620:116:800d:21:7eb1:3826:be7e:d981 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
cms.quantserve.com
2    37.157.5.49 (Denmark)

ASN198622 (ADFORM Adform A/S, DK)
c1.adform.net
2    2a02:fa8:8806:20::2040 (Singapore)

ASN41041 (VCLK-EU-SE Conversant LLC, US)
pulsepoint-match.dotomi.com
6    104.18.26.193 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
dsum-sec.casalemedia.com
dsum.casalemedia.com
htlb.casalemedia.com
1    54.162.156.31 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-162-156-31.compute-1.amazonaws.com
i.liadm.com
3    35.214.136.108 (Groningen, Netherlands)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 108.136.214.35.bc.googleusercontent.com
x.bidswitch.net
1    35.156.185.106 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-156-185-106.eu-central-1.compute.amazonaws.com
sonata-notifications.taptapnetworks.com
1    64.74.236.159 (United States)

ASN22075 (AS-OUTBRAIN - Outbrain, Inc., US)
PTR: chi.outbrain.com
b1sync.zemanta.com
1    34.141.240.75 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 75.240.141.34.bc.googleusercontent.com
um.simpli.fi
1    3.224.192.194 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-224-192-194.compute-1.amazonaws.com
sync.srv.stackadapt.com
2    2a02:2638:3::d (France)

ASN44788 (ASN-CRITEO-EUROPE Criteo Technology SAS, FR)
gum.criteo.com
1    34.120.133.55 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 55.133.120.34.bc.googleusercontent.com
api.rlcdn.com
1    185.89.210.90 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEXUS - Xandr Inc., US)
PTR: 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
ib.adnxs-simple.com
1    44.214.66.220 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-44-214-66-220.compute-1.amazonaws.com
exchange.postrelease.com
1    2602:803:c004:200::137 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT - Magnite, Inc., US)
prebid-server.rubiconproject.com
1    2602:803:c003:200::21 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT - Magnite, Inc., US)
fastlane.rubiconproject.com
1    18.203.177.31 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-203-177-31.eu-west-1.compute.amazonaws.com
ap.lijit.com
1    52.223.6.21 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: a8c33d2b6751b365d.awsglobalaccelerator.com
direct.adsrvr.org
1    34.36.209.34 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 34.209.36.34.bc.googleusercontent.com
prebid.media.net
1    34.192.42.219 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-192-42-219.compute-1.amazonaws.com
tlx.3lift.com
4    3.71.19.94 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-3-71-19-94.eu-central-1.compute.amazonaws.com
btlr.sharethrough.com
2    35.227.252.103 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 103.252.227.35.bc.googleusercontent.com
rtb.openx.net
1    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC - PubMatic, Inc., US)
hbopenbid.pubmatic.com
1    2600:9000:2013:4200:16:708:31c0:93a1 (None, )

ASN- ()
check.analytics.rlcdn.com
2    88.221.169.246 (None, )

ASN- ()
eus.rubiconproject.com
1    104.18.24.18 (None, )

ASN- ()
js-sec.indexww.com
1    2620:1ec:50::12 (None, )

ASN- ()
px.ads.linkedin.com
Apex Domain
Subdomains		 Transfer
20 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 281
ad.doubleclick.net — Cisco Umbrella Rank: 187
cm.g.doubleclick.net — Cisco Umbrella Rank: 297
257 KB
19 leekduck.com
leekduck.com — Cisco Umbrella Rank: 431960
cdn.leekduck.com — Cisco Umbrella Rank: 659763
1 MB
18 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 435
aax.amazon-adsystem.com — Cisco Umbrella Rank: 657
config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 885
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1273
s.amazon-adsystem.com — Cisco Umbrella Rank: 397
106 KB
14 nitropay.com
s.nitropay.com — Cisco Umbrella Rank: 23865
floors.nitropay.com — Cisco Umbrella Rank: 55971
pbs.nitropay.com — Cisco Umbrella Rank: 24569
309 KB
11 ad-delivery.net
ad-delivery.net — Cisco Umbrella Rank: 1207
2 KB
9 casalemedia.com
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 649
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 712
dsum.casalemedia.com — Cisco Umbrella Rank: 1980
htlb.casalemedia.com — Cisco Umbrella Rank: 701
7 KB
8 openx.net
u.openx.net — Cisco Umbrella Rank: 874
us-u.openx.net — Cisco Umbrella Rank: 603
eu-u.openx.net — Cisco Umbrella Rank: 2339
rtb.openx.net — Cisco Umbrella Rank: 684
ggsoftware-d.openx.net
2 KB
6 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 472
prebid-server.rubiconproject.com — Cisco Umbrella Rank: 1056
fastlane.rubiconproject.com — Cisco Umbrella Rank: 659
eus.rubiconproject.com
token.rubiconproject.com
15 KB
5 sharethrough.com
match.sharethrough.com — Cisco Umbrella Rank: 707
btlr.sharethrough.com — Cisco Umbrella Rank: 1551
473 B
5 btloader.com
btloader.com — Cisco Umbrella Rank: 1100
api.btloader.com — Cisco Umbrella Rank: 1311
44 KB
4 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 463
direct.adsrvr.org — Cisco Umbrella Rank: 1095
1 KB
4 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 809
5 KB
4 dotomi.com
amazon-tam-match.dotomi.com — Cisco Umbrella Rank: 8673
pulsepoint-match.dotomi.com — Cisco Umbrella Rank: 11810
1 KB
4 confiant-integrations.net
cdn.confiant-integrations.net — Cisco Umbrella Rank: 1968
377 KB
4 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 372
cloudflareinsights.com — Cisco Umbrella Rank: 354
14 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 51
145 KB
3 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 459
1 KB
3 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 557
tlx.3lift.com — Cisco Umbrella Rank: 773
1000 B
3 pubmatic.com
ads.pubmatic.com — Cisco Umbrella Rank: 675
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 698
15 KB
3 inmobi.com
sync.inmobi.com — Cisco Umbrella Rank: 1008
558 B
3 privacymanager.io
ats-wrapper.privacymanager.io — Cisco Umbrella Rank: 1910
geo.privacymanager.io — Cisco Umbrella Rank: 1994
39 KB
2 rlcdn.com
api.rlcdn.com — Cisco Umbrella Rank: 1086
check.analytics.rlcdn.com
880 B
2 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 538
371 B
2 adform.net
c1.adform.net — Cisco Umbrella Rank: 782
1 KB
2 quantserve.com
cms.quantserve.com — Cisco Umbrella Rank: 1054
530 B
2 opera.com
t.adx.opera.com — Cisco Umbrella Rank: 917
2 KB
2 creativecdn.com
creativecdn.com — Cisco Umbrella Rank: 621
896 B
2 media.net
cs.media.net — Cisco Umbrella Rank: 787
prebid.media.net — Cisco Umbrella Rank: 1101
1 KB
2 crwdcntrl.net
tags.crwdcntrl.net — Cisco Umbrella Rank: 1186
bcp.crwdcntrl.net — Cisco Umbrella Rank: 1229
14 KB
2 dns-finder.com
ab.dns-finder.com — Cisco Umbrella Rank: 1393
233 B
2 nitrocnct.com
consent.nitrocnct.com — Cisco Umbrella Rank: 25166
212 KB
2 nit.ro
t.nit.ro — Cisco Umbrella Rank: 21690
2 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 219
7 KB
1 linkedin.com
px.ads.linkedin.com
676 B
1 indexww.com
js-sec.indexww.com
2 KB
1 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 921
206 B
1 postrelease.com
exchange.postrelease.com — Cisco Umbrella Rank: 3283
291 B
1 adnxs-simple.com
ib.adnxs-simple.com — Cisco Umbrella Rank: 19198
528 B
1 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 766
1 KB
1 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 1029
631 B
1 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 832
138 B
1 taptapnetworks.com
sonata-notifications.taptapnetworks.com — Cisco Umbrella Rank: 7820
407 B
1 liadm.com
i.liadm.com — Cisco Umbrella Rank: 661
208 B
1 yellowblue.io
cs-tam.yellowblue.io — Cisco Umbrella Rank: 9610
437 B
1 presage.io
ms-cookie-sync.presage.io — Cisco Umbrella Rank: 1958
261 B
1 temu.com
www.temu.com — Cisco Umbrella Rank: 742
692 B
1 id5-sync.com
cdn.id5-sync.com — Cisco Umbrella Rank: 845
33 KB
1 ad.gt
a.ad.gt — Cisco Umbrella Rank: 1875
3 KB
1 hadronid.net
cdn.hadronid.net — Cisco Umbrella Rank: 1865
123 B
1 fastclick.net
secure.cdn.fastclick.net — Cisco Umbrella Rank: 1409
22 KB
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2622
1 twitch.tv
embed.twitch.tv — Cisco Umbrella Rank: 159632
8 KB
159 52
Domain Requested by
16 leekduck.com leekduck.com
11 ad-delivery.net btloader.com
11 s.nitropay.com leekduck.com
s.nitropay.com
10 cm.g.doubleclick.net 8 redirects u.openx.net
ssum-sec.casalemedia.com
9 aax-eu.amazon-adsystem.com 1 redirects cdn.confiant-integrations.net
aax-eu.amazon-adsystem.com
u.openx.net
ssum-sec.casalemedia.com
7 ad.doubleclick.net btloader.com
4 btlr.sharethrough.com s.nitropay.com
4 dsum-sec.casalemedia.com 1 redirects ssum-sec.casalemedia.com
4 bh.contextweb.com 1 redirects aax-eu.amazon-adsystem.com
bh.contextweb.com
4 cdn.confiant-integrations.net s.nitropay.com
cdn.confiant-integrations.net
4 www.googletagmanager.com leekduck.com
www.googletagmanager.com
3 x.bidswitch.net 3 redirects
3 match.adsrvr.org u.openx.net
s.nitropay.com
3 s.amazon-adsystem.com aax-eu.amazon-adsystem.com
bh.contextweb.com
ssum-sec.casalemedia.com
3 sync.inmobi.com 2 redirects aax-eu.amazon-adsystem.com
3 ssum-sec.casalemedia.com 2 redirects aax-eu.amazon-adsystem.com
3 api.btloader.com btloader.com
3 c.amazon-adsystem.com s.nitropay.com
c.amazon-adsystem.com
3 securepubads.g.doubleclick.net s.nitropay.com
securepubads.g.doubleclick.net
leekduck.com
3 cdn.leekduck.com leekduck.com
2 eus.rubiconproject.com cdn.confiant-integrations.net
eus.rubiconproject.com
2 rtb.openx.net s.nitropay.com
2 pbs.nitropay.com s.nitropay.com
2 gum.criteo.com s.nitropay.com
2 pulsepoint-match.dotomi.com 2 redirects
2 c1.adform.net 2 redirects
2 cms.quantserve.com 2 redirects
2 us-u.openx.net u.openx.net
2 eb2.3lift.com aax-eu.amazon-adsystem.com
cdn.confiant-integrations.net
2 ads.pubmatic.com aax-eu.amazon-adsystem.com
cdn.confiant-integrations.net
2 amazon-tam-match.dotomi.com 2 redirects
2 u.openx.net 1 redirects aax-eu.amazon-adsystem.com
2 t.adx.opera.com 2 redirects
2 creativecdn.com 2 redirects
2 cloudflareinsights.com static.cloudflareinsights.com
2 ab.dns-finder.com btloader.com
2 aax.amazon-adsystem.com c.amazon-adsystem.com
2 consent.nitrocnct.com s.nitropay.com
2 btloader.com s.nitropay.com
btloader.com
2 t.nit.ro s.nitropay.com
2 geo.privacymanager.io ats-wrapper.privacymanager.io
2 sb.scorecardresearch.com 1 redirects leekduck.com
2 static.cloudflareinsights.com leekduck.com
1 token.rubiconproject.com eus.rubiconproject.com
1 px.ads.linkedin.com
1 js-sec.indexww.com cdn.confiant-integrations.net
1 ggsoftware-d.openx.net cdn.confiant-integrations.net
1 check.analytics.rlcdn.com s.nitropay.com
1 hbopenbid.pubmatic.com s.nitropay.com
1 htlb.casalemedia.com s.nitropay.com
1 tlx.3lift.com s.nitropay.com
1 prebid.media.net s.nitropay.com
1 direct.adsrvr.org s.nitropay.com
1 ap.lijit.com s.nitropay.com
1 fastlane.rubiconproject.com s.nitropay.com
1 prebid-server.rubiconproject.com s.nitropay.com
1 exchange.postrelease.com s.nitropay.com
1 ib.adnxs-simple.com s.nitropay.com
1 api.rlcdn.com s.nitropay.com
1 sync.srv.stackadapt.com 1 redirects
1 um.simpli.fi 1 redirects
1 b1sync.zemanta.com ssum-sec.casalemedia.com
1 dsum.casalemedia.com ssum-sec.casalemedia.com
1 sonata-notifications.taptapnetworks.com 1 redirects
1 i.liadm.com ssum-sec.casalemedia.com
1 eu-u.openx.net u.openx.net
1 cs-tam.yellowblue.io aax-eu.amazon-adsystem.com
1 match.sharethrough.com aax-eu.amazon-adsystem.com
1 ms-cookie-sync.presage.io aax-eu.amazon-adsystem.com
1 pixel.rubiconproject.com 1 redirects
1 www.temu.com 1 redirects
1 cs.media.net 1 redirects
1 bcp.crwdcntrl.net tags.crwdcntrl.net
1 cdn.id5-sync.com leekduck.com
1 a.ad.gt leekduck.com
1 cdn.hadronid.net 1 redirects
1 tags.crwdcntrl.net leekduck.com
1 secure.cdn.fastclick.net leekduck.com
1 config.aps.amazon-adsystem.com c.amazon-adsystem.com
1 ats-wrapper.privacymanager.io s.nitropay.com
1 floors.nitropay.com s.nitropay.com
1 region1.google-analytics.com www.googletagmanager.com
1 embed.twitch.tv leekduck.com
159 83

This site contains links to these domains. Also see Links.

Domain
x.com
facebook.com
instagram.com
threads.net
bsky.app
youtube.com
twitch.tv
nitropay.com
Subject Issuer Validity Valid
leekduck.com
WE1		 2025-12-22 -
2026-03-22		 3 months crt.sh
nitropay.com
WE1		 2025-12-25 -
2026-03-25		 3 months crt.sh
twitch.tv
GlobalSign Atlas R3 DV TLS CA 2025 Q2		 2025-05-07 -
2026-06-08		 a year crt.sh
*.google-analytics.com
WE2		 2025-12-29 -
2026-03-23		 3 months crt.sh
cloudflareinsights.com
WE1		 2025-12-20 -
2026-03-20		 3 months crt.sh
b5243f01.sni.cloudflaressl.com
WE1		 2025-12-26 -
2026-03-26		 3 months crt.sh
*.nitropay.com
WR3		 2026-01-10 -
2026-04-10		 3 months crt.sh
*.privacymanager.io
Amazon RSA 2048 M03		 2025-05-26 -
2026-06-23		 a year crt.sh
confiant-integrations.net
WE1		 2025-12-25 -
2026-03-25		 3 months crt.sh
*.g.doubleclick.net
WE2		 2025-12-29 -
2026-03-23		 3 months crt.sh
c.amazon-adsystem.com
Amazon RSA 2048 M04		 2025-10-20 -
2026-11-18		 a year crt.sh
*.nit.ro
WR3		 2025-12-30 -
2026-03-30		 3 months crt.sh
btloader.com
WE1		 2025-11-25 -
2026-02-23		 3 months crt.sh
nitrocnct.com
WE1		 2025-12-02 -
2026-03-02		 3 months crt.sh
alt1-3ps.amazon-adsystem.com
Amazon RSA 2048 M03		 2025-03-31 -
2026-04-29		 a year crt.sh
config.aps.amazon-adsystem.com
Amazon RSA 2048 M04		 2025-11-23 -
2026-12-22		 a year crt.sh
ad-delivery.net
WE1		 2025-12-28 -
2026-03-28		 3 months crt.sh
*.doubleclick.net
WE2		 2025-12-29 -
2026-03-23		 3 months crt.sh
ab.dns-finder.com
WR3		 2025-12-14 -
2026-03-14		 3 months crt.sh
secure.cdn.fastclick.net
DigiCert Global G3 TLS ECC SHA384 2020 CA1		 2025-06-08 -
2026-06-09		 a year crt.sh
*.crwdcntrl.net
Amazon RSA 2048 M04		 2025-08-09 -
2026-09-07		 a year crt.sh
id5-sync.com
WE1		 2026-01-16 -
2026-04-16		 3 months crt.sh
api.btloader.com
WR3		 2026-01-09 -
2026-04-09		 3 months crt.sh
aax-eu.amazon-adsystem.com
Amazon RSA 2048 M01		 2025-11-04 -
2026-09-17		 10 months crt.sh
casalemedia.com
E7		 2025-11-30 -
2026-02-28		 3 months crt.sh
*.prod.cloud.ogury.io
E7		 2025-11-27 -
2026-02-25		 3 months crt.sh
*.openx.net
RapidSSL TLS RSA CA G1		 2025-08-12 -
2026-08-19		 a year crt.sh
sync.inmobi.com
Sectigo RSA Organization Validation Secure Server CA		 2025-04-29 -
2026-04-29		 a year crt.sh
s.amazon-adsystem.com
Amazon RSA 2048 M01		 2025-10-30 -
2026-08-04		 9 months crt.sh
*.sharethrough.com
DigiCert Global G3 TLS ECC SHA384 2020 CA1		 2025-07-17 -
2026-08-17		 a year crt.sh
*.pubmatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2025-10-02 -
2026-10-01		 a year crt.sh
pulsepoint.com
Sectigo RSA Organization Validation Secure Server CA		 2025-04-08 -
2026-05-09		 a year crt.sh
*.yellowblue.io
WR3		 2025-12-20 -
2026-03-20		 3 months crt.sh
*.3lift.com
Amazon RSA 2048 M04		 2026-01-12 -
2027-02-09		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2025-03-19 -
2026-04-02		 a year crt.sh
*.liadm.com
Amazon RSA 2048 M03		 2025-07-01 -
2026-07-29		 a year crt.sh
*.zemanta.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2025-08-17 -
2026-09-08		 a year crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2026-01-20 -
2026-04-17		 3 months crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2025-02-06 -
2026-03-05		 a year crt.sh
*.adnxs-simple.com
GeoTrust TLS ECC CA G1		 2025-09-25 -
2026-10-26		 a year crt.sh
*.postrelease.com
Amazon RSA 2048 M03		 2025-08-25 -
2026-09-21		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2025-03-04 -
2026-04-03		 a year crt.sh
*.lijit.com
R13		 2026-01-06 -
2026-04-06		 3 months crt.sh
*.media.net
Sectigo RSA Domain Validation Secure Server CA		 2025-04-10 -
2026-04-30		 a year crt.sh
*.analytics.rlcdn.com
Amazon RSA 2048 M03		 2025-03-10 -
2026-04-08		 a year crt.sh
indexww.com
WE1		 2026-01-17 -
2026-04-17		 3 months crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2025-08-29 -
2026-02-28		 6 months crt.sh

This page contains 20 frames:

Primary Page: https://leekduck.com/
Frame ID: 839D82D7655D8F7A1F64727F6236227B
Requests: 113 HTTP requests in this frame

Frame: https://btloader.com/trustedIframe.html?o=6278260873756672&upapi=true
Frame ID: 771BEFF4AC430892187B04A002D32817
Requests: 1 HTTP requests in this frame

Frame: blob://https://leekduck.com/d9d3a980-b859-45de-bb35-3fc746c4e301
Frame ID: 63C74E962DA858C16451C58F5AC43632
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-smadex_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-nativo_n-Rise_3lift&dcc=t
Frame ID: 5D5ABCF6E0835DAA30BE8A1BC1232F3F
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-nativo_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Frame ID: 47053539C4198B24A7FEA123B9FC4E4F
Requests: 5 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fgdpr%3D0%26ex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Frame ID: 5022A61E606733F8D68C13640EC410F0
Requests: 10 HTTP requests in this frame

Frame: https://ms-cookie-sync.presage.io/user-sync.html?source=tam&gdpr=0
Frame ID: 21A80A98A938BE8AF6D022FE81418053
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Frame ID: AA8325B1FB3DE4E7A469EBF93958B5D7
Requests: 7 HTTP requests in this frame

Frame: https://sync.inmobi.com/sync?redirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dinmobi.com%26id%3D%7BID5UID%7D&gdpr_consent=&gdpr=0&us_privacy=&gdpr_pd=&source=1&google_push=&retry=true
Frame ID: 0232B778443B90F90D552ED977715477
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=cnv.com&id=AQAJmTjCfWXq9wJTI6SVAQEBAQEBAQCa5DPYjgEBAJrkM9iO&expiration=1769163273&is_secure=true&gdpr=0
Frame ID: 6FE732840388F7DE93E82A4B313BAC08
Requests: 1 HTTP requests in this frame

Frame: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dsharethrough.com%26id%3D%24UID&gdpr=0
Frame ID: FD8940C30EE02B8533F5DD8C96F1A6FF
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dpubmatic.com%26id%3D&gdpr=0
Frame ID: 6BDC87C2D9AF0F5543569A263A6A5E78
Requests: 1 HTTP requests in this frame

Frame: https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint&reat=1
Frame ID: F133F04D88405E4ADDC580501809D5CE
Requests: 4 HTTP requests in this frame

Frame: https://cs-tam.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D&gdpr=0
Frame ID: B16AEDF1F4A9254CAC39041009ED583A
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/getuid?redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID&gdpr=0
Frame ID: F1B79C38AF06AA0BB77DB07EA92B274D
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156737&gdpr=1&gdpr_consent=CQebhUAQebhUADyvWAENCOFAAAAAAAAAACiQAAAAAAAA.IAAA&us_privacy=1---
Frame ID: B69A71B9001B2D9283EEC560EB697B73
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=CQebhUAQebhUADyvWAENCOFAAAAAAAAAACiQAAAAAAAA.IAAA&us_privacy=1---
Frame ID: D549A5BD9F52D08CF21BF3A0384D1CBE
Requests: 3 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?gdpr=true&cmp_cs=CQebhUAQebhUADyvWAENCOFAAAAAAAAAACiQAAAAAAAA.IAAA&us_privacy=1---&
Frame ID: 368C17A1152D71F5973BF53BF66292F7
Requests: 1 HTTP requests in this frame

Frame: https://ggsoftware-d.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=CQebhUAQebhUADyvWAENCOFAAAAAAAAAACiQAAAAAAAA.IAAA&us_privacy=1---
Frame ID: B73F826AE97C84E866C9DFF5054402F3
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: D08C05D37244ED889BF787D7D1E3A0D3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Leek Duck | Pokémon GO News and Resources

Detected technologies

Overall confidence: 50%
Detected patterns
Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • \.doubleclick\.net
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • \.googletagmanager\.com/
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • \.amazon-adsystem\.com
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • securepubads\.g\.doubleclick.net/tag/js/gpt\.js
Overall confidence: 100%
Detected patterns
  • ^https://(?:cdn\.)?id5-sync\.com/
Overall confidence: 100%
Detected patterns
  • \.liadm\.com
Overall confidence: 100%
Detected patterns
  • \.media\.net/
Overall confidence: 100%
Detected patterns
  • \.postrelease\.com/
Overall confidence: 100%
Detected patterns
  • \.sharethrough\.com/
Overall confidence: 100%
Detected patterns
  • \.(?:linksmart|lijit)\.com/
Overall confidence: 100%
Detected patterns
  • \.adsrvr\.org/

Page Statistics

159
Requests

89 %
HTTPS

23 %
IPv6

52
Domains

83
Subdomains

63
IPs

10
Countries

2786 kB
Transfer

6653 kB
Size

57
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28
  • https://sb.scorecardresearch.com/cs/20631572/beacon.js HTTP 302
  • https://sb.scorecardresearch.com/internal-cs/default/beacon.js
Request Chain 61
  • https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fleekduck.com%2F&ref=&_it=amazon&partner_id=720 HTTP 301
  • https://a.ad.gt/api/v1/u/matches/720?_it=nitro
Request Chain 74
  • https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-smadex_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-nativo_n-Rise_3lift HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-smadex_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-nativo_n-Rise_3lift&dcc=t
Request Chain 78
  • https://cs.media.net/cksync?cs=31&type=tam&redirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dmedia.net%26id%3D%3Cvsid%3E&gdpr=0 HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=media.net&id=4120784734627127000V10
Request Chain 79
  • https://creativecdn.com/cm-notify?pi=amazon-eu&gdpr=0 HTTP 302
  • https://creativecdn.com/cm-notify?pi=amazon-eu&gdpr=0&tc=1 HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rtbhouse.com&id=ovjfJAIxhsAeTIEHzSBRmj9dZ9OdSjaSlvJI8MSo_GU&pi=amazon-eu&gdpr=0&tc=1
Request Chain 80
  • https://t.adx.opera.com/pub/sync?pubid=pub12058951686464&k=eu&gdpr=0 HTTP 302
  • https://www.temu.com/api/adx/cm/pixel-opera?adx_uid=9519adc0154338e9&gdpr=0&gdpr_consent=&us_privacy=&redir=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fvendor%3D60369%26pubid%3Dpub12058951686464%26gdpr%3D0%26consent%3D%26us_privacy%3D%26custom_data%3D HTTP 302
  • https://t.adx.opera.com/sync?vendor=60369&pubid=pub12058951686464&gdpr=0&consent=&us_privacy=&custom_data= HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=opera.com&id=OPUdf5199fc0d0441ed914b733eb118b3cb
Request Chain 81
  • https://pixel.rubiconproject.com/exchange/sync.php?p=a9eu&gdpr=0 HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?id=MKPAOZQV-T-34DC&ex=d-rubiconproject.com&status=ok&gdpr=0
Request Chain 82
  • https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0 HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fgdpr%3D0%26ex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Request Chain 84
  • https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0 HTTP 302
  • https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Request Chain 85
  • https://sync.inmobi.com/TAM?redirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dinmobi.com%26id%3D%7BID5UID%7D&gdpr=0 HTTP 302
  • https://sync.inmobi.com/sync?redirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dinmobi.com%26id%3D%7BID5UID%7D&gdpr_consent=&gdpr=0&us_privacy=&gdpr_pd=&source=1&google_push=&retry= HTTP 302
  • https://sync.inmobi.com/sync?redirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dinmobi.com%26id%3D%7BID5UID%7D&gdpr_consent=&gdpr=0&us_privacy=&gdpr_pd=&source=1&google_push=&retry=true
Request Chain 86
  • https://amazon-tam-match.dotomi.com/match/bounce/current?networkId=31082&version=1&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcnv.com%26id%3D&gdpr=0 HTTP 302
  • https://amazon-tam-match.dotomi.com/match/bounce/current?DotomiTest=28e4d7550801891&is_secure=true&networkId=31082&version=1&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcnv.com%26id%3D&gdpr=0 HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=cnv.com&id=AQAJmTjCfWXq9wJTI6SVAQEBAQEBAQCa5DPYjgEBAJrkM9iO&expiration=1769163273&is_secure=true&gdpr=0
Request Chain 89
  • https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint HTTP 302
  • https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint&reat=1
Request Chain 93
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc= HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEAW5kDBEaWte37B5goIP1uw&google_cver=1
Request Chain 94
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTI2NGY4ZDAtNmU5NC0yY2U5LWZhYmUtNzY4NDc2MDI2ZjBi HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTI2NGY4ZDAtNmU5NC0yY2U5LWZhYmUtNzY4NDc2MDI2ZjBi&google_tc=
Request Chain 96
  • https://cms.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
  • https://cms.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0&__qcmcs=1 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=5TFPtbUwQL3-MBm0sjpV4bI-TbL-Oh60tj3Hjt4-
Request Chain 97
  • https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8369720746071229071
Request Chain 98
  • https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=TkdMVlJqV3Fqc3B5eDhUbERXUUxrQQ&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm=&google_sc=&google_hm=TkdMVlJqV3Fqc3B5eDhUbERXUUxrQQ&gdpr=0&gdpr_consent=&google_tc= HTTP 302
  • https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=0&gdpr_consent=&ev=CAESEI5ENPOenw_xWJMHq8g0A8o&google_cver=1
Request Chain 99
  • https://pulsepoint-match.dotomi.com/match/bounce/current?networkId=14200&version=1&nuid=&gdpr=0&gdpr_consent= HTTP 302
  • https://pulsepoint-match.dotomi.com/match/bounce/current?DotomiTest=4a9363e45cd71850&is_secure=true&networkId=14200&version=1&nuid=&gdpr=0&gdpr_consent= HTTP 302
  • https://bh.contextweb.com/bh/rtset?do=add&pid=530912&ev=AQAJsBk4_ArA0AIk7iiYAQEBAQEBAQCa5DPbFgEBAJrkM9sW&expiration=1769163273&nuid=&is_secure=true&gdpr_consent=&gdpr=0
Request Chain 101
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=aXH4iVVbLWEAP8YRBSkduQAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESENtM7s91wOYTu9y4GaZM9V0&google_cver=1&gdpr=0
Request Chain 102
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=aXH4iVVbLWEAP8YRBSkduQAAFD8AAAIB&gdpr_consent=&us_privacy=&gdpr=0&gpp=&gpp_sid= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=aXH4iVVbLWEAP8YRBSkduQAAFD8AAAIB&gdpr_consent=&us_privacy=&gdpr=0&gpp=&gpp_sid=&google_tc= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&gdpr_consent=&gdpr=0&gpp=&gpp_sid=&google_gid=CAESENtjAenw8WLIV5P1xgG7wSE&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=0&gdpr=0&gdpr_consent=&google_cver=1&google_gid=CAESENtjAenw8WLIV5P1xgG7wSE&google_hm=aXH4iVVbLWEAP8YRBSkduQAAFD8AAAIB&google_nid=index&gpp=&gpp=&gpp_sid=&gpp_sid=
Request Chain 105
  • https://x.bidswitch.net/sync?ssp=index&gdpr=0 HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=index&gdpr=0 HTTP 302
  • https://sonata-notifications.taptapnetworks.com/web/cookie/bidswitch/sync?bidswitch_ssp_id=index&bsw_custom_parameter=5f3c6bb2-6322-43c4-ac6e-5af4aac26fb5&gdpr=0&gdpr_consent=&gdpr_pd= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=413&ssp=index&user_id=csonata_ce757cb7-6e34-482f-b27e-f35c4a7933cd&bsw_param=5f3c6bb2-6322-43c4-ac6e-5af4aac26fb5&expires=10&gdpr=0&gdpr_consent=&gdpr_pd= HTTP 302
  • https://dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=5f3c6bb2-6322-43c4-ac6e-5af4aac26fb5&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 107
  • https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=0 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=BA90EBD2DD16484DBDBFF54F57AB7137&gdpr=0
Request Chain 108
  • https://sync.srv.stackadapt.com/sync?nid=68&gdpr=0 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=123&external_user_id=EojoJ-eZVMJn0jy3gj3Pl5JGhlc

159 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
leekduck.com/ 		37 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://leekduck.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5f21e0f630908949bdb51c17a4ea1f1e507300d995d6984ceb566441752d602f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
9c1e48f0197fbd93-LHR
content-encoding
br
content-type
text/html; charset=utf-8
date
Thu, 22 Jan 2026 10:14:31 GMT
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
priority
u=0,i
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2BF%2Bk3TTKBagXJ3vbJm5VvnJrGBJMwTzzCfwXuOaXgQVZzEoRadZ7stHBJdYZ%2BjUVC5CUVbj7fr3%2BPG8hnVJRyZ%2FvH2uVWm4qTpU07Q%3D%3D"}]}
server
cloudflare
server-timing
cfCacheStatus;desc="DYNAMIC" cfEdge;dur=16,cfOrigin;dur=98 cfExtPri
speculation-rules
"/cdn-cgi/speculation"
vary
accept-encoding
x-content-type-options
nosniff
speculation
leekduck.com/cdn-cgi/ 		128 B
535 B 		Other
General
Check archive.org
Download Go to
Full URL
https://leekduck.com/cdn-cgi/speculation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Origin
https://leekduck.com
Referer
https://leekduck.com/

Response headers

nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
speculation-rules
"/cdn-cgi/speculation"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=nxboEiyzqBMS64U%2B2PZfC5R%2FKwZqP4M2m6mTjX6PuVY73FFi6BHcBFP63HFzg7te%2BcDGjhlNDirCujlRxV0T6sXEx9RMiRCkIIYj"}]}
cf-ray
9c1e48f11984bd93-LHR
access-control-allow-origin
https://leekduck.com
content-length
128
date
Thu, 22 Jan 2026 10:14:31 GMT
content-type
application/speculationrules+json
vary
Origin, accept-encoding
server
cloudflare
main.css
leekduck.com/assets/css/ 		50 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://leekduck.com/assets/css/main.css?=2026-01-01v5
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b9abdc0694a396c9d3bef8293e148c56cdaaebbc6a75d17c4707c8262b509ff2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"7702def19e28d192004e35150a9c5add"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=RjpemfmcsY54Ql4aYmV9h%2B4zCZkGeKEPvLJ6fDxvZQJz1OG1gPk%2FNsVXVdks107TOI%2FCGB8QCbCxBrVCCEyOhTSUsCz6KK5Wp%2F%2FyR0%2BlY%2FXIMBELrtvtNA%3D%3D"}]}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:31 GMT
content-type
text/css; charset=utf-8
vary
accept-encoding
priority
u=0,i=?0
cache-control
public, max-age=1382400, must-revalidate
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
speculation-rules
"/cdn-cgi/speculation"
referrer-policy
strict-origin-when-cross-origin
cf-ray
9c1e48f11985bd93-LHR
access-control-allow-origin
*
server
cloudflare
ads-642.js
s.nitropay.com/ 		741 KB
246 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.nitropay.com/ads-642.js
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.2.78 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fde7231d856faef46de3f4947cecc117d281c0f49ce893d3f6bf281b81894f88
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Type
x-goog-meta-goog-reserved-file-mtime
1767720262
content-encoding
gzip
cf-cache-status
HIT
etag
W/"79ca57719dcc3528bf7ac715309b3abf:1769021553000:CH"
age
55304
x-goog-hash
crc32c=hYcqJA==, md5=ecpXcZ3MNSi/escVMJs6vw==
x-goog-stored-content-encoding
identity
expires
Thu, 21 Jan 2027 18:52:48 GMT
alt-svc
h3=":443"; ma=86400
x-goog-stored-content-length
753672
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
text/javascript
last-modified
Wed, 21 Jan 2026 18:52:33 GMT
vary
Accept-Encoding
priority
u=3,i=?0
x-guploader-uploadid
AJRbA5UonOW8aNpn6fF81ZssqcUO0LMVadtlRQFF05Beaj7H3dp6hvtln4pF2zib0OQlT-s
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
private, max-age=600
x-goog-storage-class
MULTI_REGIONAL
cf-ray
9c1e48f1df3dcd34-LHR
access-control-allow-origin
*
x-goog-generation
1767721151819550
server
cloudflare
main.js
leekduck.com/assets/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://leekduck.com/assets/js/main.js?v=1.70
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
106713926e9831a5ff28f5fca6d2b3bdd11c1366ce595fe5f61869cd26bc3fb1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"922e1007242e5cafc71f94aed45443e8"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=59FGQ8NbOOZzoW2GfZtI2UclDiu6OQhPt3kBnbutdCA1YEwY%2FmuvBAJDbeEU2qb4Qewup5OzPhz9%2FsAUmMWlqbFTwds9WuNSZ%2Bwatw%3D%3D"}]}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:31 GMT
content-type
application/javascript
vary
accept-encoding
priority
u=1,i=?0
cache-control
public, max-age=1382400, must-revalidate
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
speculation-rules
"/cdn-cgi/speculation"
referrer-policy
strict-origin-when-cross-origin
cf-ray
9c1e48f12988bd93-LHR
access-control-allow-origin
*
server
cloudflare
sticky-ad-handler.js
leekduck.com/assets/js/ 		805 B
916 B 		Script
General
Check archive.org
Download Go to
Full URL
https://leekduck.com/assets/js/sticky-ad-handler.js?v=2
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
67261bc7425cd3c95041a0a46ae30412df9878e9b58fc233f5859f36e6c7a4df
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"6795fac7b08a09ab77c41af95a52ebf8"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=gnF4wkaAtEVGGbs%2FJ6VafduX03OR6uklprgu%2BpyYPfLYkMhwcVcwMLnnGb28zTK26Y3CPoYerDk9%2F%2Bs0YDMfbEC3PgUSFQ0of8wRrQ%3D%3D"}]}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:31 GMT
content-type
application/javascript
vary
accept-encoding
priority
u=1,i=?0
cache-control
public, max-age=1382400, must-revalidate
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
speculation-rules
"/cdn-cgi/speculation"
referrer-policy
strict-origin-when-cross-origin
cf-ray
9c1e48f12989bd93-LHR
access-control-allow-origin
*
server
cloudflare
v1.js
embed.twitch.tv/embed/ 		26 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://embed.twitch.tv/embed/v1.js
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.167 , United States, ASN54113 (FASTLY - Fastly, Inc., US),
Reverse DNS
Software
Kestrel /
Resource Hash
922251094bc0c211bd4dffdfd8bcd77b5fc6197e2f32946fc997d3a665cbb4b8
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

Content-Encoding
gzip
ETag
"7f34add942635c82304b889a20b684c0"
Age
1
X-Content-Type-Options
nosniff
X-Cache
HIT
Date
Thu, 22 Jan 2026 10:14:31 GMT
Content-Type
application/x-javascript
X-Served-By
cache-fra-eddf8230098-FRA
X-Cache-Hits
1
Vary
Access-Control-Request-Headers, Access-Control-Request-Method, Origin, Accept-Encoding
Strict-Transport-Security
max-age=300
X-Timer
S1769076872.993515,VS0,VE1
Connection
keep-alive
Via
1.1 varnish
Accept-Ranges
bytes
Content-Length
7967
Release-Type
release
X-XSS-Protection
1; mode=block
Server
Kestrel
twitch-player.js
leekduck.com/assets/js/ 		674 B
954 B 		Script
General
Check archive.org
Download Go to
Full URL
https://leekduck.com/assets/js/twitch-player.js
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
23b229024a07f3f17fbb28eeeb00aa7e8e504a42ebcb0847e855255bc7a90471
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"5606a8baf0ba89b39875050bd8fe3616"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=TRv4I%2Fin5ZRkOTceFg7%2BGNaKz7zaHxdHP4%2F58PnKp542oGd12l07FgiKsiOM%2BkDgUmoXMWrgye5BYZeGILkeDym2tljtcfsIp%2BRAXmDP88ZWKzp0u%2BUeQA%3D%3D"}]}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:31 GMT
content-type
application/javascript
vary
accept-encoding
priority
u=3,i=?0
cache-control
public, max-age=1382400, must-revalidate
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
speculation-rules
"/cdn-cgi/speculation"
referrer-policy
strict-origin-when-cross-origin
cf-ray
9c1e48f1898cbd93-LHR
access-control-allow-origin
*
server
cloudflare
js
www.googletagmanager.com/gtag/ 		427 KB
144 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-35E44WDJ8H
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
23745b761b33fb7d38e3242a020f04077786271ac859772d2f268b09dd4ec1e5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
content-encoding
zstd
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
expires
Thu, 22 Jan 2026 10:14:31 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
147329
date
Thu, 22 Jan 2026 10:14:31 GMT
x-xss-protection
0
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
Google Tag Manager
access-control-allow-headers
Cache-Control
beacon.min.js
static.cloudflareinsights.com/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5049 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

cache-control
public, max-age=86400
content-encoding
gzip
etag
W/"2024.6.1"
cross-origin-resource-policy
cross-origin
cf-ray
9c1e48f1fa2c5630-LHR
access-control-allow-origin
*
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
text/javascript;charset=UTF-8
last-modified
Thu, 06 Jun 2024 15:52:56 GMT
vary
Accept-Encoding
server
cloudflare
vcd15cbe7772f49c399c6a5babf22c1241717689176015
static.cloudflareinsights.com/beacon.min.js/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5049 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Origin
https://leekduck.com
Referer
https://leekduck.com/

Response headers

cache-control
public, max-age=86400
content-encoding
gzip
etag
W/"2024.6.1"
cross-origin-resource-policy
cross-origin
cf-ray
9c1e48f1fcc757a1-LHR
access-control-allow-origin
*
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
text/javascript;charset=UTF-8
last-modified
Thu, 06 Jun 2024 15:52:56 GMT
vary
Accept-Encoding
server
cloudflare
icons-nav.svg
cdn.leekduck.com/assets/img/icons/ 		2 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.leekduck.com/assets/img/icons/icons-nav.svg?v5
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4953 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5aec17592075b8ab6a45b225bd5ee7ae4261e2f13547371013659b9cce679aa9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

access-control-expose-headers
Content-Type,ETag,Last-Modified
content-encoding
br
cf-cache-status
HIT
etag
W/"8606bd2c14ee946ab13d1a01eba50e33"
age
7052
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=dlIhKLNgzz4DXMvhdIdrDGZcKJ00yc1yKginxaGFo%2B4NCbakD2mJcwTZVm2sMBsDkAcOQ3M3dTbCwleDZsAy4kOj8avgmz3fh5cDRZkzsG%2B%2FhXSVQwu9q18FTw%3D%3D"}]}
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
image/svg+xml
last-modified
Wed, 15 Oct 2025 07:30:07 GMT
vary
Origin, Accept-Encoding
cache-control
max-age=1382400
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
speculation-rules
"/cdn-cgi/speculation"
cf-ray
9c1e48f249dab84d-LHR
access-control-allow-origin
*
server
cloudflare
icons-pgo.svg
cdn.leekduck.com/assets/img/icons/ 		12 KB
6 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.leekduck.com/assets/img/icons/icons-pgo.svg?v2
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4953 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4373796128fe0bb9b1b43f1f02595218e145b41df76f50c7c22fbeac57c1a861

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

access-control-expose-headers
Content-Type,ETag,Last-Modified
content-encoding
br
cf-cache-status
HIT
etag
W/"4aa281239e88d229e2160f0199aa36b4"
age
2440
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=KMNS8fUmoUsSKjCZZbRNkxUs2mfU88B2esO3II3wrep%2Fn4SruZD%2F8CwKsrg98UKDPblpIxr9C8zDpSGGCONC9JQwCY1SdRaW%2FyLrs83f7zD2oBZwft6yalsXFA%3D%3D"}]}
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
image/svg+xml
last-modified
Wed, 15 Oct 2025 07:30:06 GMT
vary
Origin, Accept-Encoding
cache-control
max-age=1382400
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
speculation-rules
"/cdn-cgi/speculation"
cf-ray
9c1e48f249dbb84d-LHR
access-control-allow-origin
*
server
cloudflare
icons-socials.svg
cdn.leekduck.com/assets/img/icons/ 		6 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.leekduck.com/assets/img/icons/icons-socials.svg
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4953 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
60e6860ceca7d5356170710d5eda99debc078e246d46e58f9b240e5410aaa9cf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

access-control-expose-headers
Content-Type,ETag,Last-Modified
content-encoding
br
cf-cache-status
HIT
etag
W/"cc5ce5c17d8ad2911d7f08f7dafa2c91"
age
927
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=5RET9HAUtozgo6ss19X%2BQ36QDS3Oz6%2BWVc4Knb2%2FrY7afDjfma%2Fuiujfy%2Fk3VctdRpLNn3egl45TD8O%2B%2FrkXyGe%2B1kOATyKg5uM8tKwT%2BkR7jHUM4N2zCaEmFg%3D%3D"}]}
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
image/svg+xml
last-modified
Wed, 15 Oct 2025 07:29:56 GMT
vary
Origin, Accept-Encoding
cache-control
max-age=1382400
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
speculation-rules
"/cdn-cgi/speculation"
cf-ray
9c1e48f249d9b84d-LHR
access-control-allow-origin
*
server
cloudflare
1.gif
s.nitropay.com/ 		42 B
905 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.nitropay.com/1.gif?0.2696413498146597&adslot=
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.2.78 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-goog-metageneration
3
access-control-expose-headers
Content-Type
x-goog-hash
crc32c=ljrbyA==, md5=2JdGiI2i2VELZKnwMers1Q==
cf-cache-status
HIT
etag
"d89746888da2d9510b64a9f031eaecd5"
age
146114
x-goog-stored-content-encoding
identity
expires
Tue, 27 Jan 2026 17:39:17 GMT
alt-svc
h3=":443"; ma=86400
x-goog-stored-content-length
42
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:31 GMT
x-goog-custom-time
1970-01-01T00:00:00Z
content-type
image/gif
last-modified
Fri, 22 Jan 2021 08:58:45 GMT
vary
Accept-Encoding
priority
u=3,i
x-guploader-uploadid
AHVrFxMnutTt9e2LmFX5hGHUcjKSVvcog5fl2BeZHtyj3bHrHm-_E6wX71b12Cxx_mXBZtDOiRHL6m8
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
public, max-age=604800
x-goog-meta-
x-goog-storage-class
MULTI_REGIONAL
cf-ray
9c1e48f1df3ccd34-LHR
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1611305925409947
content-length
42
server
cloudflare
go-fest-2026-save-the-date.jpg
leekduck.com/assets/img/posts/2025/2025-12-09-pokemon-go-fest-2026-save-the-date/ 		164 KB
164 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://leekduck.com/assets/img/posts/2025/2025-12-09-pokemon-go-fest-2026-save-the-date/go-fest-2026-save-the-date.jpg
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0969a3f94abf6f56fabba8d8481518347ee147efad7f5f4bbc82cd4776f5716f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

cf-cache-status
REVALIDATED
etag
"5c6e9062bc72d9de29b7f23eb3eaabf7"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=brOFaS5eHKY6t2qxjNhIp39VL9Pd4yU4KqayAysWt6Rio%2BPJeC7lVVITg89bMLzSJBJR7TDWqaqQf28l6MyI49QBzUIzU4AM%2FO%2FRo4HjVs0kop7CQSyg%2Fg%3D%3D"}]}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:31 GMT
content-type
image/jpeg
vary
accept-encoding
priority
u=3,i
cache-control
public, max-age=1382400, must-revalidate
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
speculation-rules
"/cdn-cgi/speculation"
referrer-policy
strict-origin-when-cross-origin
cf-ray
9c1e48f1998dbd93-LHR
accept-ranges
bytes
access-control-allow-origin
*
content-length
167722
server
cloudflare
forever-friends.jpg
leekduck.com/assets/img/posts/2025/2025-12-08-forever-friends-remote-trade/ 		105 KB
105 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://leekduck.com/assets/img/posts/2025/2025-12-08-forever-friends-remote-trade/forever-friends.jpg
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
205f1176122f36abf4137ffd97b5d492313abf169aed39a4b566d1f579bbd01c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

cf-cache-status
REVALIDATED
etag
"28fd96c674285691f56ae3e13ae10200"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=G69lOhy1xBaKlsVfOLwlZmIo9uvuagRh1AQonRbBhHRaYwZORNMsXOmqw%2Fwg5VDvDkawFDb7UQY2KfQITjF3p35ftAX0aIaa6Ve%2FUTl9Z%2BclQEXnKQ56Eg%3D%3D"}]}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:31 GMT
content-type
image/jpeg
vary
accept-encoding
priority
u=3,i
cache-control
public, max-age=1382400, must-revalidate
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
speculation-rules
"/cdn-cgi/speculation"
referrer-policy
strict-origin-when-cross-origin
cf-ray
9c1e48f1998ebd93-LHR
accept-ranges
bytes
access-control-allow-origin
*
content-length
107111
server
cloudflare
thumbnail.jpg
leekduck.com/assets/img/posts/2025/2025-11-14-your-last-minute-guide-to-pokemon-go-wild-area-global/ 		161 KB
162 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://leekduck.com/assets/img/posts/2025/2025-11-14-your-last-minute-guide-to-pokemon-go-wild-area-global/thumbnail.jpg
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf6492d4a9d5e820160e6a4375e8441d12d8d304e9599fef5da52f71b7318439
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

cf-cache-status
REVALIDATED
etag
"9d176dc62c005ffc724eb742dfe62874"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2BPjVPSWG34M32Gz8C3P6%2BrrrBXr7v0F%2F4%2FJ0VtqvuC8t1nOQSS3CBwZJwH6qExdQFrK8PGOaKq5p95BVhvyiZAPgjVGg7GsxLyWHONxsKt2KbgYjmkQ%3D"}]}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:31 GMT
content-type
image/jpeg
vary
accept-encoding
priority
u=3,i
cache-control
public, max-age=1382400, must-revalidate
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
speculation-rules
"/cdn-cgi/speculation"
referrer-policy
strict-origin-when-cross-origin
cf-ray
9c1e48f1998fbd93-LHR
accept-ranges
bytes
access-control-allow-origin
*
content-length
165225
server
cloudflare
level-80-update-details.jpg
leekduck.com/assets/img/posts/2025/2025-10-13-pokemon-go-level-80-update-details/ 		174 KB
174 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://leekduck.com/assets/img/posts/2025/2025-10-13-pokemon-go-level-80-update-details/level-80-update-details.jpg
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
340650a5e544565b8ee13d75b7440a72adf2cee6956dcbc7f28051703ec63351
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

cf-cache-status
REVALIDATED
etag
"16ae63f45a09dc2dd024d78a3a9b7e60"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=ypyJnR1ADTEcMGuTJs7tr9EHkvA4oI5V7Sq%2BxiW%2BEESktVpbhm8RJkmcYEWareQ1WDI9t53B9I1jk2zbT3Qnn2Ox8QlxBMFXRbNMOw%3D%3D"}]}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:31 GMT
content-type
image/jpeg
vary
accept-encoding
priority
u=3,i
cache-control
public, max-age=1382400, must-revalidate
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
speculation-rules
"/cdn-cgi/speculation"
referrer-policy
strict-origin-when-cross-origin
cf-ray
9c1e48f19990bd93-LHR
accept-ranges
bytes
access-control-allow-origin
*
content-length
177973
server
cloudflare
weekly-challenges.jpg
leekduck.com/assets/img/posts/2025/2025-10-09-weekly-challenges/ 		132 KB
132 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://leekduck.com/assets/img/posts/2025/2025-10-09-weekly-challenges/weekly-challenges.jpg
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
068a43bc220f431e976a11bff49ea94140d4e3561c571fc9b7842050ae40d536
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

cf-cache-status
REVALIDATED
etag
"31baa774fa62edaf568bdc70027644ec"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=X5GdupmZkfPOWEIeAB7nb%2Fc1Pfm8FqvpCc1hI71RIZ1v8E5GJgROnGbN9pNf5QyC7OVRFfSUev9BqOrHQXFadCNo4JN1xBBkN670iw%3D%3D"}]}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:31 GMT
content-type
image/jpeg
vary
accept-encoding
priority
u=3,i
cache-control
public, max-age=1382400, must-revalidate
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
speculation-rules
"/cdn-cgi/speculation"
referrer-policy
strict-origin-when-cross-origin
cf-ray
9c1e48f19991bd93-LHR
accept-ranges
bytes
access-control-allow-origin
*
content-length
134926
server
cloudflare
dittodisguises-halftone.jpg
leekduck.com/assets/img/posts/2020/2020-02-10-find-ditto/ 		305 KB
306 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://leekduck.com/assets/img/posts/2020/2020-02-10-find-ditto/dittodisguises-halftone.jpg
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
62227a6f6db5dc512ddae42343e327289b8409e1ee4cc3204ddc99d206e9cf4a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

cf-cache-status
REVALIDATED
etag
"3d164f6489b4a55ba27df7abe7214bd6"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=dT0hvVOcpMfpNy9g3CSF5BCQZG2fNIpy8aJVdkQkthg1PrfLTd2IkIpk6Hk6eJT%2F9ZiS9rXRWBOyb1ji0Rci9d8UGrxfnxWDJ93O3w%3D%3D"}]}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:31 GMT
content-type
image/jpeg
vary
accept-encoding
priority
u=3,i
cache-control
public, max-age=1382400, must-revalidate
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
speculation-rules
"/cdn-cgi/speculation"
referrer-policy
strict-origin-when-cross-origin
cf-ray
9c1e48f19992bd93-LHR
accept-ranges
bytes
access-control-allow-origin
*
content-length
312297
server
cloudflare
normal.woff2
leekduck.com/cf-fonts/s/lato/5.0.18/latin/700/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://leekduck.com/cf-fonts/s/lato/5.0.18/latin/700/normal.woff2
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Origin
https://leekduck.com
Referer
https://leekduck.com/

Response headers

nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control
public, max-age=31536000, immutable
cf-cache-status
HIT
speculation-rules
"/cdn-cgi/speculation"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=mPRYK4wbhwgaI1pfvwx60X7MZhBN5O8Qbgyrc7ndkTBUKYEwjiao4vLezLdfVVL7ePZt3kL5bLh0V9cCbVAiKE5MgkoV0kcorvp%2B"}]}
cf-ray
9c1e48f1a993bd93-LHR
server-timing
cfExtPri
content-length
23040
date
Thu, 22 Jan 2026 10:14:31 GMT
content-type
font/woff2
vary
accept-encoding
server
cloudflare
priority
u=0,i=?0
italic.woff2
leekduck.com/cf-fonts/s/lato/5.0.18/latin/700/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://leekduck.com/cf-fonts/s/lato/5.0.18/latin/700/italic.woff2
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c84348296ebe2e2a0830c3962eb02156419d9bc76371c2eadaf7329d827d550

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Origin
https://leekduck.com
Referer
https://leekduck.com/

Response headers

nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control
public, max-age=31536000, immutable
cf-cache-status
HIT
speculation-rules
"/cdn-cgi/speculation"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=9i50uRzyHgBWZIWOB9Bgh7a8tPRbJSxwEz8HK%2BF2GH9rTcbWDOorS0mn0RfGhKMIwllxEKVkOJStNDorD3QTokTI6oYEBvG0QuNa"}]}
cf-ray
9c1e48f1a995bd93-LHR
server-timing
cfExtPri
content-length
24448
date
Thu, 22 Jan 2026 10:14:31 GMT
content-type
font/woff2
vary
accept-encoding
server
cloudflare
priority
u=0,i=?0
normal.woff2
leekduck.com/cf-fonts/s/lato/5.0.18/latin/400/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://leekduck.com/cf-fonts/s/lato/5.0.18/latin/400/normal.woff2
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Origin
https://leekduck.com
Referer
https://leekduck.com/

Response headers

nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control
public, max-age=31536000, immutable
cf-cache-status
HIT
speculation-rules
"/cdn-cgi/speculation"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=bIXT%2FCtIV549uqUN0OSnvIxfC5xeIM%2FMlXRNZMQSEXcVfDzxjxUCvPeormvmUh38FkK5Z4eOL8IQ1JLMj%2FMuH8wQYUh4IcZ%2ByNof"}]}
cf-ray
9c1e48f1a994bd93-LHR
server-timing
cfExtPri
content-length
23580
date
Thu, 22 Jan 2026 10:14:31 GMT
content-type
font/woff2
vary
accept-encoding
server
cloudflare
priority
u=0,i=?0
collect
region1.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-35E44WDJ8H&gtm=45je61k2v9102328408za200zd9102328408&_p=1769076871913&gcd=13l3l3l3l1l1&npa=0&dma=0&cid=2041332112.1769076872&ul=de-ch&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&tag_exp=103116026~103200004~104527906~104528501~104684208~104684211~105391253~115616986~115938465~115938468~117025848~117041587&sid=1769076872&sct=1&seg=0&dl=https%3A%2F%2Fleekduck.com%2F&dt=Leek%20Duck%20%7C%20Pok%C3%A9mon%20GO%20News%20and%20Resources&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=450
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-35E44WDJ8H
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:112:0
report-to
{"group":"ascnsrsggc:112:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:112:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://leekduck.com
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:112:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
text/plain
server
Golfe2
td
www.googletagmanager.com/ 		0
430 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.googletagmanager.com/td?id=G-35E44WDJ8H&v=3&t=t&pid=1491643774&seq=1&exp=103116026~103200004~104527906~104528501~104684208~104684211~105391253~115616986~115938465~115938468~117025848~117041587&dl=leekduck.com%2F&tdp=G-35E44WDJ8H;102328408;0;0;0&frm=0&rtg=102328408&slo=4&hlo=14&lst=3&bt=0&ct=3&z=0
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
report-to
{"group":"ascnsrsgtc:46:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgtc:46:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgtc:46:0
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsgtc:46:0
content-length
0
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
text/plain
server
Golfe2
f
floors.nitropay.com/ 		2 B
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://floors.nitropay.com/f?s=642&c=CH&v=2
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.144.25 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
25.144.244.35.bc.googleusercontent.com
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

content-encoding
gzip
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
26
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
application/json
vary
Origin
ats.js
ats-wrapper.privacymanager.io/ats-modules/438cb908-ed61-41e9-b716-05d5f4122a64/ 		123 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ats-wrapper.privacymanager.io/ats-modules/438cb908-ed61-41e9-b716-05d5f4122a64/ats.js
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.48 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-33-187-48.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4fb574c0ac9e73149f427d9db648f7b977a92479dee6ab861abe2d4b80db0b03

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

vary
accept-encoding
cache-control
must-revalidate,public,max-age=3600
content-encoding
gzip
x-amz-version-id
X1hAqG0R0_G3lNGgOEFQ7eIv51x6WrQN
etag
W/"9e611e3fb52251e2897472848a778ee7"
age
2006
via
1.1 2ad26f5878b778b17955978bf962dc9a.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
v2mKrPNeMtI0FUi5_jxBnbtWyCjQKZ_KGbzngWzCuQPDYcJNFB5YDg==
date
Thu, 22 Jan 2026 09:41:07 GMT
content-type
application/javascript
last-modified
Tue, 13 Jan 2026 10:56:37 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
x-amz-server-side-encryption
AES256
config.js
cdn.confiant-integrations.net/QwN0KdjTe-a-6y-70Vps9qMqCzM/gpt_and_prebid/ 		319 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.confiant-integrations.net/QwN0KdjTe-a-6y-70Vps9qMqCzM/gpt_and_prebid/config.js
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.144.166 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
45db7177547198fc5c263787410d33f35112e1510723c80ec6b204fc70c705e8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"fde8ee3432d228d0e18a5cedbc9d9c43"
age
819
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
text/javascript
last-modified
Thu, 22 Jan 2026 09:55:02 GMT
vary
accept-encoding
priority
u=3,i=?0
x-amz-id-2
J/NF0Y6dK5/Bd5LoX80EDfQIeotgGc5IqdmO2Hxk1W8bismmdNVJLwmIrno+5gvBshCfuT1qXKw=
cache-control
public, max-age=900, stale-while-revalidate=3600
cf-ray
9c1e48f418b5774a-LHR
x-amz-request-id
BDXS31GS5232RSSX
accept-ranges
bytes
content-length
65997
server
cloudflare
x-amz-server-side-encryption
AES256
beacon.js
sb.scorecardresearch.com/internal-cs/default/
Redirect Chain
  • https://sb.scorecardresearch.com/cs/20631572/beacon.js
  • https://sb.scorecardresearch.com/internal-cs/default/beacon.js
21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/internal-cs/default/beacon.js
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H2
Server
18.244.18.122 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-18-244-18-122.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7b21bbb8ef971401ae80a3877b20405f18623e70111a65f0503458ea623255ce

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

vary
accept-encoding
cache-control
max-age=86400
content-encoding
gzip
etag
W/"3f6dea365716e8ba82711013483c4d83"
age
19186
via
1.1 93f1c701362eb59a676baaac7ea81bd8.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
D-sZUhgp83W-9F5xfdtLgj9RvLSdFrBHNMvu2_n-Y6B1WN35P1FEiA==
date
Thu, 22 Jan 2026 04:54:47 GMT
content-type
text/javascript
last-modified
Mon, 08 Sep 2025 12:31:10 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P11
x-amz-server-side-encryption
AES256

Redirect headers

location
/internal-cs/default/beacon.js
accept-ch
UA, Platform, Arch, Model, Mobile
via
1.1 93f1c701362eb59a676baaac7ea81bd8.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
inJWonCzgniFvn7gpo4-dbGL6hTZ1ZWCmqQNYZ6Av3slhKvNYtcO1A==
date
Thu, 22 Jan 2026 10:14:32 GMT
x-amz-cf-pop
FRA56-P11
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		105 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.2 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra24s22-in-f2.1e100.net
Software
cafe /
Resource Hash
dc936176ef07f40e3732d2b6a95c653786e91e9d692d31a943419cbed28ed54a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

content-encoding
br
etag
206 / 20475 / 31096356 / config-hash: 7229507952594656794
x-content-type-options
nosniff
expires
Thu, 22 Jan 2026 10:14:32 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
34108
x-xss-protection
0
server
cafe
ads-video.c740523671257b19988c.js
s.nitropay.com/ 		0
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://s.nitropay.com/ads-video.c740523671257b19988c.js
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.2.78 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Sec-Purpose
prefetch
Referer
https://leekduck.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Type
x-goog-meta-goog-reserved-file-mtime
1767720118
content-encoding
gzip
cf-cache-status
HIT
etag
W/"d48e9114106c014479a2c5f951aad504"
age
1355717
x-goog-hash
crc32c=qwR2FA==, md5=1I6RFBBsAUR5osX5UarVBA==
x-goog-stored-content-encoding
identity
expires
Wed, 06 Jan 2027 17:39:15 GMT
alt-svc
h3=":443"; ma=86400
x-goog-stored-content-length
962
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
text/javascript
last-modified
Tue, 06 Jan 2026 17:38:35 GMT
vary
Accept-Encoding
priority
u=4,i
x-guploader-uploadid
AHVrFxO5-se4SreCjK-vnp52Fn2M0Q-xLI_hdcyc2gzQP_trsstSvShcQo8AJViutvgP3fydAfwjKtg
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
public, max-age:43200
x-goog-storage-class
MULTI_REGIONAL
cf-ray
9c1e48f488dfcd34-LHR
access-control-allow-origin
*
x-goog-generation
1767721115417243
server
cloudflare
ads-standalone.3b313a8b36833b85aa35.js
s.nitropay.com/ 		0
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://s.nitropay.com/ads-standalone.3b313a8b36833b85aa35.js
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.2.78 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Sec-Purpose
prefetch
Referer
https://leekduck.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Type
x-goog-meta-goog-reserved-file-mtime
1767720118
content-encoding
gzip
cf-cache-status
HIT
etag
W/"af753b4d52e6bd5f9bf4b21060a29770"
age
1355716
x-goog-hash
crc32c=+ftBRA==, md5=r3U7TVLmvV+b9LIQYKKXcA==
x-goog-stored-content-encoding
identity
expires
Wed, 06 Jan 2027 17:39:15 GMT
alt-svc
h3=":443"; ma=86400
x-goog-stored-content-length
7688
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
text/javascript
last-modified
Tue, 06 Jan 2026 17:38:35 GMT
vary
Accept-Encoding
priority
u=4,i
x-guploader-uploadid
AHVrFxMqy8K22xnafm98oW1qvrhcUsmO8jxSiBc3S6TKlap9b_9wJc2UF7jLAQxGMvEypzMCoz2Jcfk
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
public, max-age:43200
x-goog-storage-class
MULTI_REGIONAL
cf-ray
9c1e48f488e1cd34-LHR
access-control-allow-origin
*
x-goog-generation
1767721115448405
server
cloudflare
1.gif
s.nitropay.com/ 		42 B
651 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.nitropay.com/1.gif?x=1&adslot=
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.2.78 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-goog-metageneration
3
access-control-expose-headers
Content-Type
x-goog-hash
crc32c=ljrbyA==, md5=2JdGiI2i2VELZKnwMers1Q==
cf-cache-status
HIT
etag
"d89746888da2d9510b64a9f031eaecd5"
age
146115
x-goog-stored-content-encoding
identity
expires
Tue, 27 Jan 2026 17:39:17 GMT
alt-svc
h3=":443"; ma=86400
x-goog-stored-content-length
42
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:32 GMT
x-goog-custom-time
1970-01-01T00:00:00Z
content-type
image/gif
last-modified
Fri, 22 Jan 2021 08:58:45 GMT
vary
Accept-Encoding
priority
u=3,i
x-guploader-uploadid
AHVrFxMnutTt9e2LmFX5hGHUcjKSVvcog5fl2BeZHtyj3bHrHm-_E6wX71b12Cxx_mXBZtDOiRHL6m8
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
public, max-age=604800
x-goog-meta-
x-goog-storage-class
MULTI_REGIONAL
cf-ray
9c1e48f488e2cd34-LHR
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1611305925409947
content-length
42
server
cloudflare
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202601200101/ 		617 KB
194 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202601200101/pubads_impl.js?cb=31096356
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.2 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra24s22-in-f2.1e100.net
Software
cafe /
Resource Hash
45c1032d6f77a386e88ce0a5cf7b81d63d9bbe5c07c4ab8689fc8ce519c45b78
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

content-encoding
br
etag
12654780599511268250
age
39210
x-content-type-options
nosniff
expires
Thu, 21 Jan 2027 23:21:02 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 21 Jan 2026 23:21:02 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
199043
x-xss-protection
0
server
cafe
/
geo.privacymanager.io/ 		30 B
430 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://geo.privacymanager.io/
Requested by
Host: ats-wrapper.privacymanager.io
URL: https://ats-wrapper.privacymanager.io/ats-modules/438cb908-ed61-41e9-b716-05d5f4122a64/ats.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.84 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-18-245-86-84.fra60.r.cloudfront.net
Software
/
Resource Hash
e9ceb96b2aff7b757c9c2507a1e8a1d2b40ddea4fadcb17839cda3e5020bd7ab

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-amz-apigw-id
XiyUXFrZDoEErug=
age
64211
x-amzn-trace-id
Root=1-6970fdb5-163ecc607967fa5e0f38a5fa;Parent=4956335bbb47a14f;Sampled=0;Lineage=1:19b60b79:0
x-amzn-requestid
99ba525a-ec2c-4834-935d-942dfef36b80
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Hit from cloudfront
content-length
30
x-amz-cf-id
OmJIMijXAWdbw4Ml7i2QZ3hKz14gQnLvxPR4emrLQ7lUdtmZ9kowCg==
date
Wed, 21 Jan 2026 16:24:21 GMT
content-type
application/json
x-amz-cf-pop
FRA60-P6
gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202601200101/ 		64 KB
23 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/dict/m202601200101/gpt
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.2 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra24s22-in-f2.1e100.net
Software
cafe /
Resource Hash
915b03c72aa710d3ad578d0899d81200b357f685c0dbd680d775b9f65e235818
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
br
etag
6987571020048426623
age
31789
x-content-type-options
nosniff
expires
Thu, 29 Jan 2026 01:24:43 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Thu, 22 Jan 2026 01:24:43 GMT
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
23936
x-xss-protection
0
server
cafe
use-as-dictionary
match="/gampad/ads", id="m202601200101"
ads-arcspan.8fc7578a2d00f8aa7a18.js
s.nitropay.com/ 		652 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.nitropay.com/ads-arcspan.8fc7578a2d00f8aa7a18.js
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.2.78 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d51cc4c1338720545dc666f4df3fe1a78b2e9d97058dad6afe5c9353b60312c
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Type
x-goog-meta-goog-reserved-file-mtime
1767720118
content-encoding
gzip
cf-cache-status
HIT
etag
W/"cbe2f3d8d7a18d0914dc44bd15c0d5df"
age
1355716
x-goog-hash
crc32c=ANbcIA==, md5=y+Lz2NehjQkU3ES9FcDV3w==
x-goog-stored-content-encoding
identity
expires
Wed, 06 Jan 2027 17:39:15 GMT
alt-svc
h3=":443"; ma=86400
x-goog-stored-content-length
652
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
text/javascript
last-modified
Tue, 06 Jan 2026 17:38:35 GMT
vary
Accept-Encoding
priority
u=3,i=?0
x-guploader-uploadid
AHVrFxP9GkPxbUnI9EqalDfo3FQBM2JYA_Mh-9pBQhNsHyrlcXW8T3Vf-XSGFBvamBs9ASa8
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
public, max-age:43200
x-goog-storage-class
MULTI_REGIONAL
cf-ray
9c1e48f4c904cd34-LHR
access-control-allow-origin
*
x-goog-generation
1767721115216163
server
cloudflare
ads-captify.2015da149c7dcef90582.js
s.nitropay.com/ 		892 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.nitropay.com/ads-captify.2015da149c7dcef90582.js
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.2.78 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
eeaf94da90366254c9bd9e785dd8885dc14eb2802b41626208d111aea09c8fdb
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Type
x-goog-meta-goog-reserved-file-mtime
1767720118
content-encoding
gzip
cf-cache-status
HIT
etag
W/"a84a120fe9e7fc2d94e23f9507c5d848"
age
1355715
x-goog-hash
crc32c=5Q7mFw==, md5=qEoSD+nn/C2U4j+VB8XYSA==
x-goog-stored-content-encoding
identity
expires
Wed, 06 Jan 2027 17:39:16 GMT
alt-svc
h3=":443"; ma=86400
x-goog-stored-content-length
892
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
text/javascript
last-modified
Tue, 06 Jan 2026 17:38:35 GMT
vary
Accept-Encoding
priority
u=3,i=?0
x-guploader-uploadid
AHVrFxNpRd7d-gvEXFlLSCi_8zY0cpgp5K7u9WFBkFXKwmvQnOqMvrGLINyDdkyNiwOHhV6Tp67og3M
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
public, max-age:43200
x-goog-storage-class
MULTI_REGIONAL
cf-ray
9c1e48f4c905cd34-LHR
access-control-allow-origin
*
x-goog-generation
1767721115225898
server
cloudflare
gpp-61d490e.min.js
s.nitropay.com/ 		227 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.nitropay.com/gpp-61d490e.min.js
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.2.78 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc5521185e7dec9f2c67fdf916d6a81db3ca1d571b1e8d89ffb7dec282e83d31
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Type
content-encoding
gzip
x-goog-hash
crc32c=kd50Hw==, md5=85Xn3RooJE0C7GGraVVcGw==
etag
W/"f395e7dd1a28244d02ec61ab69555c1b"
age
146116
cf-cache-status
HIT
x-goog-stored-content-encoding
identity
expires
Tue, 27 Jan 2026 17:39:16 GMT
alt-svc
h3=":443"; ma=86400
x-goog-stored-content-length
232723
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
text/javascript
last-modified
Mon, 23 Jun 2025 17:15:57 GMT
vary
Accept-Encoding
priority
u=3,i=?0
x-guploader-uploadid
AHVrFxMSyBwHqqjj1QypCvF3zFTnBNa-EXmNQ04XHnv_3SF9Gw_tNV-igN4dUW0h2DawBBkK
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
public, max-age=604800
x-goog-storage-class
MULTI_REGIONAL
cf-ray
9c1e48f4c906cd34-LHR
access-control-allow-origin
*
x-goog-generation
1750698957275780
server
cloudflare
apstag.js
c.amazon-adsystem.com/aax2/ 		343 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.52.91 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-33-52-91.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a51f9930c5a7812959ef9f161970a46a27bbc5602e1965893884091665928272

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

vary
Accept-Encoding
cache-control
max-age=3600
content-encoding
gzip
etag
W/"9399886c4a9a812c17025af482afcddd"
age
3388
via
1.1 fb955bc611b3963fdb8a05aafd1ed6b6.cloudfront.net (CloudFront), 1.1 8cada61dd7719c6c0ad123c11e1964f6.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
uGozvMojuCkItAOY-dok3jJwyIgLbiM2ppeaxa_zG657gyeJEFvTkw==
date
Thu, 22 Jan 2026 09:18:05 GMT
content-type
application/javascript
x-amz-cf-pop
FRA56-P14, FRA56-P15
server
AmazonS3
last-modified
Wed, 14 Jan 2026 22:41:07 GMT
x-amz-server-side-encryption
AES256
p
t.nit.ro/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://t.nit.ro/p?d=QhVodHRwczovL2xlZWtkdWNrLmNvbS9aJDAxOWJlNTMyLWQ0ZjItNzU0YS1iOWM2LTFlM2UwNDIwY2Y5N2ICQ0hqAlpIkgEgYTc3NGJlNWJiNjI0M2I5NjkxNDkwZWJlMGYxZDNiMzGaAQcyZTY4YTJkuAEA0AGCBdgBAeoBDAoGZmxvb3JzEgJvbg%3D%3D
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.144.25 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
25.144.244.35.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 22 Jan 2026 10:14:32 GMT
vary
Origin
tag
btloader.com/ 		148 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://btloader.com/tag?o=6278260873756672&upapi=true
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac42:ab85 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6979c68f0d6e11d157f64514b658d0ff5143ba041358e25b6247684a10069a47

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-robots-tag
noindex, nofollow
cache-control
public, max-age=300, stale-if-error=3600, stale-while-revalidate=300
content-encoding
gzip
cf-cache-status
HIT
etag
"0513e2ca1f57b720df8f2d983bb8c515"
via
1.1 google
cf-ray
9c1e48f57ac39383-LHR
accept-ranges
bytes
access-control-allow-origin
*
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
application/javascript
last-modified
Thu, 22 Jan 2026 09:34:52 GMT
server
cloudflare
vary
Accept-Encoding
/
geo.privacymanager.io/ 		30 B
429 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://geo.privacymanager.io/
Requested by
Host: ats-wrapper.privacymanager.io
URL: https://ats-wrapper.privacymanager.io/ats-modules/438cb908-ed61-41e9-b716-05d5f4122a64/ats.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.84 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-18-245-86-84.fra60.r.cloudfront.net
Software
/
Resource Hash
e9ceb96b2aff7b757c9c2507a1e8a1d2b40ddea4fadcb17839cda3e5020bd7ab

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-amz-apigw-id
XiyUXFrZDoEErug=
age
64211
x-amzn-trace-id
Root=1-6970fdb5-163ecc607967fa5e0f38a5fa;Parent=4956335bbb47a14f;Sampled=0;Lineage=1:19b60b79:0
x-amzn-requestid
99ba525a-ec2c-4834-935d-942dfef36b80
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Hit from cloudfront
content-length
30
x-amz-cf-id
XqVdh5zCaqPyzkXUE0yJ-7gWwti23YG056LapgCAo2aTRoT9XdvMrA==
date
Wed, 21 Jan 2026 16:24:21 GMT
content-type
application/json
x-amz-cf-pop
FRA60-P6
wrap.js
cdn.confiant-integrations.net/gptprebidnative/202601061251/ 		399 KB
141 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.confiant-integrations.net/gptprebidnative/202601061251/wrap.js
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/QwN0KdjTe-a-6y-70Vps9qMqCzM/gpt_and_prebid/config.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.144.166 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
02163fb7bc8b11bc7647ce33c4eaaf5e08d6b8f949613eaddf5d9a4bb5bcf380

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"629408ad42829a011582a82e8d206010"
age
31857
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
application/javascript; charset=utf-8
last-modified
Tue, 06 Jan 2026 17:52:50 GMT
vary
Accept-Encoding
priority
u=3,i=?0
x-amz-id-2
74i33MMTkIvCKQERH6hZLY8tjr7aOlhCJbEE77Kb4eUKrE92gA5bnAaC49BpxYKaYSWx9+XVEZdWplVn7IBZEFDjtnXldcCQ
cache-control
public, max-age=31536000
cf-ray
9c1e48f529a6774a-LHR
x-amz-request-id
2X2EB7S24EE2N8QN
accept-ranges
bytes
content-length
143663
server
cloudflare
x-amz-server-side-encryption
AES256
config.js
cdn.confiant-integrations.net/IKOzVPjtHv3tevs-RDaJOMdtkBI/video/ 		235 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.confiant-integrations.net/IKOzVPjtHv3tevs-RDaJOMdtkBI/video/config.js
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/QwN0KdjTe-a-6y-70Vps9qMqCzM/gpt_and_prebid/config.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.144.166 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8b073656b9f29c4237714b9dc8edc4f1a14796fda9366347b2994bfd7defb7b4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"70aae198b86459330fd58904e1142b47"
age
503
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
text/javascript
last-modified
Thu, 22 Jan 2026 09:57:28 GMT
vary
accept-encoding
priority
u=3,i=?0
x-amz-id-2
a8MTq3TsWKmbunppH4UCCbZWxabt+LY7BMUl5A+3toGm+uQ1i8vQUCEwMhHhrCVJdd7JYJy5EKc=
cache-control
public, max-age=900, stale-while-revalidate=3600
cf-ray
9c1e48f529a8774a-LHR
x-amz-request-id
SMAVEHMWVRT7927J
accept-ranges
bytes
content-length
49609
server
cloudflare
x-amz-server-side-encryption
AES256
additional-consent-providers.csv
consent.nitrocnct.com/ 		107 KB
108 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://consent.nitrocnct.com/additional-consent-providers.csv
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/gpp-61d490e.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e44f6ec86acfe83aca288597bf56662e535055f48fec6083360b1a15d8262499

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Length, Content-Type, Date, Origin, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash
crc32c=46FWvA==, md5=C5ebpuopeCk4sUi4/a0dgg==
cf-cache-status
HIT
etag
"0b979ba6ea29782938b148b8fdad1d82"
age
1481
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=3NNMlS0RD6Np%2FlCsRGa3lvjUtb6JDCC4bthLC%2BIiJTcThWLuxDKf6fq5wX4aQxh2yvXTo3ulHLeQyIbrMqaM1ym43bi8lOi3k%2FiDfFxEYhWjHDAyIA%3D%3D"}]}
x-goog-stored-content-encoding
identity
expires
Thu, 22 Jan 2026 10:46:58 GMT
alt-svc
h3=":443"; ma=86400
x-goog-stored-content-length
109172
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
text/csv
last-modified
Tue, 25 Feb 2025 15:57:30 GMT
vary
accept-encoding
priority
u=1,i
x-guploader-uploadid
ABgVH88KK2qNufQ0kKv8hBcxgUXuxyH9Giq7iuZu1cij54PdiQQcovPF1T-CnPoweaFIh9BT
cache-control
public, max-age=3600
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-goog-storage-class
STANDARD
cf-ray
9c1e48f5d85c45b6-LHR
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1740499050366347
content-length
109172
server
cloudflare
js
www.googletagmanager.com/gtag/ 		0
19 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-35E44WDJ8H&is_td=1&v=3&t=t&pid=1491643774&seq=2&exp=103116026~103200004~104527906~104528501~104684208~104684211~105391253~115616986~115938465~115938468~117025848~117041587&dl=leekduck.com%2F&tdp=G-35E44WDJ8H;102328408;0;0;0&mde=G-35E44WDJ8H;16_1;61_1&mbc=1&z=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-35E44WDJ8H
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.168 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
lcfraa-bt-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
report-to
{"group":"ascnsrsgtc:46:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgtc:46:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgtc:46:0
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsgtc:46:0
content-length
0
date
Thu, 22 Jan 2026 10:14:32 GMT
x-xss-protection
0
content-type
text/plain
server
Google Tag Manager
td
www.googletagmanager.com/ 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.googletagmanager.com/td?id=G-35E44WDJ8H&v=3&t=t&pid=1491643774&seq=2&exp=103116026~103200004~104527906~104528501~104684208~104684211~105391253~115616986~115938465~115938468~117025848~117041587&dl=leekduck.com%2F&tdp=G-35E44WDJ8H;102328408;0;0;0&mde=G-35E44WDJ8H;16_1;61_1&mbc=1&z=0
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.140.168 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
lcfraa-bt-in-f8.1e100.net
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
report-to
{"group":"ascnsrsgtc:46:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgtc:46:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgtc:46:0
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsgtc:46:0
content-length
0
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
text/plain
server
Golfe2
vendor-list-v3.json
consent.nitrocnct.com/ 		758 KB
104 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://consent.nitrocnct.com/vendor-list-v3.json
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/gpp-61d490e.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
586b1560c737fd75a2235200b7f2ddf728d8acf9055d0feccc06518ed0b757fb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-goog-metageneration
2
access-control-expose-headers
Content-Length, Content-Type, Date, Origin, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash
crc32c=pauZQw==, md5=tRWTiyHfjlyOa7wRQtsGQg==
cf-cache-status
HIT
etag
W/"b515938b21df8e5c8e6bbc1142db0642"
age
13108
content-encoding
zstd
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=VEAegv7hdAXJPpn8EKn5%2FaQzXEg9hn%2B0yT6gEHdn2L8Vyu0zBTEUTnzticISLW95Eku8Iv8gh%2Fz1Stt1cwpsSPrHAPevWgCySIEFPKmhSugNNTLh8g%3D%3D"}]}
x-goog-stored-content-encoding
identity
expires
Thu, 29 Jan 2026 06:31:00 GMT
alt-svc
h3=":443"; ma=86400
x-goog-stored-content-length
776011
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
application/json
last-modified
Thu, 15 Jan 2026 16:15:05 GMT
vary
accept-encoding
priority
u=1,i
x-guploader-uploadid
AJRbA5Vna8kPv_NRUgWzSNphgiILMj0QTeKanQILjfW_sAyEnsPYr0g5qGqzMAqFrSfRwj9g
cache-control
public, max-age=604800
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-goog-storage-class
STANDARD
cf-ray
9c1e48f5d85945b6-LHR
access-control-allow-origin
*
x-goog-generation
1768493705786999
server
cloudflare
bid
aax.amazon-adsystem.com/e/dtb/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.4.226 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-108-138-4-226.fra56.r.cloudfront.net
Software
Server /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://leekduck.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
origin,x-requested-with,access-control-request-headers,content-type,access-control-request-method,accept
access-control-allow-methods
POST
access-control-allow-origin
https://leekduck.com
access-control-max-age
1800
content-encoding
gzip
content-length
0
date
Thu, 22 Jan 2026 10:14:32 GMT
server
Server
via
1.1 dc85053069397a282d87170bb1bcab4a.cloudfront.net (CloudFront)
x-amz-cf-id
feQQTdTa_XLv0_JuRnO82HoJ0wJ_Iy2cjj9J_jln4ubX9_ZhnHIEdw==
x-amz-cf-pop
FRA56-P6
x-cache
Miss from cloudfront
da657530-03e5-4306-95bc-d4eb370426c9
config.aps.amazon-adsystem.com/configs/ 		563 B
829 B 		Script
General
Check archive.org
Download Go to
Full URL
https://config.aps.amazon-adsystem.com/configs/da657530-03e5-4306-95bc-d4eb370426c9
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.31.92 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-18-245-31-92.fra56.r.cloudfront.net
Software
CloudFront /
Resource Hash
5e6e0cbd4767a7a9ee530f7cca02450c66746d9f4e29599b9a2f39ddfc89d22e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

cache-control
max-age=3600
age
2671
via
1.1 b7c8b552077b93dc0acaa0b82d11fa62.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
content-length
563
x-amz-cf-id
I_fquuOiVUUFDIu4_WnWnjMG_Y_rJq_sHnpdVS1Y3Eg-jwjtygblLg==
date
Thu, 22 Jan 2026 09:30:01 GMT
content-type
application/javascript
x-amz-cf-pop
FRA56-P8
server
CloudFront
config
c.amazon-adsystem.com/cdn/prod/ 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fleekduck.com&pubid=da657530-03e5-4306-95bc-d4eb370426c9
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.52.91 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-33-52-91.fra56.r.cloudfront.net
Software
Server /
Resource Hash
7e56e68063acd46b391e96c23dd3ea11eb5ff623f192e71be2dcb25b929f6a73

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

cache-control
max-age=21550, s-maxage=21600
age
3170
access-control-allow-credentials
true
via
1.1 8cada61dd7719c6c0ad123c11e1964f6.cloudfront.net (CloudFront)
access-control-allow-origin
https://leekduck.com
x-cache
Hit from cloudfront
content-length
3180
x-amz-cf-id
MqaJKVXol7KgbgJaekbCg40Uyf4jbQV9aGc7nQ0FqSqgXF8RzjEJdQ==
date
Thu, 22 Jan 2026 09:21:41 GMT
content-type
application/json;charset=UTF-8
x-amz-cf-pop
FRA56-P15
server
Server
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.52.91 New York, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-33-52-91.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

access-control-max-age
3000
content-encoding
gzip
x-amz-version-id
r5.lR.LJ66XEXzxUUVo7iMemjL_F_GoE
etag
W/"a4d296427fc806b21335359e398c025c"
age
19746
access-control-allow-methods
GET
x-cache
Hit from cloudfront
x-amz-cf-id
xzbO5wqqxK81GdK_sg3SulzhbVJcuboDKP_E8B1-eAUU7qsSiylaNQ==
date
Thu, 22 Jan 2026 04:45:27 GMT
content-type
application/javascript
vary
Origin,accept-encoding
last-modified
Thu, 29 Feb 2024 02:13:08 GMT
cache-control
public, max-age=86400
via
1.1 173e1f9e40c2df572d404097afea2570.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA56-P15
server
AmazonS3
x-amz-server-side-encryption
AES256
bid
aax.amazon-adsystem.com/e/dtb/ 		248 B
555 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.4.226 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-108-138-4-226.fra56.r.cloudfront.net
Software
Server /
Resource Hash
8d91474a99d8d55bccca3efc4303f20e7b7420224482af35ea7645afd61a6e9e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://leekduck.com/

Response headers

content-encoding
gzip
access-control-allow-credentials
true
via
1.1 bfb5bffe90e3b0e760933a7a07d850ba.cloudfront.net (CloudFront)
access-control-allow-origin
https://leekduck.com
x-cache
Miss from cloudfront
content-length
210
x-amz-cf-id
0X59U2YuzLZrk02E6liH0O6sduHWlFpjBqA9XIzjDbQhyt5e8GBUIA==
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
application/json;charset=UTF-8
vary
Origin
server
Server
x-amz-cf-pop
FRA56-P6
px.gif
ad-delivery.net/ 		43 B
110 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad-delivery.net/px.gif?ch=2&e=0.1755444657377434
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:2f50 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-goog-metageneration
5
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status
HIT
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
age
1480101
x-goog-stored-content-encoding
identity
expires
Fri, 23 Jan 2026 10:14:32 GMT
x-goog-stored-content-length
43
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
image/gif
vary
accept-encoding
last-modified
Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid
ABgVH8_eypAsB0yHA4t-wWK1ceeK_Cfhz3A3Tqr4F-I2lvmr7QbBZ_ByxANtfCif9krfBoY
cache-control
public, max-age=86400
x-goog-storage-class
MULTI_REGIONAL
cf-ray
9c1e48f65bf0d874-LHR
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1620242732037093
content-length
43
server
cloudflare
favicon.ico
ad.doubleclick.net/ 		1 KB
129 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.025338457025094296
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.230 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra24s12-in-f6.1e100.net
Software
sffe /
Resource Hash
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

content-encoding
gzip
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options
nosniff
expires
Fri, 23 Jan 2026 10:14:32 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
image/x-icon
vary
Accept-Encoding
last-modified
Tue, 08 May 2012 13:08:06 GMT
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
content-length
104
x-xss-protection
0
server
sffe
px.gif
ad-delivery.net/ 		43 B
621 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad-delivery.net/px.gif?ch=1&e=0.3262854172156313
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:2f50 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-goog-metageneration
5
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status
HIT
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
age
1480101
x-goog-stored-content-encoding
identity
expires
Fri, 23 Jan 2026 10:14:32 GMT
x-goog-stored-content-length
43
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
image/gif
vary
accept-encoding
last-modified
Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid
ABgVH8_eypAsB0yHA4t-wWK1ceeK_Cfhz3A3Tqr4F-I2lvmr7QbBZ_ByxANtfCif9krfBoY
cache-control
public, max-age=86400
x-goog-storage-class
MULTI_REGIONAL
cf-ray
9c1e48f65beed874-LHR
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1620242732037093
content-length
43
server
cloudflare
dns
ab.dns-finder.com/meta/ 		2 B
233 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ab.dns-finder.com/meta/dns
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.36.200.111 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
111.200.36.34.bc.googleusercontent.com
Software
/
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

cache-control
private, max-age=180, stale-if-error=180, stale-while-revalidate=180
access-control-expose-headers
X-Resolver
x-resolver
default
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
text/plain; charset=utf-8
vary
Origin
trustedIframe.html
btloader.com/ Frame 771B 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://btloader.com/trustedIframe.html?o=6278260873756672&upapi=true
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac42:ab85 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8b1118860dcfdf3b34704d30262803b1cad387dce0e1676e305b8a86cceb853

Request headers

Referer
https://leekduck.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36

Response headers

cache-control
public, max-age=3600, stale-while-revalidate=3600
cf-ray
9c1e48f64ae5d094-LHR
content-encoding
br
content-type
text/html
date
Thu, 22 Jan 2026 10:14:32 GMT
server
cloudflare
vary
accept-encoding
pubcid.min.js
secure.cdn.fastclick.net/js/pubcid/latest/ 		67 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.215.23.105 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-215-23-105.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
45bc6978e281a938d9485dcbf0859159b24e2f7c9b8b0fafc120b9606e0ea8b1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

cache-control
max-age=900
content-encoding
gzip
etag
"10ab4-63a0ee37f7c40-gzip"
expires
Thu, 22 Jan 2026 10:29:32 GMT
accept-ranges
bytes
content-length
21994
date
Thu, 22 Jan 2026 10:14:32 GMT
last-modified
Wed, 16 Jul 2025 17:04:41 GMT
content-type
application/javascript
server
Apache
vary
Accept-Encoding
sync.min.js
tags.crwdcntrl.net/lt/c/16576/ 		43 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/c/16576/sync.min.js
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.244.95 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-226-244-95.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9c266d60e86e7331175b8e240c819b3aac5619946898bd15a2aa0f41a3d649bc

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

vary
Accept-Encoding
cache-control
public, max-age=86400
content-encoding
gzip
etag
W/"fd70b17e043ac76a253c2ea96a42a12a"
age
60565
via
1.1 fa5fdff0565bac70f31c39c016fef732.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
2vb6H0vKau64GO8ZvcvL5wP9rWvHeVG46mjG4M9kyE3oYBz1PWBvpA==
date
Wed, 21 Jan 2026 17:25:08 GMT
content-type
text/javascript
last-modified
Thu, 16 Oct 2025 16:30:39 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P14
x-amz-server-side-encryption
AES256
720
a.ad.gt/api/v1/u/matches/
Redirect Chain
  • https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fleekduck.com%2F&ref=&_it=amazon&partner_id=720
  • https://a.ad.gt/api/v1/u/matches/720?_it=nitro
6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.ad.gt/api/v1/u/matches/720?_it=nitro
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H2
Server
2606:4700:10::ac42:949f -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2363673ba9d1535f1d5ce343a765f5fca7ee48614f15af0ca8cf62bbed974cc

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

cache-control
max-age=7200
content-encoding
gzip
cf-cache-status
HIT
age
5881
cross-origin-resource-policy
cross-origin
cf-ray
9c1e48f76f3f641b-LHR
date
Thu, 22 Jan 2026 10:14:32 GMT
last-modified
Thu, 22 Jan 2026 08:36:31 GMT
content-type
application/javascript
vary
accept-encoding
server
cloudflare

Redirect headers

cf-ray
9c1e48f668bd7743-LHR
location
https://a.ad.gt/api/v1/u/matches/720?_it=nitro
content-length
0
date
Thu, 22 Jan 2026 10:14:32 GMT
vary
accept-encoding
server
cloudflare
id5-api.js
cdn.id5-sync.com/api/1.0/ 		113 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.id5-sync.com/api/1.0/id5-api.js
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:170d -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
29c1a0c5639ae7dc2047019230a7b874d846baa52d689f731ad6e9d189451be2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-amz-id-2
ofnpEGdGV86QJtQKVQ0HEclQ2r8jiWBl7ssJ5C+MYJiiqVWsEbhEYhvH43BeJHouDeJRzs/z9JEO27jRMzWnzCC5d1eOeXBUZfuIEYtW/So=
strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
public, max-age=3600
content-encoding
br
cf-cache-status
HIT
etag
W/"0a5980cb14fca6cc114197f19cf4685d"
age
2632
x-amz-request-id
PNN3XGDENEMXME47
cf-ray
9c1e48f66bd893dc-LHR
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
text/javascript;charset=utf-8
last-modified
Wed, 14 Jan 2026 14:03:06 GMT
vary
accept-encoding
server
cloudflare
x-amz-server-side-encryption
AES256
wrap.js
cdn.confiant-integrations.net/video/202601061251/ 		351 KB
123 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.confiant-integrations.net/video/202601061251/wrap.js
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/IKOzVPjtHv3tevs-RDaJOMdtkBI/video/config.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.144.166 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e966727461f30d4689f718bad0f745ac1932e8f82286b06dda21a8355138f0e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"3753c5c47b1797f64b774c26401b5f7c"
age
1347554
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
application/javascript; charset=utf-8
last-modified
Tue, 06 Jan 2026 17:52:48 GMT
vary
Accept-Encoding
priority
u=3,i=?0
x-amz-id-2
GlBT1ESJ2YJzSYfxXWWstMjoOgsi5bJ6a/is75fqbuQhxW9KM4TCiYzswe7ShmMDIZLSXx2/8fCMieGYWunZV08NQeChNXL0
cache-control
public, max-age=31536000
cf-ray
9c1e48f60a5d774a-LHR
x-amz-request-id
XEHVRNWMAHH4JFK1
accept-ranges
bytes
content-length
125532
server
cloudflare
x-amz-server-side-encryption
AES256
d9d3a980-b859-45de-bb35-3fc746c4e301
https://leekduck.com/ Frame 63C7 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
blob:https://leekduck.com/d9d3a980-b859-45de-bb35-3fc746c4e301
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/gptprebidnative/202601061251/wrap.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ae23fbaf98dcf05db4763090e47e765d21f553cd4a18fff09c3315f6fe20a44d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
application/javascript
Content-Length
5583
map
bcp.crwdcntrl.net/6/ 		235 B
693 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bcp.crwdcntrl.net/6/map?xcid=16576
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16576/sync.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.241.211.209 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-241-211-209.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
77b811c2b2b6a96c126150170389321bba78911bade4323e5652559a2957c79c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://leekduck.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
cache-control
no-cache
pragma
no-cache
access-control-allow-credentials
true
expires
0
access-control-allow-origin
https://leekduck.com
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length
235
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
application/json;charset=utf-8
lang.png
s.nitropay.com/cmp/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.nitropay.com/cmp/lang.png
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.2.78 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
eda5ec1c59939f001bdc15f557f3a905110aac0a60afc5a1eb92d8cdc2d2cbb5
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Type
x-goog-hash
crc32c=7x+tRA==, md5=ygcqOWX0miwkLEXVNRY6Uw==
cf-cache-status
HIT
etag
"ca072a3965f49a2c242c45d535163a53"
age
1939
x-goog-stored-content-encoding
identity
expires
Thu, 22 Jan 2026 10:42:12 GMT
alt-svc
h3=":443"; ma=86400
x-goog-stored-content-length
1887
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
image/png
last-modified
Fri, 21 Oct 2022 09:20:58 GMT
vary
Accept-Encoding
priority
u=3,i
x-guploader-uploadid
AHVrFxOxDJCHLCA_An7KfC8FXHMPTnxDWdYR3R2i4E70X63tDCV9PbzTYJyRmloI01XKYw9yyEJVbk9mGQF_Zg
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
public, max-age=3600
x-goog-storage-class
MULTI_REGIONAL
cf-ray
9c1e48f72ab2cd34-LHR
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1666344058779792
content-length
1887
server
cloudflare
cancel.png
s.nitropay.com/cmp/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.nitropay.com/cmp/cancel.png
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.2.78 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
89863d0411e5273c7c2befe50bceeab57034e26b5df8751cc13c3bd78c73511d
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Type
x-goog-hash
crc32c=QrhBNA==, md5=xwey1QGlO8LGbpjk5cq++w==
cf-cache-status
HIT
etag
"c707b2d501a53bc2c66e98e4e5cabefb"
age
3326
x-goog-stored-content-encoding
identity
expires
Thu, 22 Jan 2026 10:19:05 GMT
alt-svc
h3=":443"; ma=86400
x-goog-stored-content-length
1302
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
image/png
last-modified
Fri, 21 Oct 2022 09:20:58 GMT
vary
Accept-Encoding
priority
u=3,i
x-guploader-uploadid
AHVrFxOei1d0ggy51QcbihqLnfpBHlefqjjZRhBR_36wBQSlyVQ9aD_iL390ewXcbS1furB4f-WRbTKC4UJZOw
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
public, max-age=3600
x-goog-storage-class
MULTI_REGIONAL
cf-ray
9c1e48f72ab6cd34-LHR
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1666344058825998
content-length
1302
server
cloudflare
logo.png
s.nitropay.com/cmp/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.nitropay.com/cmp/logo.png
Requested by
Host: leekduck.com
URL: https://leekduck.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.2.78 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d8fea63a817b75ec9bfbc153b60b576dd31392e4d2afbec0d83cc813f8aca4d
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Type
x-goog-hash
crc32c=naGVVg==, md5=lAqluB6Zu7dBSsxHSom62Q==
cf-cache-status
HIT
etag
"940aa5b81e99bbb7414acc474a89bad9"
age
1973
x-goog-stored-content-encoding
identity
expires
Thu, 22 Jan 2026 10:41:39 GMT
alt-svc
h3=":443"; ma=86400
x-goog-stored-content-length
2592
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
image/png
last-modified
Fri, 21 Oct 2022 09:20:58 GMT
vary
Accept-Encoding
priority
u=3,i
x-guploader-uploadid
AHVrFxPPM7tX-wglCSAxSoHOnmKnS_XJx6lfB6WV4cjkvGiFo-X2FctWSBvADBX2PfbeWdgYRSxIino
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
public, max-age=3600
x-goog-storage-class
MULTI_REGIONAL
cf-ray
9c1e48f72ab8cd34-LHR
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1666344058842900
content-length
2592
server
cloudflare
exd
api.btloader.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.btloader.com/exd?tid=Odok3dq1H-AZiOI7kK-9be532d596&sid=aAnEg2eK-RWlcymZRev-9be532d596&cv=2.1.177&upapi=true
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.23.194 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
194.23.211.130.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

via
1.1 google
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 22 Jan 2026 10:14:32 GMT
vary
Origin
rum
cloudflareinsights.com/cdn-cgi/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://cloudflareinsights.com/cdn-cgi/rum
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5049 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://leekduck.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://leekduck.com
access-control-max-age
86400
cf-ray
9c1e48f7ba4f57a1-LHR
content-encoding
gzip
content-type
text/plain
date
Thu, 22 Jan 2026 10:14:32 GMT
server
cloudflare
vary
Origin
x-content-type-options
nosniff
x-frame-options
DENY
rum
cloudflareinsights.com/cdn-cgi/ 		0
37 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cloudflareinsights.com/cdn-cgi/rum
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5049 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
content-type
application/json
Referer
https://leekduck.com/

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-methods
POST,OPTIONS
x-content-type-options
nosniff
cf-ray
9c1e48f7fb0657a1-LHR
access-control-allow-origin
https://leekduck.com
date
Thu, 22 Jan 2026 10:14:32 GMT
vary
Origin
server
cloudflare
x-frame-options
DENY
favicon.ico
leekduck.com/assets/img/favicon/ 		15 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://leekduck.com/assets/img/favicon/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
676a2c02945351de35137e714683b01bb8270d07f16e59e3a65054455b325f46
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"41735efb7fbfe388e406204f758aa892"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=fxs3IugWsWP7uBl1yhTJf%2FzofbdQLqc2s3HGHYs5dmLidgTYfiEQuWMYhosKxMqsiBVSgC0nANezKP7bC0MxAqgD6NhyJbcaRHz%2FcfaX%2BO5kDrN7v3PtZw%3D%3D"}]}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
image/vnd.microsoft.icon
vary
accept-encoding
priority
u=1,i
cache-control
public, max-age=1382400, must-revalidate
nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
speculation-rules
"/cdn-cgi/speculation"
referrer-policy
strict-origin-when-cross-origin
cf-ray
9c1e48f7b9ddbd93-LHR
access-control-allow-origin
*
server
cloudflare
px.gif
ad-delivery.net/ 		43 B
111 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad-delivery.net/px.gif?ch=1&e=0.7833568048322467
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:2f50 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-goog-metageneration
5
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status
HIT
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
age
1480101
x-goog-stored-content-encoding
identity
expires
Fri, 23 Jan 2026 10:14:32 GMT
x-goog-stored-content-length
43
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
image/gif
vary
accept-encoding
last-modified
Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid
ABgVH8_eypAsB0yHA4t-wWK1ceeK_Cfhz3A3Tqr4F-I2lvmr7QbBZ_ByxANtfCif9krfBoY
cache-control
public, max-age=86400
x-goog-storage-class
MULTI_REGIONAL
cf-ray
9c1e48f81fc0d874-LHR
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1620242732037093
content-length
43
server
cloudflare
iu3
aax-eu.amazon-adsystem.com/s/ Frame 5D5A
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-smadex_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-na...
  • https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-smadex_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-na...
407 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-smadex_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-nativo_n-Rise_3lift&dcc=t
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/gptprebidnative/202601061251/wrap.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
67.220.226.232 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
Server /
Resource Hash
01481abc11f39240b24f8d1da61feb6f1260a50cdbc23b6875d55b41aa8c40ad
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://leekduck.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
407
Content-Type
text/html;charset=ISO-8859-1
Date
Thu, 22 Jan 2026 10:14:33 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
KBY2676HMTC8ABMN7NH9

Redirect headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Date
Thu, 22 Jan 2026 10:14:33 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-smadex_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-nativo_n-Rise_3lift&dcc=t
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
ZY6SR1G16XK089HH3VV9
favicon.ico
ad.doubleclick.net/ 		1 KB
129 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.6480339903003114
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.230 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra24s12-in-f6.1e100.net
Software
sffe /
Resource Hash
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

content-encoding
gzip
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options
nosniff
expires
Fri, 23 Jan 2026 10:14:33 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 22 Jan 2026 10:14:33 GMT
content-type
image/x-icon
vary
Accept-Encoding
last-modified
Tue, 08 May 2012 13:08:06 GMT
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
content-length
104
x-xss-protection
0
server
sffe
px.gif
ad-delivery.net/ 		43 B
163 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad-delivery.net/px.gif?ch=2&e=0.9895207684551494
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:2f50 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-goog-metageneration
5
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status
HIT
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
age
1480102
x-goog-stored-content-encoding
identity
expires
Fri, 23 Jan 2026 10:14:33 GMT
x-goog-stored-content-length
43
date
Thu, 22 Jan 2026 10:14:33 GMT
content-type
image/gif
vary
accept-encoding
last-modified
Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid
ABgVH8_eypAsB0yHA4t-wWK1ceeK_Cfhz3A3Tqr4F-I2lvmr7QbBZ_ByxANtfCif9krfBoY
cache-control
public, max-age=86400
x-goog-storage-class
MULTI_REGIONAL
cf-ray
9c1e48f95ad4d874-LHR
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1620242732037093
content-length
43
server
cloudflare
pr
aax-eu.amazon-adsystem.com/s/v3/ Frame 4705 		3 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-nativo_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-smadex_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-nativo_n-Rise_3lift&dcc=t
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
67.220.226.232 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
Server /
Resource Hash
b3fa9ec4b2d9e8d6bb1370cc1d5c5d852ca321b3e55f3883babac0953016a890
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-smadex_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-nativo_n-Rise_3lift&dcc=t
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
3516
Content-Type
text/html;charset=ISO-8859-1
Date
Thu, 22 Jan 2026 10:14:33 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
x-amz-rid
ZBCENQ1CMNXWQV7WHQEC
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 4705
Redirect Chain
  • https://cs.media.net/cksync?cs=31&type=tam&redirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dmedia.net%26id%3D%3Cvsid%3E&gdpr=0
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=media.net&id=4120784734627127000V10
43 B
477 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=media.net&id=4120784734627127000V10
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-nativo_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Server
67.220.226.232 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer

Response headers

Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Connection
keep-alive
Expires
Thu, 01 Jan 1970 00:00:00 GMT
x-amz-rid
DXQQG7KWVWP926TSZZN7
Content-Length
43
Date
Thu, 22 Jan 2026 10:14:33 GMT
Content-Type
image/gif
Vary
Content-Type,Accept-Encoding,User-Agent
Server
Server

Redirect headers

location
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=media.net&id=4120784734627127000V10
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
content-length
150
date
Thu, 22 Jan 2026 10:14:33 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 4705
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=amazon-eu&gdpr=0
  • https://creativecdn.com/cm-notify?pi=amazon-eu&gdpr=0&tc=1
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rtbhouse.com&id=ovjfJAIxhsAeTIEHzSBRmj9dZ9OdSjaSlvJI8MSo_GU&pi=amazon-eu&gdpr=0&tc=1
43 B
477 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rtbhouse.com&id=ovjfJAIxhsAeTIEHzSBRmj9dZ9OdSjaSlvJI8MSo_GU&pi=amazon-eu&gdpr=0&tc=1
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-nativo_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Server
67.220.226.232 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer

Response headers

Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Connection
keep-alive
Expires
Thu, 01 Jan 1970 00:00:00 GMT
x-amz-rid
NWB3GW5PEHSC4P4ZDDHE
Content-Length
43
Date
Thu, 22 Jan 2026 10:14:33 GMT
Content-Type
image/gif
Vary
Content-Type,Accept-Encoding,User-Agent
Server
Server

Redirect headers

expires
Thu, 01 Jan 1970 00:00:00 GMT
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
location
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rtbhouse.com&id=ovjfJAIxhsAeTIEHzSBRmj9dZ9OdSjaSlvJI8MSo_GU&pi=amazon-eu&gdpr=0&tc=1
content-length
0
date
Thu, 22 Jan 2026 10:14:33 GMT
pragma
no-cache
vary
Accept-Encoding
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 4705
Redirect Chain
  • https://t.adx.opera.com/pub/sync?pubid=pub12058951686464&k=eu&gdpr=0
  • https://www.temu.com/api/adx/cm/pixel-opera?adx_uid=9519adc0154338e9&gdpr=0&gdpr_consent=&us_privacy=&redir=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fvendor%3D60369%26pubid%3Dpub12058951686464%26gdpr%...
  • https://t.adx.opera.com/sync?vendor=60369&pubid=pub12058951686464&gdpr=0&consent=&us_privacy=&custom_data=
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=opera.com&id=OPUdf5199fc0d0441ed914b733eb118b3cb
43 B
477 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=opera.com&id=OPUdf5199fc0d0441ed914b733eb118b3cb
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-nativo_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Server
67.220.226.232 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer

Response headers

Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Connection
keep-alive
Expires
Thu, 01 Jan 1970 00:00:00 GMT
x-amz-rid
51W56HVNJ8J3NT5AET8V
Content-Length
43
Date
Thu, 22 Jan 2026 10:14:33 GMT
Content-Type
image/gif
Vary
Content-Type,Accept-Encoding,User-Agent
Server
Server

Redirect headers

Cache-Control
no-cache, no-store, must-revalidate
Location
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=opera.com&id=OPUdf5199fc0d0441ed914b733eb118b3cb
Pragma
no-cache
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
POST, GET, OPTIONS
Expires
Mon, 01 Jan 1990 00:00:00 GMT
Access-Control-Allow-Origin
*
Content-Length
120
Date
Thu, 22 Jan 2026 10:14:33 GMT
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 4705
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=a9eu&gdpr=0
  • https://aax-eu.amazon-adsystem.com/s/ecm3?id=MKPAOZQV-T-34DC&ex=d-rubiconproject.com&status=ok&gdpr=0
43 B
477 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?id=MKPAOZQV-T-34DC&ex=d-rubiconproject.com&status=ok&gdpr=0
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-nativo_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Server
67.220.226.232 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer

Response headers

Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Connection
keep-alive
Expires
Thu, 01 Jan 1970 00:00:00 GMT
x-amz-rid
ABJ2PX3RDPW6W85MTZDR
Content-Length
43
Date
Thu, 22 Jan 2026 10:14:33 GMT
Content-Type
image/gif
Vary
Content-Type,Accept-Encoding,User-Agent
Server
Server

Redirect headers

Cache-Control
no-cache,no-store,must-revalidate
Location
https://aax-eu.amazon-adsystem.com/s/ecm3?id=MKPAOZQV-T-34DC&ex=d-rubiconproject.com&status=ok&gdpr=0
Pragma
no-cache
Expires
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
9b9ca48f3d05737dc119d72e271168fa
content-length
0
Content-Type
text/html
usermatch
ssum-sec.casalemedia.com/ Frame 5022
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fgdpr%3D0%26ex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
2 KB
843 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fgdpr%3D0%26ex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-nativo_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.27.193 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4432eab794f516d7fc7bc4fecce8f3e30ddfbef4ad90a8eef4e29fc4fd2129e1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
9c1e48fb8ea2b546-LHR
content-encoding
br
content-type
text/html
date
Thu, 22 Jan 2026 10:14:33 GMT
expires
0
nel
{"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=GeEB8GRn6zANJRrgIrYZApVy4MGPYmXGzIRpyij0Vl2f0YDGOwBfs%2BrutRj3VvjEHAxemEd34%2Bit2NRKjUFlNZ94GM6JF3vKjS%2FOgeNB%2BX1X9sizzqrr"}]}
server
cloudflare
vary
accept-encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
9c1e48fb2dacb546-LHR
content-length
0
date
Thu, 22 Jan 2026 10:14:33 GMT
expires
0
location
/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fgdpr%3D0%26ex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
nel
{"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=7mcV3ayJCERL97y4J6ZQvCkzbF%2B%2F4zvg1WO0o0m3z19wXJ57R1MSyc2jqVRotq%2BZ1v3HkQOKZ002L3uE3bJZROHQ4On0K9k4z9cmYGN5xgWrg5%2FFdnUJ"}]}
server
cloudflare
vary
accept-encoding
user-sync.html
ms-cookie-sync.presage.io/ Frame 21A8 		78 B
261 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ms-cookie-sync.presage.io/user-sync.html?source=tam&gdpr=0
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-nativo_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
63.35.207.216 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-63-35-207-216.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
5b36081aa7ff53b6bc9320413586af1cd87602b6e01dc99b9f34f64f5976705f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, no-store, no-transform, must-revalidate, private, max-age=0
content-length
78
content-type
text/html; charset=utf-8
date
Thu, 22 Jan 2026 10:14:33 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
cm
u.openx.net/w/1.0/ Frame AA83
Redirect Chain
  • https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BO...
  • https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3...
631 B
678 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-nativo_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
/
Resource Hash
23b6903e84614f49dc811f235c790eb69fb4a4b6b5ccd22965a7ea7670d5daf5

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0, no-cache
content-encoding
br
content-length
448
content-type
text/html
date
Thu, 22 Jan 2026 10:14:33 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
pragma
no-cache
vary
Accept, Accept-Encoding
via
1.1 google
x-forwarded-for
146.70.134.87

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0, no-cache
content-length
0
content-type
text/plain; charset=utf-8
date
Thu, 22 Jan 2026 10:14:32 GMT
location
https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
p3p
CP="CUR ADM OUR NOR STA NID"
pragma
no-cache
vary
Accept, Accept-Encoding
via
1.1 google
x-forwarded-for
146.70.134.87
sync
sync.inmobi.com/ Frame 0232
Redirect Chain
  • https://sync.inmobi.com/TAM?redirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dinmobi.com%26id%3D%7BID5UID%7D&gdpr=0
  • https://sync.inmobi.com/sync?redirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dinmobi.com%26id%3D%7BID5UID%7D&gdpr_consent=&gdpr=0&us_privacy=&gdpr_pd=&source=1&google_push=&retry=
  • https://sync.inmobi.com/sync?redirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dinmobi.com%26id%3D%7BID5UID%7D&gdpr_consent=&gdpr=0&us_privacy=&gdpr_pd=&source=1&google_push=&retry...
0
17 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.inmobi.com/sync?redirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dinmobi.com%26id%3D%7BID5UID%7D&gdpr_consent=&gdpr=0&us_privacy=&gdpr_pd=&source=1&google_push=&retry=true
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-nativo_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.212.104.44 Washington, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
44.104.212.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36

Response headers

content-length
0
date
Thu, 22 Jan 2026 10:14:33 GMT
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
via
1.1 google

Redirect headers

content-length
0
date
Thu, 22 Jan 2026 10:14:32 GMT
location
https://sync.inmobi.com/sync?redirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dinmobi.com%26id%3D%7BID5UID%7D&gdpr_consent=&gdpr=0&us_privacy=&gdpr_pd=&source=1&google_push=&retry=true
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
via
1.1 google
ecm3
s.amazon-adsystem.com/ Frame 6FE7
Redirect Chain
  • https://amazon-tam-match.dotomi.com/match/bounce/current?networkId=31082&version=1&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcnv.com%26id%3D&gdpr=0
  • https://amazon-tam-match.dotomi.com/match/bounce/current?DotomiTest=28e4d7550801891&is_secure=true&networkId=31082&version=1&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcnv.com%26id%3D&g...
  • https://s.amazon-adsystem.com/ecm3?ex=cnv.com&id=AQAJmTjCfWXq9wJTI6SVAQEBAQEBAQCa5DPYjgEBAJrkM9iO&expiration=1769163273&is_secure=true&gdpr=0
43 B
477 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/ecm3?ex=cnv.com&id=AQAJmTjCfWXq9wJTI6SVAQEBAQEBAQCa5DPYjgEBAJrkM9iO&expiration=1769163273&is_secure=true&gdpr=0
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-nativo_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
98.82.156.207 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-98-82-156-207.compute-1.amazonaws.com
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Thu, 22 Jan 2026 10:14:33 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
x-amz-rid
CV0P3BW0Q4S7A33ZPRTE

Redirect headers

cache-control
no-cache, private, max-age=0, no-store
content-length
0
date
Thu, 22 Jan 2026 10:14:33 GMT
expires
0
location
https://s.amazon-adsystem.com/ecm3?ex=cnv.com&id=AQAJmTjCfWXq9wJTI6SVAQEBAQEBAQCa5DPYjgEBAJrkM9iO&expiration=1769163273&is_secure=true&gdpr=0
pragma
no-cache
server
nginx
/
match.sharethrough.com/jwumXNuB/v1/ Frame FD89 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dsharethrough.com%26id%3D%24UID&gdpr=0
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-nativo_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.198.188.210 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-198-188-210.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=16000000; includeSubDomains; preload;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=16000000; includeSubDomains; preload;
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 6BDC 		21 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dpubmatic.com%26id%3D&gdpr=0
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-nativo_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.168.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a88-221-168-201.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
5b6ceeffb380eae16e91dcf08a3493068aa5b7bd6f4c3f4ad7b4daa188d5c2cb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
max-age=28285
content-encoding
gzip
content-length
7259
content-type
text/html
date
Thu, 22 Jan 2026 10:14:33 GMT
expires
Thu, 22 Jan 2026 18:05:58 GMT
last-modified
Mon, 29 Sep 2025 15:12:50 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
visitormatch
bh.contextweb.com/ Frame F133
Redirect Chain
  • https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint
  • https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint&reat=1
849 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint&reat=1
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-nativo_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.93.169.131 Amsterdam, Netherlands, ASN46244 (WEBMD-IDC1-AS - WebMD, LLC, US),
Reverse DNS
Software
Jetty(12.0.22) /
Resource Hash
2c1eee94269c3170139a3ead2107d4f8ed129efc25b20edffe7eabc0c03e515b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
cache-control
private, max-age=0, no-cache, no-store
content-language
de-CH
content-length
849
content-type
text/html;charset=iso-8859-1
cw-server
bh-deployment-5454546fb6-k86n7
expires
-1
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
server
Jetty(12.0.22)
timing-allow-origin
*

Redirect headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
cache-control
private, max-age=0, no-cache, no-store
content-language
de-CH
cw-server
bh-deployment-5454546fb6-k86n7
expires
-1
location
/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint&reat=1
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
server
Jetty(12.0.22)
timing-allow-origin
*
sync-iframe
cs-tam.yellowblue.io/ Frame B16A 		0
437 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cs-tam.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D&gdpr=0
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-nativo_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.207.140.152 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
152.140.207.35.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
cs-tam.yellowblue.io
access-control-expose-headers
X-Reason
content-length
0
content-type
text/html
date
Thu, 22 Jan 2026 10:14:33 GMT
server
istio-envoy
via
1.1 google
x-envoy-decorator-operation
rtb-cookie-sync.default.svc.cluster.local:80/*
x-envoy-upstream-service-time
0
x-reason
could not perform CS due to compliance policy: gdpr is not applied
getuid
eb2.3lift.com/ Frame F1B7 		37 B
140 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/getuid?redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID&gdpr=0
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_n-start_n-Ogury_n-MediaNet_n-rtbhouse_ox-db5_n-inmobi_cnv_n-opera3pb_n-sharethrough_pm-db5_rbd_ppt_n-nativo_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
date
Thu, 22 Jan 2026 10:14:33 GMT
ecm3
aax-eu.amazon-adsystem.com/s/ Frame AA83 		43 B
477 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=openx.com&id=96dd5767-bb49-c9b7-2f50-aeaad4d36a8b&gdpr=0
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
67.220.226.232 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://u.openx.net/

Response headers

Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Connection
keep-alive
Expires
Thu, 01 Jan 1970 00:00:00 GMT
x-amz-rid
WAY135H0KTZW1QHP87NG
Content-Length
43
Date
Thu, 22 Jan 2026 10:14:33 GMT
Content-Type
image/gif
Vary
Content-Type,Accept-Encoding,User-Agent
Server
Server
sd
us-u.openx.net/w/1.0/ Frame AA83
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc=
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEAW5kDBEaWte37B5goIP1uw&google_cver=1
43 B
97 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEAW5kDBEaWte37B5goIP1uw&google_cver=1
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://u.openx.net/

Response headers

cache-control
private, max-age=0, no-cache
pragma
no-cache
x-forwarded-for
146.70.134.87
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
p3p
CP="CUR ADM OUR NOR STA NID"
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
image/gif
vary
Accept

Redirect headers

cache-control
no-cache, must-revalidate
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEAW5kDBEaWte37B5goIP1uw&google_cver=1
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
295
date
Thu, 22 Jan 2026 10:14:33 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
pixel
cm.g.doubleclick.net/ Frame AA83
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTI2NGY4ZDAtNmU5NC0yY2U5LWZhYmUtNzY4NDc2MDI2ZjBi
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTI2NGY4ZDAtNmU5NC0yY2U5LWZhYmUtNzY4NDc2MDI2ZjBi&google_tc=
170 B
243 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTI2NGY4ZDAtNmU5NC0yY2U5LWZhYmUtNzY4NDc2MDI2ZjBi&google_tc=
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Protocol
H2
Server
142.251.141.98 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
tzfraa-ai-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://u.openx.net/

Response headers

cache-control
no-cache, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
date
Thu, 22 Jan 2026 10:14:33 GMT
x-xss-protection
0
content-type
image/png
server
HTTP server (unknown)

Redirect headers

cache-control
no-cache, must-revalidate
location
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTI2NGY4ZDAtNmU5NC0yY2U5LWZhYmUtNzY4NDc2MDI2ZjBi&google_tc=
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
326
date
Thu, 22 Jan 2026 10:14:33 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
openx
match.adsrvr.org/track/cmf/ Frame AA83 		70 B
149 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/openx?oxid=ce0b2b1a-a7e3-724d-ef5e-2c3dbce0a16b&gdpr=0
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://u.openx.net/

Response headers

content-length
70
date
Thu, 22 Jan 2026 10:14:33 GMT
content-type
image/gif
server
Kestrel
sd
us-u.openx.net/w/1.0/ Frame AA83
Redirect Chain
  • https://cms.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
  • https://cms.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0&__qcmcs=1
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=5TFPtbUwQL3-MBm0sjpV4bI-TbL-Oh60tj3Hjt4-
43 B
136 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=5TFPtbUwQL3-MBm0sjpV4bI-TbL-Oh60tj3Hjt4-
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://u.openx.net/

Response headers

cache-control
private, max-age=0, no-cache
pragma
no-cache
x-forwarded-for
146.70.134.87
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
p3p
CP="CUR ADM OUR NOR STA NID"
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
image/gif
vary
Accept

Redirect headers

strict-transport-security
max-age=86400
cache-control
private, no-store, proxy-revalidate
location
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=5TFPtbUwQL3-MBm0sjpV4bI-TbL-Oh60tj3Hjt4-
content-length
0
date
Thu, 22 Jan 2026 10:14:33 GMT
sd
eu-u.openx.net/w/1.0/ Frame AA83
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=22
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8369720746071229071
43 B
97 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8369720746071229071
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://u.openx.net/

Response headers

cache-control
private, max-age=0, no-cache
pragma
no-cache
x-forwarded-for
146.70.134.87
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
p3p
CP="CUR ADM OUR NOR STA NID"
date
Thu, 22 Jan 2026 10:14:33 GMT
content-type
image/gif
vary
Accept

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
location
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8369720746071229071
pragma
no-cache
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
access-control-allow-methods
GET
expires
-1
access-control-allow-origin
*
content-length
0
date
Thu, 22 Jan 2026 10:14:33 GMT
server
nginx
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
rtset
bh.contextweb.com/bh/ Frame F133
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=TkdMVlJqV3Fqc3B5eDhUbERXUUxrQQ&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm=&google_sc=&google_hm=TkdMVlJqV3Fqc3B5eDhUbERXUUxrQQ&gdpr=0&gdpr_consent=&google_tc=
  • https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=0&gdpr_consent=&ev=CAESEI5ENPOenw_xWJMHq8g0A8o&google_cver=1
49 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=0&gdpr_consent=&ev=CAESEI5ENPOenw_xWJMHq8g0A8o&google_cver=1
Requested by
Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint&reat=1
Protocol
H2
Server
208.93.169.131 Amsterdam, Netherlands, ASN46244 (WEBMD-IDC1-AS - WebMD, LLC, US),
Reverse DNS
Software
Jetty(12.0.22) /
Resource Hash
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://bh.contextweb.com/

Response headers

cache-control
private, max-age=0, no-cache, no-store
timing-allow-origin
*
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
cw-server
bh-deployment-5454546fb6-k86n7
expires
-1
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
de-CH
content-type
image/gif;charset=iso-8859-1
server
Jetty(12.0.22)

Redirect headers

cache-control
no-cache, must-revalidate
location
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=0&gdpr_consent=&ev=CAESEI5ENPOenw_xWJMHq8g0A8o&google_cver=1
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
335
date
Thu, 22 Jan 2026 10:14:33 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
rtset
bh.contextweb.com/bh/ Frame F133
Redirect Chain
  • https://pulsepoint-match.dotomi.com/match/bounce/current?networkId=14200&version=1&nuid=&gdpr=0&gdpr_consent=
  • https://pulsepoint-match.dotomi.com/match/bounce/current?DotomiTest=4a9363e45cd71850&is_secure=true&networkId=14200&version=1&nuid=&gdpr=0&gdpr_consent=
  • https://bh.contextweb.com/bh/rtset?do=add&pid=530912&ev=AQAJsBk4_ArA0AIk7iiYAQEBAQEBAQCa5DPbFgEBAJrkM9sW&expiration=1769163273&nuid=&is_secure=true&gdpr_consent=&gdpr=0
49 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bh.contextweb.com/bh/rtset?do=add&pid=530912&ev=AQAJsBk4_ArA0AIk7iiYAQEBAQEBAQCa5DPbFgEBAJrkM9sW&expiration=1769163273&nuid=&is_secure=true&gdpr_consent=&gdpr=0
Requested by
Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint&reat=1
Protocol
H2
Server
208.93.169.131 Amsterdam, Netherlands, ASN46244 (WEBMD-IDC1-AS - WebMD, LLC, US),
Reverse DNS
Software
Jetty(12.0.22) /
Resource Hash
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://bh.contextweb.com/

Response headers

cache-control
private, max-age=0, no-cache, no-store
timing-allow-origin
*
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
cw-server
bh-deployment-5454546fb6-k86n7
expires
-1
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
de-CH
content-type
image/gif;charset=iso-8859-1
server
Jetty(12.0.22)

Redirect headers

expires
0
cache-control
no-cache, private, max-age=0, no-store
location
https://bh.contextweb.com/bh/rtset?do=add&pid=530912&ev=AQAJsBk4_ArA0AIk7iiYAQEBAQEBAQCa5DPbFgEBAJrkM9sW&expiration=1769163273&nuid=&is_secure=true&gdpr_consent=&gdpr=0
content-length
0
date
Thu, 22 Jan 2026 10:14:33 GMT
pragma
no-cache
server
nginx
ecm3
s.amazon-adsystem.com/ Frame F133 		43 B
477 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?id=e9crHbMwkxKV&ex=Pulsepoint
Requested by
Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint&reat=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
98.82.156.207 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-98-82-156-207.compute-1.amazonaws.com
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://bh.contextweb.com/

Response headers

Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Connection
keep-alive
Expires
Thu, 01 Jan 1970 00:00:00 GMT
x-amz-rid
HXR932WT8YVKPRVKHQMX
Content-Length
43
Date
Thu, 22 Jan 2026 10:14:33 GMT
Content-Type
image/gif
Vary
Content-Type,Accept-Encoding,User-Agent
Server
Server
crum
dsum-sec.casalemedia.com/ Frame 5022
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=0
  • https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=aXH4iVVbLWEAP8YRBSkduQAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESENtM7s91wOYTu9y4GaZM9V0&google_cver=1&gdpr=0
43 B
711 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESENtM7s91wOYTu9y4GaZM9V0&google_cver=1&gdpr=0
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fgdpr%3D0%26ex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol
H3
Server
104.18.26.193 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://ssum-sec.casalemedia.com/

Response headers

cf-cache-status
DYNAMIC
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=CGJy0bFF6A3j04RpYR0BdGKIQyl5h22591FWJz3axVRl8ICWr2SK8YAcK6QytwzuI1CWSI0BhE7z3o78dIpG9wjq38Uxf20jriNuH4Y0LwLGdwZhw91h"}]}
expires
0
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date
Thu, 22 Jan 2026 10:14:33 GMT
content-type
image/gif
vary
accept-encoding
priority
u=3,i
cache-control
no-cache
nel
{"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
pragma
no-cache
cf-ray
9c1e48fcdfb3774a-LHR
content-length
43
server
cloudflare

Redirect headers

cache-control
no-cache, must-revalidate
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESENtM7s91wOYTu9y4GaZM9V0&google_cver=1&gdpr=0
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
325
date
Thu, 22 Jan 2026 10:14:33 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
pixel
cm.g.doubleclick.net/ Frame 5022
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=aXH4iVVbLWEAP8YRBSkduQAAFD8AAAIB&gdpr_consent=&us_privacy=&gdpr=0&gpp=&gpp_sid=
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=aXH4iVVbLWEAP8YRBSkduQAAFD8AAAIB&gdpr_consent=&us_privacy=&gdpr=0&gpp=&gpp_sid=&google_tc=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&gdpr_consent=&gdpr=0&gpp=&gpp_sid=&google_gid=CAESENtjAenw...
  • https://cm.g.doubleclick.net/pixel?gdpr=0&gdpr=0&gdpr_consent=&google_cver=1&google_gid=CAESENtjAenw8WLIV5P1xgG7wSE&google_hm=aXH4iVVbLWEAP8YRBSkduQAAFD8AAAIB&google_nid=index&gpp=&gpp=&gpp_sid=&gp...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?gdpr=0&gdpr=0&gdpr_consent=&google_cver=1&google_gid=CAESENtjAenw8WLIV5P1xgG7wSE&google_hm=aXH4iVVbLWEAP8YRBSkduQAAFD8AAAIB&google_nid=index&gpp=&gpp=&gpp_sid=&gpp_sid=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fgdpr%3D0%26ex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol
H3
Server
142.251.141.98 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
tzfraa-ai-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://ssum-sec.casalemedia.com/

Response headers

cache-control
no-cache, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
date
Thu, 22 Jan 2026 10:14:33 GMT
x-xss-protection
0
content-type
image/png
server
HTTP server (unknown)

Redirect headers

cf-cache-status
DYNAMIC
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=u5hoFFU3Sb%2FmofhRfrwfb2OwB8gUpFiNvbUAgpZyJPy7a4CuYPR5m9kjlRHqmoyy%2FDx46OLooKMGvaSdKk7p%2BZjYZdoc2wzP%2BGW1ILMeQ%2FL8gC5%2Fx4xg"}]}
expires
0
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date
Thu, 22 Jan 2026 10:14:33 GMT
vary
accept-encoding
priority
u=3,i
cache-control
no-cache
location
https://cm.g.doubleclick.net/pixel?gdpr=0&gdpr=0&gdpr_consent=&google_cver=1&google_gid=CAESENtjAenw8WLIV5P1xgG7wSE&google_hm=aXH4iVVbLWEAP8YRBSkduQAAFD8AAAIB&google_nid=index&gpp=&gpp=&gpp_sid=&gpp_sid=
nel
{"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
pragma
no-cache
cf-ray
9c1e48fc4bcf1ddf-LHR
content-length
0
server
cloudflare
31327
i.liadm.com/s/ Frame 5022 		0
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=aXH4iVVbLWEAP8YRBSkduQAA%265183&gpdr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fgdpr%3D0%26ex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.162.156.31 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-162-156-31.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://ssum-sec.casalemedia.com/

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Length
0
Date
Thu, 22 Jan 2026 10:14:34 GMT
trace-id
1631307fbbe0d77b
Request-Time
0
Connection
keep-alive
dcm
s.amazon-adsystem.com/ Frame 5022 		43 B
853 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=0&gdpr_consent=&id=aXH4iVVbLWEAP8YRBSkduQAAFD8AAAIB&gpp=&gpp_sid=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fgdpr%3D0%26ex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
98.82.156.207 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-98-82-156-207.compute-1.amazonaws.com
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://ssum-sec.casalemedia.com/

Response headers

Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Connection
keep-alive
Expires
Thu, 01 Jan 1970 00:00:00 GMT
x-amz-rid
EPT425QNAK7VRM1Y4AJG
Content-Length
43
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Date
Thu, 22 Jan 2026 10:14:33 GMT
Content-Type
image/gif
Vary
Content-Type,Accept-Encoding,User-Agent
Server
Server
rum
dsum.casalemedia.com/ Frame 5022
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=index&gdpr=0
  • https://x.bidswitch.net/ul_cb/sync?ssp=index&gdpr=0
  • https://sonata-notifications.taptapnetworks.com/web/cookie/bidswitch/sync?bidswitch_ssp_id=index&bsw_custom_parameter=5f3c6bb2-6322-43c4-ac6e-5af4aac26fb5&gdpr=0&gdpr_consent=&gdpr_pd=
  • https://x.bidswitch.net/sync?dsp_id=413&ssp=index&user_id=csonata_ce757cb7-6e34-482f-b27e-f35c4a7933cd&bsw_param=5f3c6bb2-6322-43c4-ac6e-5af4aac26fb5&expires=10&gdpr=0&gdpr_consent=&gdpr_pd=
  • https://dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=5f3c6bb2-6322-43c4-ac6e-5af4aac26fb5&gdpr=0&gdpr_consent=&us_privacy=
43 B
711 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=5f3c6bb2-6322-43c4-ac6e-5af4aac26fb5&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fgdpr%3D0%26ex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol
H3
Server
104.18.26.193 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://ssum-sec.casalemedia.com/

Response headers

cf-cache-status
DYNAMIC
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=i1Ni9MczH08tWRVsRdzroKi2lmyvLHiLSV38mGofhOKan3Yr8569ZfCJL%2B6CggYXufmMF7ij4gOTHxbC8o6yHoZZQi1t9gXsPi808AA%2BcFlVkko%3D"}]}
expires
0
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date
Thu, 22 Jan 2026 10:14:33 GMT
content-type
image/gif
vary
accept-encoding
priority
u=3,i
cache-control
no-cache
nel
{"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
pragma
no-cache
cf-ray
9c1e48fdd8a1774a-LHR
content-length
43
server
cloudflare

Redirect headers

via
1.1 google
cache-control
no-cache, no-store, must-revalidate
location
//dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=5f3c6bb2-6322-43c4-ac6e-5af4aac26fb5&gdpr=0&gdpr_consent=&us_privacy=
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 22 Jan 2026 10:14:33 GMT
/
b1sync.zemanta.com/usersync/index/ Frame 5022 		26 B
138 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b1sync.zemanta.com/usersync/index/?puid=aXH4iVVbLWEAP8YRBSkduQAA%265183&cb=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fexternal_user_id%3D_ZUID_&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fgdpr%3D0%26ex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.74.236.159 , United States, ASN22075 (AS-OUTBRAIN - Outbrain, Inc., US),
Reverse DNS
chi.outbrain.com
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://ssum-sec.casalemedia.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
26
date
Thu, 22 Jan 2026 10:14:33 GMT
content-type
image/gif
crum
dsum-sec.casalemedia.com/ Frame 5022
Redirect Chain
  • https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=0
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=BA90EBD2DD16484DBDBFF54F57AB7137&gdpr=0
43 B
715 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=BA90EBD2DD16484DBDBFF54F57AB7137&gdpr=0
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fgdpr%3D0%26ex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol
H3
Server
104.18.26.193 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://ssum-sec.casalemedia.com/

Response headers

cf-cache-status
DYNAMIC
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=LWYkwag3RjrrrVdBneXWiUh%2F0ofERD%2BFnWw3lzIJgXRDhv1BvRgWtBlVDkkul1kXu5uKErinjQ9HdNbtuMHEiK51nSe2Yg71HdHWt0p%2Fb6IiiE9XyNE4"}]}
expires
0
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date
Thu, 22 Jan 2026 10:14:33 GMT
content-type
image/gif
vary
accept-encoding
priority
u=3,i
cache-control
no-cache
nel
{"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
pragma
no-cache
cf-ray
9c1e48fcaf7b774a-LHR
content-length
43
server
cloudflare

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=BA90EBD2DD16484DBDBFF54F57AB7137&gdpr=0
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Wed, 21 Jan 2026 10:14:33 GMT
access-control-allow-origin
*
content-length
142
date
Thu, 22 Jan 2026 10:14:33 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
crum
dsum-sec.casalemedia.com/ Frame 5022
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=68&gdpr=0
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=123&external_user_id=EojoJ-eZVMJn0jy3gj3Pl5JGhlc
43 B
720 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=123&external_user_id=EojoJ-eZVMJn0jy3gj3Pl5JGhlc
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fgdpr%3D0%26ex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol
H3
Server
104.18.26.193 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://ssum-sec.casalemedia.com/

Response headers

cf-cache-status
DYNAMIC
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=uts9%2F8aDAFV%2FefAYEDMMfqX4WENWy2aUrdY39Nt%2Bha2y6vdP4czPQO%2B7R3oqHlbacIJ12rU%2BzeRPnHjXmu68YOQCMX%2FiWBH5VS5irbTIBh2AFwKLOFz8"}]}
expires
0
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date
Thu, 22 Jan 2026 10:14:34 GMT
content-type
image/gif
vary
accept-encoding
priority
u=3,i
cache-control
no-cache
nel
{"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
pragma
no-cache
cf-ray
9c1e48feb976774a-LHR
content-length
43
server
cloudflare

Redirect headers

Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=123&external_user_id=EojoJ-eZVMJn0jy3gj3Pl5JGhlc
Content-Length
123
Date
Thu, 22 Jan 2026 10:14:33 GMT
Content-Type
text/html; charset=utf-8
Connection
keep-alive
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 5022 		43 B
477 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?gdpr=0&ex=index.com&id=aXH4iVVbLWEAP8YRBSkduQAAFD8AAAIB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fgdpr%3D0%26ex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
67.220.226.232 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://ssum-sec.casalemedia.com/

Response headers

Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Connection
keep-alive
Expires
Thu, 01 Jan 1970 00:00:00 GMT
x-amz-rid
88TAMC80JSM5B3EFWB5S
Content-Length
43
Date
Thu, 22 Jan 2026 10:14:33 GMT
Content-Type
image/gif
Vary
Content-Type,Accept-Encoding,User-Agent
Server
Server
px.gif
ad-delivery.net/ 		43 B
111 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad-delivery.net/px.gif?ch=2&e=0.8946279826470103
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:2f50 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-goog-metageneration
5
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status
HIT
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
age
1480102
x-goog-stored-content-encoding
identity
expires
Fri, 23 Jan 2026 10:14:33 GMT
x-goog-stored-content-length
43
date
Thu, 22 Jan 2026 10:14:33 GMT
content-type
image/gif
vary
accept-encoding
last-modified
Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid
ABgVH8_eypAsB0yHA4t-wWK1ceeK_Cfhz3A3Tqr4F-I2lvmr7QbBZ_ByxANtfCif9krfBoY
cache-control
public, max-age=86400
x-goog-storage-class
MULTI_REGIONAL
cf-ray
9c1e48fd5b16d874-LHR
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1620242732037093
content-length
43
server
cloudflare
favicon.ico
ad.doubleclick.net/ 		1 KB
129 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.3278303527322678
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.230 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra24s12-in-f6.1e100.net
Software
sffe /
Resource Hash
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

content-encoding
gzip
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options
nosniff
expires
Fri, 23 Jan 2026 10:14:33 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 22 Jan 2026 10:14:33 GMT
content-type
image/x-icon
vary
Accept-Encoding
last-modified
Tue, 08 May 2012 13:08:06 GMT
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
content-length
104
x-xss-protection
0
server
sffe
px.gif
ad-delivery.net/ 		43 B
111 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad-delivery.net/px.gif?ch=1&e=0.01179937465856118
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:2f50 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-goog-metageneration
5
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status
HIT
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
age
1480102
x-goog-stored-content-encoding
identity
expires
Fri, 23 Jan 2026 10:14:33 GMT
x-goog-stored-content-length
43
date
Thu, 22 Jan 2026 10:14:33 GMT
content-type
image/gif
vary
accept-encoding
last-modified
Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid
ABgVH8_eypAsB0yHA4t-wWK1ceeK_Cfhz3A3Tqr4F-I2lvmr7QbBZ_ByxANtfCif9krfBoY
cache-control
public, max-age=86400
x-goog-storage-class
MULTI_REGIONAL
cf-ray
9c1e48fd5b1bd874-LHR
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1620242732037093
content-length
43
server
cloudflare
dns
ab.dns-finder.com/meta/ 		2 B
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ab.dns-finder.com/meta/dns
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.36.200.111 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
111.200.36.34.bc.googleusercontent.com
Software
/
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

cache-control
private, max-age=180, stale-if-error=180, stale-while-revalidate=180
access-control-expose-headers
X-Resolver
x-resolver
default
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Thu, 22 Jan 2026 10:14:32 GMT
content-type
text/plain; charset=utf-8
vary
Origin
px.gif
ad-delivery.net/ 		43 B
163 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad-delivery.net/px.gif?ch=1&e=0.7940241004636917
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:2f50 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-goog-metageneration
5
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status
HIT
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
age
1480103
x-goog-stored-content-encoding
identity
expires
Fri, 23 Jan 2026 10:14:34 GMT
x-goog-stored-content-length
43
date
Thu, 22 Jan 2026 10:14:34 GMT
content-type
image/gif
vary
accept-encoding
last-modified
Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid
ABgVH8_eypAsB0yHA4t-wWK1ceeK_Cfhz3A3Tqr4F-I2lvmr7QbBZ_ByxANtfCif9krfBoY
cache-control
public, max-age=86400
x-goog-storage-class
MULTI_REGIONAL
cf-ray
9c1e48fedefbd874-LHR
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1620242732037093
content-length
43
server
cloudflare
favicon.ico
ad.doubleclick.net/ 		1 KB
129 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.2899790434397288
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.230 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra24s12-in-f6.1e100.net
Software
sffe /
Resource Hash
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

content-encoding
gzip
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options
nosniff
expires
Fri, 23 Jan 2026 10:14:34 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 22 Jan 2026 10:14:34 GMT
content-type
image/x-icon
vary
Accept-Encoding
last-modified
Tue, 08 May 2012 13:08:06 GMT
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
content-length
104
x-xss-protection
0
server
sffe
px.gif
ad-delivery.net/ 		43 B
111 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad-delivery.net/px.gif?ch=2&e=0.412938584459292
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:2f50 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-goog-metageneration
5
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status
HIT
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
age
1480103
x-goog-stored-content-encoding
identity
expires
Fri, 23 Jan 2026 10:14:34 GMT
x-goog-stored-content-length
43
date
Thu, 22 Jan 2026 10:14:34 GMT
content-type
image/gif
vary
accept-encoding
last-modified
Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid
ABgVH8_eypAsB0yHA4t-wWK1ceeK_Cfhz3A3Tqr4F-I2lvmr7QbBZ_ByxANtfCif9krfBoY
cache-control
public, max-age=86400
x-goog-storage-class
MULTI_REGIONAL
cf-ray
9c1e49001a1ed874-LHR
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1620242732037093
content-length
43
server
cloudflare
px.gif
ad-delivery.net/ 		43 B
111 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad-delivery.net/px.gif?ch=2&e=0.9128823309296122
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:2f50 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-goog-metageneration
5
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status
HIT
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
age
1480103
x-goog-stored-content-encoding
identity
expires
Fri, 23 Jan 2026 10:14:34 GMT
x-goog-stored-content-length
43
date
Thu, 22 Jan 2026 10:14:34 GMT
content-type
image/gif
vary
accept-encoding
last-modified
Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid
ABgVH8_eypAsB0yHA4t-wWK1ceeK_Cfhz3A3Tqr4F-I2lvmr7QbBZ_ByxANtfCif9krfBoY
cache-control
public, max-age=86400
x-goog-storage-class
MULTI_REGIONAL
cf-ray
9c1e4902dfafd874-LHR
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1620242732037093
content-length
43
server
cloudflare
favicon.ico
ad.doubleclick.net/ 		1 KB
129 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.28195846462519114
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.230 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra24s12-in-f6.1e100.net
Software
sffe /
Resource Hash
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

content-encoding
gzip
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options
nosniff
expires
Fri, 23 Jan 2026 10:14:34 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 22 Jan 2026 10:14:34 GMT
content-type
image/x-icon
vary
Accept-Encoding
last-modified
Tue, 08 May 2012 13:08:06 GMT
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
content-length
104
x-xss-protection
0
server
sffe
px.gif
ad-delivery.net/ 		43 B
163 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad-delivery.net/px.gif?ch=2&e=0.7643272183727724
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:2f50 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-goog-metageneration
5
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status
HIT
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
age
1480104
x-goog-stored-content-encoding
identity
expires
Fri, 23 Jan 2026 10:14:35 GMT
x-goog-stored-content-length
43
date
Thu, 22 Jan 2026 10:14:35 GMT
content-type
image/gif
vary
accept-encoding
last-modified
Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid
ABgVH8_eypAsB0yHA4t-wWK1ceeK_Cfhz3A3Tqr4F-I2lvmr7QbBZ_ByxANtfCif9krfBoY
cache-control
public, max-age=86400
x-goog-storage-class
MULTI_REGIONAL
cf-ray
9c1e49059ddfd874-LHR
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1620242732037093
content-length
43
server
cloudflare
favicon.ico
ad.doubleclick.net/ 		1 KB
129 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.7672309013640299
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.230 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra24s12-in-f6.1e100.net
Software
sffe /
Resource Hash
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

content-encoding
gzip
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options
nosniff
expires
Fri, 23 Jan 2026 10:14:35 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 22 Jan 2026 10:14:35 GMT
content-type
image/x-icon
vary
Accept-Encoding
last-modified
Tue, 08 May 2012 13:08:06 GMT
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
content-length
104
x-xss-protection
0
server
sffe
favicon.ico
ad.doubleclick.net/ 		1 KB
129 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.8552337687821046
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.230 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra24s12-in-f6.1e100.net
Software
sffe /
Resource Hash
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

content-encoding
gzip
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options
nosniff
expires
Fri, 23 Jan 2026 10:14:35 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 22 Jan 2026 10:14:35 GMT
content-type
image/x-icon
vary
Accept-Encoding
last-modified
Tue, 08 May 2012 13:08:06 GMT
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
content-length
104
x-xss-protection
0
server
sffe
px.gif
ad-delivery.net/ 		43 B
111 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad-delivery.net/px.gif?ch=2&e=0.18953730259431822
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:2f50 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

x-goog-metageneration
5
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status
HIT
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
age
1480104
x-goog-stored-content-encoding
identity
expires
Fri, 23 Jan 2026 10:14:35 GMT
x-goog-stored-content-length
43
date
Thu, 22 Jan 2026 10:14:35 GMT
content-type
image/gif
vary
accept-encoding
last-modified
Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid
ABgVH8_eypAsB0yHA4t-wWK1ceeK_Cfhz3A3Tqr4F-I2lvmr7QbBZ_ByxANtfCif9krfBoY
cache-control
public, max-age=86400
x-goog-storage-class
MULTI_REGIONAL
cf-ray
9c1e49085ce1d874-LHR
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1620242732037093
content-length
43
server
cloudflare
country
api.btloader.com/ 		37 B
153 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.btloader.com/country?o=6278260873756672
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.23.194 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
194.23.211.130.bc.googleusercontent.com
Software
/
Resource Hash
cd5766e75c80e55c207e9ad4386e204701ec2726d1a5a6d4583faf1fd3d5f8d3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

cache-control
private, max-age=300, stale-while-revalidate=600, stale-if-error=600
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
date
Thu, 22 Jan 2026 10:14:36 GMT
content-type
application/json
vary
Origin
pv
api.btloader.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.btloader.com/pv?nlf=false&tid=Odok3dq1H-AZiOI7kK-9be532d596&sid=aAnEg2eK-RWlcymZRev-9be532d596&cv=2.1.177&upapi=true
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.23.194 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
194.23.211.130.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

via
1.1 google
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 22 Jan 2026 10:14:36 GMT
vary
Origin
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fleekduck.com%2F&domain=leekduck.com&cw=1&lsw=1&us_privacy=1---&gdprString=CQebhUAQebhUADyvWAENCOFAAAAAAAAAACiQAAAAAAAA.IAAA&gdpr=1&gpp_sid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::d , France, ASN44788 (ASN-CRITEO-EUROPE Criteo Technology SAS, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://leekduck.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://leekduck.com
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Thu, 22 Jan 2026 10:14:41 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
214323
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
json
gum.criteo.com/sid/ 		2 B
371 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fleekduck.com%2F&domain=leekduck.com&cw=1&lsw=1&us_privacy=1---&gdprString=CQebhUAQebhUADyvWAENCOFAAAAAAAAAACiQAAAAAAAA.IAAA&gdpr=1&gpp_sid=
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::d , France, ASN44788 (ASN-CRITEO-EUROPE Criteo Technology SAS, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
content-type
application/json
Referer
https://leekduck.com/

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
296213
expires
0
access-control-allow-origin
https://leekduck.com
date
Thu, 22 Jan 2026 10:14:42 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
server
Kestrel
rid
match.adsrvr.org/track/ 		63 B
424 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=tpfrvh0&fmt=json
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8843a725339558e87df7661ce9160889de464789d1391f02bcb055f8a14d3b69

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://leekduck.com/

Response headers

cache-control
private
content-encoding
gzip
access-control-allow-credentials
true
expires
Sat, 21 Feb 2026 10:14:42 GMT
access-control-allow-origin
https://leekduck.com
date
Thu, 22 Jan 2026 10:14:42 GMT
content-type
application/json
vary
Origin,Accept-Encoding
server
Kestrel
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept, x-integration-type
envelope
api.rlcdn.com/api/identity/ 		0
244 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.rlcdn.com/api/identity/envelope?pid=14333&ct=4&cv=CQebhUAQebhUADyvWAENCOFAAAAAAAAAACiQAAAAAAAA.IAAA
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.133.55 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
55.133.120.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://leekduck.com/

Response headers

access-control-allow-headers
Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
via
1.1 google
access-control-allow-origin
https://leekduck.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 22 Jan 2026 10:14:42 GMT
access-control-allow-credentials
true
access-control-allow-methods
GET, OPTIONS
cookie_sync
pbs.nitropay.com/ 		42 B
277 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nitropay.com/cookie_sync
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.144.25 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
25.144.244.35.bc.googleusercontent.com
Software
/
Resource Hash
57ce2b08ef8da65d0f5627d6e41c7725efd32d3e377dea3c91025a375ae93fdf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://leekduck.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
via
1.1 google
expires
0
access-control-allow-origin
https://leekduck.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
date
Thu, 22 Jan 2026 10:14:42 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding,Origin
auction
pbs.nitropay.com/openrtb2/ 		304 B
414 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nitropay.com/openrtb2/auction
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.144.25 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
25.144.244.35.bc.googleusercontent.com
Software
/
Resource Hash
97efec39c8e78f0b0e2a2cab4c1f56c9e90659cafb355aaef2563515e98007f1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://leekduck.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
observe-browsing-topics
?1
via
1.1 google
expires
0
access-control-allow-origin
https://leekduck.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
304
date
Thu, 22 Jan 2026 10:14:42 GMT
x-prebid
pbs-go/3.29.0
content-type
application/json
vary
Accept-Encoding,Origin
prebidjs
ib.adnxs-simple.com/openrtb2/ 		0
528 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs-simple.com/openrtb2/prebidjs
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.90 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEXUS - Xandr Inc., US),
Reverse DNS
941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.25.5 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://leekduck.com/

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
146.70.134.87; 146.70.134.87; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs-simple.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
https://leekduck.com
an-x-request-uuid
cdab5bbb-d34b-4380-aeef-a27a11e8dae6
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Thu, 22 Jan 2026 10:14:42 GMT
x-xss-protection
0
server
nginx/1.25.5
prebid
exchange.postrelease.com/ 		0
291 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.postrelease.com/prebid?ntv_pb_eid=W3sic291cmNlIjoibGVla2R1Y2suY29tIiwidWlkcyI6W3siaWQiOiJhNzc0YmU1YmI2MjQzYjk2OTE0OTBlYmUwZjFkM2IzMSIsImF0eXBlIjoxLCJleHQiOnsic3R5cGUiOiJwcHVpZCJ9fV19LHsic291cmNlIjoicHViY2lkLm9yZyIsInVpZHMiOlt7ImlkIjoiOTZkZTUzMmMtMzM4YS00NGJkLThhOWEtYTdhZTg1NDE0YTY4IiwiYXR5cGUiOjF9XX1d&us_privacy=1---&ntv_gpp_consent=undefined&ntv_gdpr_consent=CQebhUAQebhUADyvWAENCOFAAAAAAAAAACiQAAAAAAAA.IAAA&ntv_ptd=1662267&ntv_pas=eyIxNjYyMjY3IjpbWzcyOCw5MF0sWzk3MCw5MF0sWzk3MCwyNTBdLFszMDAsMjUwXSxbMzM2LDI4MF1dLCJsZW5ndGgiOjF9&ntv_pbv=v10.16.0&ntv_pb_rid=6d3eda75-0361-400d-b524-4c819b737622&ntv_ppc=W3siYWRVbml0Q29kZSI6ImFkLWhvbWVwYWdlIiwibWVkaWFUeXBlcyI6eyJiYW5uZXIiOnsicG9zIjozLCJzaXplcyI6W1s3MjgsOTBdLFs5NzAsOTBdLFs5NzAsMjUwXSxbMzAwLDI1MF0sWzMzNiwyODBdXX19fV0=&ntv_dbr=eyJhZC1ob21lcGFnZSI6MH0=&ntv_url=https%3A%2F%2Fleekduck.com%2F
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.214.66.220 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-44-214-66-220.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://leekduck.com/

Response headers

expires
Mon, 1 Jan 1990 12:00:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin
https://leekduck.com
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Thu, 22 Jan 2026 10:14:43 GMT
pragma
no-cache
access-control-allow-credentials
true
auction
prebid-server.rubiconproject.com/openrtb2/ 		173 B
507 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c004:200::137 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - Magnite, Inc., US),
Reverse DNS
Software
/
Resource Hash
40f020dd615840ed4ba8040de5475d6ccd642852dbaa8f2ff57e1348f68c0baf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://leekduck.com/

Response headers

Cache-Control
no-cache, no-store, must-revalidate
content-encoding
gzip
Pragma
no-cache
access-control-allow-credentials
true
Observe-Browsing-Topics
?1
Expires
0
access-control-allow-origin
https://leekduck.com
content-length
168
x-prebid
pbs-java/3.38.0
Content-Type
application/json
vary
origin
fastlane.json
fastlane.rubiconproject.com/a/api/ 		582 B
789 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17374&site_id=591076&zone_id=3774048&size_id=15&alt_size_ids=2%2C16%2C55%2C57&p_pos=btf&gdpr=1&gdpr_consent=CQebhUAQebhUADyvWAENCOFAAAAAAAAAACiQAAAAAAAA.IAAA&us_privacy=1---&rp_schain=1.0,1!nitropay.com,574,1,,,&eid_leekduck.com=a774be5bb6243b9691490ebe0f1d3b31%5E1%5E%5E%5E%5E%5E&eid_pubcid.org=96de532c-338a-44bd-8a9a-a7ae85414a68%5E1%5E%5E%5E%5E%5E&ppuid=a774be5bb6243b9691490ebe0f1d3b31&rf=https%3A%2F%2Fleekduck.com%2F&tg_i.domain=leekduck.com&tg_i.page=https%3A%2F%2Fleekduck.com%2F&tg_i.name=Leek%20Duck&tg_i.privacypolicy=1&tg_i.cattax=7&tg_i.cat=680%2C683&tg_i.kwarray=Gaming%2CPok%C3%A9mon%2CMobile%20Gaming%2CGuides%2CGame%20Database%2CPok%C3%A9mon%20GO%2CCreature%20Collection%2CGame%20Companion%2CReference&tg_i.documentLang=en&tg_i.pbadslot=%2Fnitro%2F574%2F642%2Fad-homepage&tk_flint=pbjs_lite_v10.16.0&x_source.tid=u8bbad408-d813-43fa-ad83-4395d3a02cae&l_pb_bid_id=4be8bcf2-f24e-418b-b239-913ad8fec750&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=ub99cd81f-3c64-4c10-9f58-ccbce0d9e966&p_gpid=%2Fnitro%2F574%2F642%2Fad-homepage&m_ch_mobile=%3F0&slots=1&rand=0.8712586689175101
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT - Magnite, Inc., US),
Reverse DNS
Software
nginx/1.27.2 /
Resource Hash
0b5b5cc3cc098a4d4459694cb406d09737bc0d12afc4886278308f301928ecd0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://leekduck.com/

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-origin
https://leekduck.com
content-length
582
date
Thu, 22 Jan 2026 10:14:43 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.27.2
bid
ap.lijit.com/rtb/ 		0
206 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_10.16.0
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.203.177.31 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-203-177-31.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://leekduck.com/

Response headers

access-control-allow-methods
GET, POST, DELETE, PUT
access-control-allow-origin
https://leekduck.com
x-envoy-upstream-service-time
5
date
Thu, 22 Jan 2026 10:14:42 GMT
server
istio-envoy
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With, Content-Type
Nitro
direct.adsrvr.org/bid/bidder/ 		0
416 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://direct.adsrvr.org/bid/bidder/Nitro
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.223.6.21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
a8c33d2b6751b365d.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://leekduck.com/

Response headers

x-openrtb-version
2.3
cache-control
private
access-control-allow-credentials
true
access-control-allow-origin
https://leekduck.com
content-length
0
date
Thu, 22 Jan 2026 10:14:42 GMT
content-type
application/json
server
Kestrel
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept, x-integration-type
prebid
prebid.media.net/rtb/ 		32 B
561 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CU87559X
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.36.209.34 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
34.209.36.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
dbe5b7ecbb1e59ac15de1b1ea340c9540f8d1cf1764c667aeca64a1fdd3b639c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://leekduck.com/

Response headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
content-encoding
gzip
pragma
no-cache
accept-ch
Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
x-envoy-upstream-service-time
4
access-control-allow-credentials
true
observe-browsing-topics
?1
via
1.1 google
expires
Thu, 22 Jan 2026 10:14:42 GMT
access-control-allow-origin
https://leekduck.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 22 Jan 2026 10:14:42 GMT
content-type
application/json;charset=utf-8
server
istio-envoy
auction
tlx.3lift.com/header/ 		19 B
721 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=10.16.0&referrer=https%3A%2F%2Fleekduck.com%2F&tmax=2200&gdpr=true&cmp_cs=CQebhUAQebhUADyvWAENCOFAAAAAAAAAACiQAAAAAAAA.IAAA&us_privacy=1---
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.192.42.219 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-192-42-219.compute-1.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://leekduck.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
pragma
no-cache
accept-ch
sec-ch-ua-mobile,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua-full-version,sec-ch-ua,sec-ch-ua-bitness,sec-ch-device-memory,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ect,sec-ch-save-data,sec-ch-viewport-height,sec-ch-width,user-agent,sec-ch-dpr,sec-ch-ua-platform,sec-ch-prefers-color-scheme,sec-ch-ua-full-version-list,sec-ch-downlink,sec-ch-viewport-width
access-control-allow-credentials
true
observe-browsing-topics
?1
expires
Thu, 15 Oct 1992 20:10:00 GMT
access-control-allow-origin
https://leekduck.com
x-auction-status
30, 15
x-xss-protection
0
content-type
application/json; charset=utf-8
vary
Accept-Encoding
pbjs
htlb.casalemedia.com/openrtb/ 		58 B
561 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=1204471
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.26.193 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
83c074449d2116acd4c21719cca0832c493b5bec2265162c9c559b5354a46354

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://leekduck.com/

Response headers

content-encoding
br
cf-cache-status
DYNAMIC
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=tuv6uev%2F3VjkXDuDUadQ71gagTluQmefS%2Bz72e7GwHJFwVQd6UHRiJ5fhfwlb%2Bma7gXCQuMtERLFcksDdPjMtTHKD%2Fe9VChxBqCC9Z346Frdawo%3D"}]}
observe-browsing-topics
?1
expires
0
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 22 Jan 2026 10:14:42 GMT
content-type
application/json
vary
Accept-Encoding
priority
u=1,i
cache-control
no-cache
nel
{"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
pragma
no-cache
access-control-allow-credentials
true
cf-ray
9c1e4935d9110cc1-LHR
access-control-allow-origin
https://leekduck.com
server
cloudflare
v1
btlr.sharethrough.com/universal/ 		0
118 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.71.19.94 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-3-71-19-94.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=16000000; includeSubDomains; preload;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://leekduck.com/

Response headers

strict-transport-security
max-age=16000000; includeSubDomains; preload;
access-control-allow-origin
https://leekduck.com
access-control-allow-credentials
true
v1
btlr.sharethrough.com/universal/ 		0
118 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.71.19.94 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-3-71-19-94.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=16000000; includeSubDomains; preload;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://leekduck.com/

Response headers

strict-transport-security
max-age=16000000; includeSubDomains; preload;
access-control-allow-origin
https://leekduck.com
access-control-allow-credentials
true
v1
btlr.sharethrough.com/universal/ 		0
118 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.71.19.94 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-3-71-19-94.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=16000000; includeSubDomains; preload;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://leekduck.com/

Response headers

strict-transport-security
max-age=16000000; includeSubDomains; preload;
access-control-allow-origin
https://leekduck.com
access-control-allow-credentials
true
v1
btlr.sharethrough.com/universal/ 		0
119 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.71.19.94 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-3-71-19-94.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=16000000; includeSubDomains; preload;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://leekduck.com/

Response headers

strict-transport-security
max-age=16000000; includeSubDomains; preload;
access-control-allow-origin
https://leekduck.com
access-control-allow-credentials
true
prebidjs
rtb.openx.net/openrtbb/ 		53 B
242 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://rtb.openx.net/openrtbb/prebidjs
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.252.103 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
/
Resource Hash
330da46bd5a791fe76171180854f75d6563d39aa29c984145951dcf4f9f35258

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://leekduck.com/

Response headers

x-forwarded-for
146.70.134.87
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://leekduck.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
53
date
Thu, 22 Jan 2026 10:14:42 GMT
content-type
text/plain
vary
Origin
prebidjs
rtb.openx.net/openrtbb/ 		53 B
105 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://rtb.openx.net/openrtbb/prebidjs
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.252.103 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
/
Resource Hash
f761d035574f76a63eb3f3b949f4bfbba13d603eb2772e776fac17a21c18c702

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://leekduck.com/

Response headers

x-forwarded-for
146.70.134.87
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://leekduck.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
53
date
Thu, 22 Jan 2026 10:14:42 GMT
content-type
text/plain
vary
Origin
translator
hbopenbid.pubmatic.com/ 		0
306 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client&gzip=1
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://leekduck.com/

Response headers

strict-transport-security
max-age=16070400; includeSubDomains
cache-control
no-cache, no-store, must-revalidate, no-store, no-cache, private
access-control-allow-credentials
true
observe-browsing-topics
?1
pmfcgi-resp
TRUE
access-control-allow-origin
https://leekduck.com
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date
Thu, 22 Jan 2026 10:14:43 GMT
server
nginx
i
t.nit.ro/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://t.nit.ro/i?d=CgthZC1ob21lcGFnZRoFYmxhbmtCFWh0dHBzOi8vbGVla2R1Y2suY29tL0gAWiQwMTliZTUzMi1kNTU1LTdmMWYtYjk3Ni0yOTMxZjllZTBiNzJiAkNIagJaSJIBIGE3NzRiZTViYjYyNDNiOTY5MTQ5MGViZTBmMWQzYjMxmgEHMmU2OGEyZKIBB2Rpc3BsYXm4AQDQAYIF6gEMCgZmbG9vcnMSAm9u8gEA
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.144.25 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
25.144.244.35.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 22 Jan 2026 10:14:43 GMT
vary
Origin
14333
check.analytics.rlcdn.com/check/ 		25 B
636 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://check.analytics.rlcdn.com/check/14333
Requested by
Host: s.nitropay.com
URL: https://s.nitropay.com/ads-642.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2013:4200:16:708:31c0:93a1 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
8a9ba7bbc88ec23d81a2d63845638a3b6603de473261872f301803cef84ef335

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://leekduck.com/

Response headers

x-amz-apigw-id
XlFOHG-yDoEEWPQ=
Age
4053
Connection
keep-alive
X-Amzn-Trace-Id
Root=1-6971e8c0-4e61c0e03f86155e775dd1f0
x-amzn-RequestId
e9eda534-af68-47b0-93b4-14f33ac8104f
Via
1.1 fbd2b51fce9ee4f3aa7b93dbbda3d698.cloudfront.net (CloudFront), 1.1 31028316ebf6f55d1032e774dd501fc4.cloudfront.net (CloudFront)
Access-Control-Allow-Origin
*
X-Cache
Hit from cloudfront
Content-Length
25
X-Amz-Cf-Id
hv0Rd1lzVzV7LMJBHi3VT8J4wdaWanxSenWK1MnJOSnSu86dECVHKQ==
Date
Thu, 22 Jan 2026 09:07:12 GMT
Content-Type
application/json
X-Amz-Cf-Pop
FRA56-P8, FRA56-P14
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame B69A 		21 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156737&gdpr=1&gdpr_consent=CQebhUAQebhUADyvWAENCOFAAAAAAAAAACiQAAAAAAAA.IAAA&us_privacy=1---
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/gptprebidnative/202601061251/wrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.168.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a88-221-168-201.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
5b6ceeffb380eae16e91dcf08a3493068aa5b7bd6f4c3f4ad7b4daa188d5c2cb

Request headers

Referer
https://leekduck.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
max-age=28270
content-encoding
gzip
content-length
7259
content-type
text/html
date
Thu, 22 Jan 2026 10:14:48 GMT
expires
Thu, 22 Jan 2026 18:05:58 GMT
last-modified
Mon, 29 Sep 2025 15:12:50 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame D549 		269 B
379 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=CQebhUAQebhUADyvWAENCOFAAAAAAAAAACiQAAAAAAAA.IAAA&us_privacy=1---
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/gptprebidnative/202601061251/wrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
88.221.169.246 -, , ASN (),
Reverse DNS
Software
Apache/2.4.65 (Debian) /
Resource Hash
e4df52d49c57bc3e7158cb052cc05c60f1258c24de5c5728dac5d43272943ad9

Request headers

Referer
https://leekduck.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
224
content-type
text/html
date
Thu, 22 Jan 2026 10:14:48 GMT
etag
"10d-63d602600b800-gzip"
last-modified
Wed, 27 Aug 2025 22:17:04 GMT
server
Apache/2.4.65 (Debian)
vary
Accept-Encoding
sync
eb2.3lift.com/ Frame 368C 		37 B
139 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?gdpr=true&cmp_cs=CQebhUAQebhUADyvWAENCOFAAAAAAAAAACiQAAAAAAAA.IAAA&us_privacy=1---&
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/gptprebidnative/202601061251/wrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
https://leekduck.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
date
Thu, 22 Jan 2026 10:14:48 GMT
pd
ggsoftware-d.openx.net/w/1.0/ Frame B73F 		68 B
124 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ggsoftware-d.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=CQebhUAQebhUADyvWAENCOFAAAAAAAAAACiQAAAAAAAA.IAAA&us_privacy=1---
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/gptprebidnative/202601061251/wrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
/
Resource Hash
4cde20607a069eefd4289f5f75cbacac271db09ca6fb9fbfaf615876ee6f9257

Request headers

Referer
https://leekduck.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0, no-cache
content-length
68
content-type
text/html
date
Thu, 22 Jan 2026 10:14:47 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
pragma
no-cache
vary
Accept, Accept-Encoding
via
1.1 google
x-forwarded-for
146.70.134.87
ixmatch.html
js-sec.indexww.com/um/ Frame D08C 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/gptprebidnative/202601061251/wrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.24.18 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer
https://leekduck.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36

Response headers

age
385
cache-control
public, max-age=14400
cf-cache-status
HIT
cf-ray
9c1e49578b3f60f5-LHR
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 22 Jan 2026 10:14:48 GMT
expires
Thu, 22 Jan 2026 14:14:48 GMT
last-modified
Mon, 25 Jul 2022 19:18:19 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server
cloudflare
vary
accept-encoding
usersync
match.adsrvr.org/track/ 		70 B
148 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/usersync?us_privacy=1---&gdpr=1&gdpr_consent=CQebhUAQebhUADyvWAENCOFAAAAAAAAAACiQAAAAAAAA.IAAA&ust=image
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

content-length
70
date
Thu, 22 Jan 2026 10:14:48 GMT
content-type
image/gif
server
Kestrel
setuid
px.ads.linkedin.com/ 		0
676 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=appNexus
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:50::12 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://leekduck.com/

Response headers

linkedin-action
1
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: F86542D37AA246B58EFB8909EC8EF5C2 Ref B: ZRHEDGE1922 Ref C: 2026-01-22T10:14:48Z
x-li-fabric
prod-lva1
x-li-uuid
AAZI90+BTZH8Vi8ZiBEqww==
x-li-proto
http/2
alt-svc
h3=":443"; ma=86400
x-cache
CONFIG_NOCACHE
content-length
0
date
Thu, 22 Jan 2026 10:14:47 GMT
usync.js
eus.rubiconproject.com/ Frame D549 		45 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=CQebhUAQebhUADyvWAENCOFAAAAAAAAAACiQAAAAAAAA.IAAA&us_privacy=1---
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
88.221.169.246 -, , ASN (),
Reverse DNS
Software
Apache/2.4.65 (Debian) / PHP/8.3.24
Resource Hash
193d2cfb7d685b1f891ea66fcadb9307c718f148a080f8272dfffd7860dc8119

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=CQebhUAQebhUADyvWAENCOFAAAAAAAAAACiQAAAAAAAA.IAAA&us_privacy=1---

Response headers

cache-control
max-age=25088
content-encoding
gzip
expires
Thu, 22 Jan 2026 17:12:56 GMT
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
content-length
11500
date
Thu, 22 Jan 2026 10:14:48 GMT
last-modified
Wed, 21 Jan 2026 17:12:56 GMT
x-powered-by
PHP/8.3.24
server
Apache/2.4.65 (Debian)
content-type
text/html;charset=UTF-8
vary
Accept-Encoding
khaos.json
token.rubiconproject.com/ Frame D549 		7 B
380 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?gdpr_consent=CQebhUAQebhUADyvWAENCOFAAAAAAAAAACiQAAAAAAAA.IAAA&gdpr=1&us_privacy=1---
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.139 , Germany, ASN26667 (RUBICONPROJECT - Magnite, Inc., US),
Reverse DNS
Software
/
Resource Hash
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Referer
https://eus.rubiconproject.com/

Response headers

Cache-Control
no-cache,no-store,must-revalidate
Pragma
no-cache
access-control-allow-credentials
true
Expires
0
access-control-allow-origin
https://eus.rubiconproject.com
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
102e9138201bc46179fa572a61474df9
content-length
7
content-type
application/json; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

195 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| nitroAds function| loadSpriteSheet object| StickyAdHandler function| gtag object| dataLayer function| scrollFunction function| topFunction function| toggleStickyOffset function| moveTopButton object| Twitch object| __cfBeacon object| google_tag_manager object| google_tag_data object| googletag function| onYouTubeIframeAPIReady object| gaGlobal object| ads object| nads object| nitro object| napbjs object| _pbjsGlobals object| mnet object| __tcfapi_queue function| __tcfapi object| _comscore object| ggeac object| google_js_reporting_queue function| clearImmediate function| setImmediate object| atsenvelopemodule object| ats object| nitroAdsCustomConsents string| nitroAdsPublisherCC object| __gpp_queue object| __gpp_events number| __gpp_lastId function| __gpp function| __uspapi object| apstag object| COMSCORE object| google_reactive_ads_global_state object| nitroAdsCMP object| regeneratorRuntime object| __npcmp_queue function| __npcmp string| __npcmp_geo string| __npcmp_region boolean| __npcmp_init function| __cmp boolean| __npcmp_gdpr object| _aps boolean| apstagLOADED object| apscustom object| aps_prebid object| __bt_edge_data object| __bt object| __bt_intrnl boolean| __bt_already_invoked object| __bt_tag_d object| lotame_sync_16576 function| ha function| lotameIsCompatible function| sync16576_aa function| sync16576_c function| sync16576_f object| sync16576_h function| sync16576_ca function| sync16576_j function| sync16576_da object| sync16576_ object| sync16576_ka object| sync16576_la object| sync16576_q object| sync16576_ya function| sync16576_a function| sync16576_b function| sync16576_g function| sync16576_i function| sync16576_k function| sync16576_l function| sync16576_ea function| sync16576_m function| sync16576_fa function| sync16576_n function| sync16576_o function| sync16576_p function| sync16576_ha function| sync16576_ga function| sync16576_ia function| sync16576_ja function| sync16576_r function| sync16576_t function| sync16576_u function| sync16576_v function| sync16576_ma function| sync16576_na function| sync16576_w function| sync16576_oa function| sync16576_x function| sync16576_y function| sync16576_s function| sync16576_A function| sync16576_pa function| sync16576_qa function| sync16576_ra function| sync16576_B function| sync16576_C function| sync16576_D function| sync16576_sa function| sync16576_E function| sync16576_F function| sync16576_G function| sync16576_I function| sync16576_K function| sync16576_J function| sync16576_L function| sync16576_M function| sync16576_H function| sync16576_ta function| sync16576_ua function| sync16576_va function| sync16576_wa function| sync16576_xa function| sync16576_N function| sync16576_O function| sync16576_za function| sync16576_P function| sync16576_Aa function| sync16576_Ba function| sync16576_Ca function| sync16576_Q function| sync16576_Da function| sync16576_Ea function| sync16576_Fa function| sync16576_Ga function| sync16576_R function| sync16576_Ha function| sync16576_S function| sync16576_T function| sync16576_U function| sync16576_V function| sync16576_Ia function| sync16576_W function| sync16576_X function| sync16576_Y function| sync16576_Z function| sync16576__ function| sync16576_0 function| sync16576_1 function| sync16576_Ja function| sync16576_2 function| sync16576_La function| sync16576_Ka function| sync16576_3 function| sync16576_Na function| sync16576_Oa function| sync16576_Ma function| sync16576_Pa function| sync16576_Sa function| sync16576_Ra function| sync16576_Qa function| sync16576_Ua function| sync16576_Wa function| sync16576_Ta function| sync16576_5 function| sync16576_Va function| sync16576_Za function| sync16576_Ya function| sync16576_Xa function| sync16576_6 function| sync16576_4 function| sync16576_7 function| sync16576_8 function| sync16576__a function| sync16576_0a function| sync16576_1a function| sync16576_2a function| sync16576_9 function| sync16576_3a function| sync16576_$ function| sync16576_4a function| sync16576_5a function| sync16576_6a object| PublisherCommonId object| pbjs object| __id5_finalization_registry object| ID5 object| id5_pbjs_et object| auvars

57 Cookies

Domain/Path Name / Value
.nitropay.com/ Name: __cf_bm
Value: 1iPOR2EhxPKiI19FkO6vSCaWVd.YOHCrGJI0qKbVKns-1769076872-1.0.1.1-5HJSa.QDLsfo3GZ7jKGpuW6LOl3_0AWn6KnbmpL_oYw8BP08J8Jfp2KJHJUb5NIqVbksDYgKLSlVVGuXbQiBuYGIXvG9zlzh_2Z108QfTm4
.leekduck.com/ Name: _ga_35E44WDJ8H
Value: GS2.1.s1769076872$o1$g0$t1769076872$j60$l0$h0
.leekduck.com/ Name: _ga
Value: GA1.1.2041332112.1769076872
.leekduck.com/ Name: _nitroID
Value: a774be5bb6243b9691490ebe0f1d3b31
.leekduck.com/ Name: ncmp.domain
Value: leekduck.com
.crwdcntrl.net/ Name: _cc_dc
Value: 1
.crwdcntrl.net/ Name: _cc_id
Value: 1ed2d8736103b0fdcfd91dfb4c20d542
.leekduck.com/ Name: _cc_id
Value: 1ed2d8736103b0fdcfd91dfb4c20d542
.leekduck.com/ Name: panoramaId_expiry
Value: 1769681672812
.leekduck.com/ Name: panoramaId
Value: e1d0185c1121bff1708230f95848185ca02ce31299225033a39678f9a79a56a8
.leekduck.com/ Name: panoramaIdType
Value: panoDevice
.amazon-adsystem.com/ Name: ad-id
Value: A-FvORZQ-kpqj8ZKHsyEVFw
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.openx.net/ Name: i
Value: 1da71443-0e64-4dba-b588-e4d5d8c79296|1769076873
.openx.net/ Name: pd
Value: v2|1769076873|guvNiygen0
.rubiconproject.com/ Name: audit_p
Value: 1|Gpo4vK++au5C/54nynOsiC4ro3769+lVe8aQrGIaxzjyusKHi/Z5+K3Etu0X+urzcbFL3Jm6aB9CqQ3+tQhlLHMDvubSxZCGX/BzzVgVa+TOcSc8GQHet00Ee4X1AY/LmwOAhrHichM=
.rubiconproject.com/ Name: khaos
Value: MKPAOZQV-T-34DC
.rubiconproject.com/ Name: khaos_p
Value: MKPAOZQV-T-34DC
.rubiconproject.com/ Name: audit
Value: 1|Gpo4vK++au5C/54nynOsiC4ro3769+lVe8aQrGIaxzjyusKHi/Z5+K3Etu0X+urzcbFL3Jm6aB9CqQ3+tQhlLHMDvubSxZCGX/BzzVgVa+TOcSc8GQHet00Ee4X1AY/LmwOAhrHichM=
.rubiconproject.com/ Name: receive-cookie-deprecation
Value: 1
.creativecdn.com/ Name: g
Value: 79elbaLtcpPA18qU0HDe_1769076873465
.creativecdn.com/ Name: ts
Value: 1769076873
.contextweb.com/ Name: V
Value: e9crHbMwkxKV
.contextweb.com/ Name: VP
Value: part_e9crHbMwkxKV
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: dd621ef2e70bdafb
.opera.com/ Name: OAU
Value: OPUdf5199fc0d0441ed914b733eb118b3cb
.casalemedia.com/ Name: CMID
Value: aXH4iVVbLWEAP8YRBSkduQAA
.casalemedia.com/ Name: CMPS
Value: 5183
.casalemedia.com/ Name: CMPRO
Value: 5183
.media.net/ Name: visitor-id
Value: 4120784734627127000V10
.quantserve.com/ Name: mc
Value: 6971f889-8a0a2-ea656-2f0e5
.adform.net/ Name: C
Value: 1
.quantserve.com/ Name: sp
Value: CggIknESAxClEQ==
.adform.net/ Name: uid
Value: 8369720746071229071
.doubleclick.net/ Name: IDE
Value: AHWqTUkDNwZahpBF623orNsnqHRTekdJGHFAmZOXEDrLPCSF1FISnp8LuTTZVB24IeA
.temu.com/ Name: __cf_bm
Value: 0Qcq2LpxFNe7SKE0d9jVha_uhEjT6SRS8HgScoMyJXk-1769076873-1.0.1.1-a_VFosginttQjQ0Knf3Bk_6_4AZTf9USnI3zVgG8CuW0juBMPFRI1gqYW_I9rlMa29R_YliUnvZ.1ofiRjEfgshGx1cN_pCfqD6oLmfrIY8
.simpli.fi/ Name: suid
Value: BA90EBD2DD16484DBDBFF54F57AB7137
.bidswitch.net/ Name: tuuid
Value: 5f3c6bb2-6322-43c4-ac6e-5af4aac26fb5
.bidswitch.net/ Name: c
Value: 1769076873
.bidswitch.net/ Name: tuuid_lu
Value: 1769076873
.dotomi.com/ Name: DotomiTest
Value: 5373748612844427344
.contextweb.com/ Name: pb_rtb_ev
Value: 3-22st|2N.0.AQAJsBk4_ArA0AIk7iiYAQEBAQEBAQCa5DPbFgEBAJrkM9sW|3oy.0|4is.0.CAESEI5ENPOenw_xWJMHq8g0A8o|7TY.0
.contextweb.com/ Name: pb_rtb_ev_part
Value: 3-22st|2N.0.AQAJsBk4_ArA0AIk7iiYAQEBAQEBAQCa5DPbFgEBAJrkM9sW|3oy.0|4is.0.CAESEI5ENPOenw_xWJMHq8g0A8o|7TY.0
.taptapnetworks.com/ Name: SONATA_ID
Value: csonata_ce757cb7-6e34-482f-b27e-f35c4a7933cd
.inmobi.com/ Name: TEST-COOKIE
Value: YES
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-1288e827-e799-54c2-67d2-3cb7823dcf97.MlyMdFSljxDkGSbuF0rxT0e9gK17fj6XdzdoviLSOeQ
.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-1288e827-e799-54c2-67d2-3cb7823dcf97.MlyMdFSljxDkGSbuF0rxT0e9gK17fj6XdzdoviLSOeQ
sync.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AEojoJ-eZVMJn0jy3gj3Pl5JGhlc.%2Fjo8kPzxRXwJsYvut702RTBrY%2F%2B1E5RHoZ79Kz3sMJ0
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AEojoJ-eZVMJn0jy3gj3Pl5JGhlc.%2Fjo8kPzxRXwJsYvut702RTBrY%2F%2B1E5RHoZ79Kz3sMJ0
sync.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIDr03LSw0FE1HYMFAZkFJ89jD-c-ju9gGggmmYptLOVsENYBGAQgifHHywYwAToE9TFfZUIEXiavKw.JRuzT%2Fex3SNlEu1XkZCmsEPsibIqqAmMJx3n91hFRwc
.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIDr03LSw0FE1HYMFAZkFJ89jD-c-ju9gGggmmYptLOVsENYBGAQgifHHywYwAToE9TFfZUIEXiavKw.JRuzT%2Fex3SNlEu1XkZCmsEPsibIqqAmMJx3n91hFRwc
.leekduck.com/ Name: _pubcid
Value: 96de532c-338a-44bd-8a9a-a7ae85414a68
.leekduck.com/ Name: _pubcid_cst
Value: CU%2FBKg%3D%3D
leekduck.com/ Name: _lr_retry_request
Value: true
leekduck.com/ Name: _lr_env_src_ats
Value: false
leekduck.com/ Name: nitro-uid
Value: %7B%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222026-01-22T10%3A14%3A42%22%7D
leekduck.com/ Name: nitro-uid_cst
Value: CU%2FBKg%3D%3D

2 Console Messages

Source Level URL
Text
rendering warning URL: https://leekduck.com/
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A020571614250000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://leekduck.com/
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A090690114250000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.ad.gt
aax-eu.amazon-adsystem.com
aax.amazon-adsystem.com
ab.dns-finder.com
ad-delivery.net
ad.doubleclick.net
ads.pubmatic.com
amazon-tam-match.dotomi.com
ap.lijit.com
api.btloader.com
api.rlcdn.com
ats-wrapper.privacymanager.io
b1sync.zemanta.com
bcp.crwdcntrl.net
bh.contextweb.com
btloader.com
btlr.sharethrough.com
c.amazon-adsystem.com
c1.adform.net
cdn.confiant-integrations.net
cdn.hadronid.net
cdn.id5-sync.com
cdn.leekduck.com
check.analytics.rlcdn.com
cloudflareinsights.com
cm.g.doubleclick.net
cms.quantserve.com
config.aps.amazon-adsystem.com
consent.nitrocnct.com
creativecdn.com
cs-tam.yellowblue.io
cs.media.net
direct.adsrvr.org
dsum-sec.casalemedia.com
dsum.casalemedia.com
eb2.3lift.com
embed.twitch.tv
eu-u.openx.net
eus.rubiconproject.com
exchange.postrelease.com
fastlane.rubiconproject.com
floors.nitropay.com
geo.privacymanager.io
ggsoftware-d.openx.net
gum.criteo.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.liadm.com
ib.adnxs-simple.com
js-sec.indexww.com
leekduck.com
match.adsrvr.org
match.sharethrough.com
ms-cookie-sync.presage.io
pbs.nitropay.com
pixel.rubiconproject.com
prebid-server.rubiconproject.com
prebid.media.net
pulsepoint-match.dotomi.com
px.ads.linkedin.com
region1.google-analytics.com
rtb.openx.net
s.amazon-adsystem.com
s.nitropay.com
sb.scorecardresearch.com
secure.cdn.fastclick.net
securepubads.g.doubleclick.net
sonata-notifications.taptapnetworks.com
ssum-sec.casalemedia.com
static.cloudflareinsights.com
sync.inmobi.com
sync.srv.stackadapt.com
t.adx.opera.com
t.nit.ro
tags.crwdcntrl.net
tlx.3lift.com
token.rubiconproject.com
u.openx.net
um.simpli.fi
us-u.openx.net
www.googletagmanager.com
www.temu.com
x.bidswitch.net
104.18.2.78
104.18.24.18
104.18.26.193
104.18.27.193
108.138.4.226
13.226.244.95
13.33.187.48
13.33.52.91
130.211.23.194
142.250.184.230
142.251.140.168
142.251.141.98
15.197.193.217
151.101.66.167
172.217.18.2
172.64.144.166
172.66.1.242
172.67.73.83
18.198.188.210
18.203.177.31
18.244.18.122
18.245.31.92
18.245.86.84
185.184.8.90
185.64.189.112
185.89.210.90
188.114.96.3
2001:4860:4802:32::36
208.93.169.131
23.215.23.105
2600:9000:2013:4200:16:708:31c0:93a1
2602:803:c003:200::21
2602:803:c004:200::137
2606:4700:10::6814:170d
2606:4700:10::6814:2f50
2606:4700:10::ac42:949f
2606:4700:10::ac42:a677
2606:4700:10::ac42:ab85
2606:4700:20::ac43:4953
2606:4700::6810:5049
2620:116:800d:21:7eb1:3826:be7e:d981
2620:1ec:50::12
2a00:1450:4001:80e::2008
2a02:2638:3::d
2a02:fa8:8806:13::1370
2a02:fa8:8806:20::2040
3.224.192.194
3.71.19.94
34.120.133.55
34.141.240.75
34.192.42.219
34.241.211.209
34.36.200.111
34.36.209.34
34.98.64.218
35.156.185.106
35.207.140.152
35.212.104.44
35.214.136.108
35.227.244.76
35.227.252.103
35.244.144.25
37.157.5.49
44.214.66.220
52.223.6.21
54.162.156.31
63.35.207.216
64.74.236.159
67.220.226.232
69.173.144.139
76.223.111.18
82.145.213.8
88.221.168.201
88.221.169.246
98.82.156.207
01481abc11f39240b24f8d1da61feb6f1260a50cdbc23b6875d55b41aa8c40ad
02163fb7bc8b11bc7647ce33c4eaaf5e08d6b8f949613eaddf5d9a4bb5bcf380
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
068a43bc220f431e976a11bff49ea94140d4e3561c571fc9b7842050ae40d536
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0969a3f94abf6f56fabba8d8481518347ee147efad7f5f4bbc82cd4776f5716f
0b5b5cc3cc098a4d4459694cb406d09737bc0d12afc4886278308f301928ecd0
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
106713926e9831a5ff28f5fca6d2b3bdd11c1366ce595fe5f61869cd26bc3fb1
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d
193d2cfb7d685b1f891ea66fcadb9307c718f148a080f8272dfffd7860dc8119
205f1176122f36abf4137ffd97b5d492313abf169aed39a4b566d1f579bbd01c
23745b761b33fb7d38e3242a020f04077786271ac859772d2f268b09dd4ec1e5
23b229024a07f3f17fbb28eeeb00aa7e8e504a42ebcb0847e855255bc7a90471
23b6903e84614f49dc811f235c790eb69fb4a4b6b5ccd22965a7ea7670d5daf5
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
29c1a0c5639ae7dc2047019230a7b874d846baa52d689f731ad6e9d189451be2
2c1eee94269c3170139a3ead2107d4f8ed129efc25b20edffe7eabc0c03e515b
330da46bd5a791fe76171180854f75d6563d39aa29c984145951dcf4f9f35258
340650a5e544565b8ee13d75b7440a72adf2cee6956dcbc7f28051703ec63351
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
40f020dd615840ed4ba8040de5475d6ccd642852dbaa8f2ff57e1348f68c0baf
4373796128fe0bb9b1b43f1f02595218e145b41df76f50c7c22fbeac57c1a861
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4432eab794f516d7fc7bc4fecce8f3e30ddfbef4ad90a8eef4e29fc4fd2129e1
45bc6978e281a938d9485dcbf0859159b24e2f7c9b8b0fafc120b9606e0ea8b1
45c1032d6f77a386e88ce0a5cf7b81d63d9bbe5c07c4ab8689fc8ce519c45b78
45db7177547198fc5c263787410d33f35112e1510723c80ec6b204fc70c705e8
4cde20607a069eefd4289f5f75cbacac271db09ca6fb9fbfaf615876ee6f9257
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fb574c0ac9e73149f427d9db648f7b977a92479dee6ab861abe2d4b80db0b03
57ce2b08ef8da65d0f5627d6e41c7725efd32d3e377dea3c91025a375ae93fdf
586b1560c737fd75a2235200b7f2ddf728d8acf9055d0feccc06518ed0b757fb
5aec17592075b8ab6a45b225bd5ee7ae4261e2f13547371013659b9cce679aa9
5b36081aa7ff53b6bc9320413586af1cd87602b6e01dc99b9f34f64f5976705f
5b6ceeffb380eae16e91dcf08a3493068aa5b7bd6f4c3f4ad7b4daa188d5c2cb
5e6e0cbd4767a7a9ee530f7cca02450c66746d9f4e29599b9a2f39ddfc89d22e
5f21e0f630908949bdb51c17a4ea1f1e507300d995d6984ceb566441752d602f
60e6860ceca7d5356170710d5eda99debc078e246d46e58f9b240e5410aaa9cf
62227a6f6db5dc512ddae42343e327289b8409e1ee4cc3204ddc99d206e9cf4a
67261bc7425cd3c95041a0a46ae30412df9878e9b58fc233f5859f36e6c7a4df
676a2c02945351de35137e714683b01bb8270d07f16e59e3a65054455b325f46
6979c68f0d6e11d157f64514b658d0ff5143ba041358e25b6247684a10069a47
6c84348296ebe2e2a0830c3962eb02156419d9bc76371c2eadaf7329d827d550
6d51cc4c1338720545dc666f4df3fe1a78b2e9d97058dad6afe5c9353b60312c
6d8fea63a817b75ec9bfbc153b60b576dd31392e4d2afbec0d83cc813f8aca4d
77b811c2b2b6a96c126150170389321bba78911bade4323e5652559a2957c79c
7b21bbb8ef971401ae80a3877b20405f18623e70111a65f0503458ea623255ce
7e56e68063acd46b391e96c23dd3ea11eb5ff623f192e71be2dcb25b929f6a73
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb
83c074449d2116acd4c21719cca0832c493b5bec2265162c9c559b5354a46354
8843a725339558e87df7661ce9160889de464789d1391f02bcb055f8a14d3b69
89863d0411e5273c7c2befe50bceeab57034e26b5df8751cc13c3bd78c73511d
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
8a9ba7bbc88ec23d81a2d63845638a3b6603de473261872f301803cef84ef335
8b073656b9f29c4237714b9dc8edc4f1a14796fda9366347b2994bfd7defb7b4
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d91474a99d8d55bccca3efc4303f20e7b7420224482af35ea7645afd61a6e9e
915b03c72aa710d3ad578d0899d81200b357f685c0dbd680d775b9f65e235818
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
922251094bc0c211bd4dffdfd8bcd77b5fc6197e2f32946fc997d3a665cbb4b8
97efec39c8e78f0b0e2a2cab4c1f56c9e90659cafb355aaef2563515e98007f1
9c266d60e86e7331175b8e240c819b3aac5619946898bd15a2aa0f41a3d649bc
9e966727461f30d4689f718bad0f745ac1932e8f82286b06dda21a8355138f0e
a2363673ba9d1535f1d5ce343a765f5fca7ee48614f15af0ca8cf62bbed974cc
a51f9930c5a7812959ef9f161970a46a27bbc5602e1965893884091665928272
ae23fbaf98dcf05db4763090e47e765d21f553cd4a18fff09c3315f6fe20a44d
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3fa9ec4b2d9e8d6bb1370cc1d5c5d852ca321b3e55f3883babac0953016a890
b9abdc0694a396c9d3bef8293e148c56cdaaebbc6a75d17c4707c8262b509ff2
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bf6492d4a9d5e820160e6a4375e8441d12d8d304e9599fef5da52f71b7318439
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
cd5766e75c80e55c207e9ad4386e204701ec2726d1a5a6d4583faf1fd3d5f8d3
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
d8b1118860dcfdf3b34704d30262803b1cad387dce0e1676e305b8a86cceb853
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
dbe5b7ecbb1e59ac15de1b1ea340c9540f8d1cf1764c667aeca64a1fdd3b639c
dc936176ef07f40e3732d2b6a95c653786e91e9d692d31a943419cbed28ed54a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e44f6ec86acfe83aca288597bf56662e535055f48fec6083360b1a15d8262499
e4df52d49c57bc3e7158cb052cc05c60f1258c24de5c5728dac5d43272943ad9
e9ceb96b2aff7b757c9c2507a1e8a1d2b40ddea4fadcb17839cda3e5020bd7ab
eda5ec1c59939f001bdc15f557f3a905110aac0a60afc5a1eb92d8cdc2d2cbb5
eeaf94da90366254c9bd9e785dd8885dc14eb2802b41626208d111aea09c8fdb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f761d035574f76a63eb3f3b949f4bfbba13d603eb2772e776fac17a21c18c702
fc5521185e7dec9f2c67fdf916d6a81db3ca1d571b1e8d89ffb7dec282e83d31
fde7231d856faef46de3f4947cecc117d281c0f49ce893d3f6bf281b81894f88