www.plurk.com Open in urlscan Pro
2606:4700::6811:4603 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.plurk.com/s/p/ohk7l6
Submission: On March 04 via manual (March 4th 2022, 9:38:58 pm UTC) from US — Scanned from DE

Summary HTTP 140 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 45 IPs in 8 countries across 33 domains to perform 140 HTTP transactions. The main IP is 2606:4700::6811:4603, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.plurk.com. The Cisco Umbrella rank of the primary domain is 166520.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 17th 2020. Valid for: 2 years.

This is the only time www.plurk.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
13	2606:4700::68... 2606:4700::6811:4603	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.186.215.140 35.186.215.140	15169 (GOOGLE) (GOOGLE)
23	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5e41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
1	60.199.208.47 60.199.208.47	9924 (TFN-TW Ta...) (TFN-TW Taiwan Fixed Network)
1	2a00:1450:400... 2a00:1450:400c:c00::9b	15169 (GOOGLE) (GOOGLE)
3 13	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1 9	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
2	143.204.98.24 143.204.98.24	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:801::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1288:80:... 2a00:1288:80:807::1	203220 (YAHOO-DEB) (YAHOO-DEB)
1	2a00:1288:80:... 2a00:1288:80:807::2	203220 (YAHOO-DEB) (YAHOO-DEB)
1	2a00:1288:110... 2a00:1288:110:c104::2000	34010 (YAHOO-IRD) (YAHOO-IRD)
1 2	199.115.117.82 199.115.117.82	30633 (LEASEWEB-...) (LEASEWEB-USA-WDC)
3	2606:4700:20:... 2606:4700:20::681a:567	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	162.210.196.208 162.210.196.208	30633 (LEASEWEB-...) (LEASEWEB-USA-WDC)
13	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
4	2600:9000:215... 2600:9000:2156:fc00:0:e06c:e940:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:215... 2600:9000:2156:ba00:3:1794:2540:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	35.201.76.93 35.201.76.93	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
1	35.74.202.76 35.74.202.76	16509 (AMAZON-02) (AMAZON-02)
4	202.39.67.6 202.39.67.6	3462 (HINET Dat...) (HINET Data Communication Business Group)
1	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 2	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	34.117.219.39 34.117.219.39	15169 (GOOGLE) (GOOGLE)
5	203.75.214.136 203.75.214.136	3462 (HINET Dat...) (HINET Data Communication Business Group)
1	210.59.219.181 210.59.219.181	() ()
1	2a00:1450:400... 2a00:1450:4001:829::2002	() ()
3 5	2.18.234.21 2.18.234.21	() ()
3 4	37.252.172.37 37.252.172.37	() ()
1	138.201.84.252 138.201.84.252	() ()
1 5	88.99.219.174 88.99.219.174	() ()
1 2	142.250.185.166 142.250.185.166	() ()
1	2a00:1450:400... 2a00:1450:4001:82f::200a	() ()
1	145.239.2.103 145.239.2.103	() ()
1	2620:116:800d... 2620:116:800d:21:fcb8:22d2:d390:5f1b	() ()
1 1	34.246.234.200 34.246.234.200	() ()
1 1	18.156.47.94 18.156.47.94	() ()
1	35.227.252.103 35.227.252.103	() ()
2 2	185.64.190.78 185.64.190.78	() ()
1 1	69.173.144.138 69.173.144.138	() ()
140	45

13 2606:4700::6811:4603 (United States)

ASN13335 (CLOUDFLARENET, US)

www.plurk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.plurk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.215.140 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 140.215.186.35.bc.googleusercontent.com

ad.sitemaji.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5e41 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 60.199.208.47 (Taiwan)

ASN9924 (TFN-TW Taiwan Fixed Network, Telco and Network Service Provider., TW)
PTR: 60-199-208-47.static.tfn.net.tw

ssl.sitemaji.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 142.250.181.226 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.98.24 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-24.fra50.r.cloudfront.net

adx.doublemax.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.doublemax.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:801::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1288:80:807::1 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:807::2 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

partnerads-test.ysm.yahoo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c104::2000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)

search.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.115.117.82 (Williamsport, United States) 1 redirects

ASN30633 (LEASEWEB-USA-WDC, US)

ads.aralego.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:20::681a:567 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.aralego.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.210.196.208 (Potomac, United States)

ASN30633 (LEASEWEB-USA-WDC, US)

sync.aralego.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2156:fc00:0:e06c:e940:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:ba00:3:1794:2540:93a1 (United States)

ASN16509 (AMAZON-02, US)

adcdn.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.76.93 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 93.76.201.35.bc.googleusercontent.com

c.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

f996d5254144482816c9e2170e0f41eb.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.74.202.76 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-74-202-76.ap-northeast-1.compute.amazonaws.com

ad.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 202.39.67.6 (New Taipei, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 202-39-67-6.hinet-ip.hinet.net

banner-cfnetwork.cdn.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::13 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.219.39 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 39.219.117.34.bc.googleusercontent.com

fp.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 203.75.214.136 (Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 203-75-214-136.hinet-ip.hinet.net

t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
0b4e3218-27fe-4f62-8bd9-1895f482d711.t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 210.59.219.181 (None, )

ASN- ()

prebid.scupio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (None, )

ASN- ()

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.18.234.21 (None, ) 3 redirects

ASN- ()

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.252.172.37 (None, ) 3 redirects

ASN- ()

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 138.201.84.252 (None, )

ASN- ()

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 88.99.219.174 (None, ) 1 redirects

ASN- ()

hal900029.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.166 (None, ) 1 redirects

ASN- ()

8019191.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (None, )

ASN- ()

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 145.239.2.103 (None, )

ASN- ()

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:fcb8:22d2:d390:5f1b (None, )

ASN- ()

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.246.234.200 (None, ) 1 redirects

ASN- ()

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.156.47.94 (None, ) 1 redirects

ASN- ()

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.252.103 (None, )

ASN- ()

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.78 (None, ) 2 redirects

ASN- ()

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (None, ) 1 redirects

ASN- ()

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
37	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 90 tpc.googlesyndication.com — Cisco Umbrella Rank: 122 f996d5254144482816c9e2170e0f41eb.safeframe.googlesyndication.com	518 KB
21	doubleclick.net 5 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 68 googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159 cm.g.doubleclick.net 8019191.fls.doubleclick.net	184 KB
13	plurk.com www.plurk.com — Cisco Umbrella Rank: 166520 s.plurk.com — Cisco Umbrella Rank: 604185	179 KB
10	google.com adservice.google.com — Cisco Umbrella Rank: 57 www.google.com — Cisco Umbrella Rank: 2	3 KB
9	hinet.net banner-cfnetwork.cdn.hinet.net — Cisco Umbrella Rank: 161483 t.ssp.hinet.net — Cisco Umbrella Rank: 84336 0b4e3218-27fe-4f62-8bd9-1895f482d711.t.ssp.hinet.net	8 KB
9	holmesmind.com 1 redirects cdn.holmesmind.com — Cisco Umbrella Rank: 131563 adcdn.holmesmind.com — Cisco Umbrella Rank: 127223 fcm.holmesmind.com Failed c.holmesmind.com — Cisco Umbrella Rank: 95228 ad.holmesmind.com — Cisco Umbrella Rank: 90786 fp.holmesmind.com — Cisco Umbrella Rank: 132278	24 KB
6	redintelligence.net 1 redirects hal9000.redintelligence.net hal900029.redintelligence.net	12 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com	4 KB
5	google.de adservice.google.de — Cisco Umbrella Rank: 8832 www.google.de — Cisco Umbrella Rank: 6433	2 KB
4	adnxs.com 3 redirects ib.adnxs.com	4 KB
4	yimg.com s.yimg.com — Cisco Umbrella Rank: 394	11 KB
3	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 347 mug.criteo.com — Cisco Umbrella Rank: 3185	7 KB
3	aralego.net cdn.aralego.net — Cisco Umbrella Rank: 3041	45 KB
3	aralego.com 1 redirects ads.aralego.com — Cisco Umbrella Rank: 31482 sync.aralego.com — Cisco Umbrella Rank: 1878	2 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 194	50 KB
2	pubmatic.com 2 redirects image6.pubmatic.com	1 KB
2	doublemax.net adx.doublemax.net cdn.doublemax.net — Cisco Umbrella Rank: 387689	3 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	20 KB
2	sitemaji.com ad.sitemaji.com — Cisco Umbrella Rank: 76839 ssl.sitemaji.com — Cisco Umbrella Rank: 251336	4 KB
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	459 B
1	openx.net rtb.openx.net	350 B
1	agkn.com 1 redirects d.agkn.com	763 B
1	everesttech.net 1 redirects pixel.everesttech.net	376 B
1	quantserve.com cms.quantserve.com	464 B
1	contentspread.net cdn.contentspread.net	19 KB
1	googleapis.com ajax.googleapis.com	90 KB
1	googletagservices.com www.googletagservices.com	39 KB
1	scupio.com prebid.scupio.com	288 B
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 600	42 KB
1	yahoo.com search.yahoo.com — Cisco Umbrella Rank: 2316	509 B
1	yahoo.net partnerads-test.ysm.yahoo.net — Cisco Umbrella Rank: 215649	2 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 716	643 B
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1207	5 KB
140	33

	Domain	Requested by
23	pagead2.googlesyndication.com	www.plurk.com pagead2.googlesyndication.com tpc.googlesyndication.com securepubads.g.doubleclick.net adx.doublemax.net googleads.g.doubleclick.net www.googletagservices.com
13	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com securepubads.g.doubleclick.net adx.doublemax.net googleads.g.doubleclick.net
11	s.plurk.com	www.plurk.com s.plurk.com
9	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net adx.doublemax.net
6	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net www.plurk.com
5	hal900029.redintelligence.net	1 redirects googleads.g.doubleclick.net hal900029.redintelligence.net
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	www.google.com	www.plurk.com tpc.googlesyndication.com googleads.g.doubleclick.net
5	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net 8019191.fls.doubleclick.net
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	t.ssp.hinet.net	cdn.holmesmind.com t.ssp.hinet.net
4	banner-cfnetwork.cdn.hinet.net	cdn.holmesmind.com
4	cdn.holmesmind.com	cdn.doublemax.net ad.holmesmind.com
4	s.yimg.com	ad.sitemaji.com www.plurk.com partnerads-test.ysm.yahoo.net
4	adservice.google.de	pagead2.googlesyndication.com securepubads.g.doubleclick.net
3	securepubads.g.doubleclick.net	cdn.aralego.net securepubads.g.doubleclick.net
3	cdn.aralego.net	adx.doublemax.net ads.aralego.com
3	cdnjs.cloudflare.com	www.plurk.com
2	image6.pubmatic.com	2 redirects
2	8019191.fls.doubleclick.net	1 redirects www.plurk.com
2	gum.criteo.com	1 redirects static.criteo.net
2	c.holmesmind.com	1 redirects cdn.holmesmind.com
2	ads.aralego.com	1 redirects ads.aralego.com
2	www.google-analytics.com	www.plurk.com www.google-analytics.com
2	www.plurk.com	static.cloudflareinsights.com
1	pixel.rubiconproject.com	1 redirects
1	rtb.openx.net	googleads.g.doubleclick.net
1	d.agkn.com	1 redirects
1	pixel.everesttech.net	1 redirects
1	cms.quantserve.com	googleads.g.doubleclick.net
1	cdn.contentspread.net	hal900029.redintelligence.net
1	ajax.googleapis.com	hal900029.redintelligence.net
1	hal9000.redintelligence.net	googleads.g.doubleclick.net
1	www.googletagservices.com	googleads.g.doubleclick.net
1	0b4e3218-27fe-4f62-8bd9-1895f482d711.t.ssp.hinet.net	adx.doublemax.net
1	prebid.scupio.com	banner-cfnetwork.cdn.hinet.net
1	fp.holmesmind.com	cdn.holmesmind.com
1	mug.criteo.com
1	static.criteo.net	cdn.holmesmind.com
1	ad.holmesmind.com	cdn.holmesmind.com
1	f996d5254144482816c9e2170e0f41eb.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adcdn.holmesmind.com	cdn.holmesmind.com
1	cdn.doublemax.net	ads.aralego.com
1	sync.aralego.com	ads.aralego.com
1	search.yahoo.com	www.plurk.com
1	partnerads-test.ysm.yahoo.net	s.yimg.com
1	www.google.de	www.plurk.com
1	adx.doublemax.net	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	ssl.sitemaji.com	ad.sitemaji.com
1	static.cloudflareinsights.com	www.plurk.com
1	ad.sitemaji.com	www.plurk.com
0	fcm.holmesmind.com Failed	cdn.holmesmind.com
140	54

This site contains links to these domains. Also see Links.

Domain
sun9-18.userapi.com

Subject Issuer	Validity	Valid
*.plurk.com Sectigo RSA Domain Validation Secure Server CA	`2020-05-17` - `2022-07-16`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
feebee.com.tw R3	`2022-02-15` - `2022-05-16`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.doublemax.net Go Daddy Secure Certificate Authority - G2	`2021-04-24` - `2022-05-26`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.api.fantasysports.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-01-31` - `2022-03-23`	2 months	crt.sh
ui.aps.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-02-07` - `2022-03-30`	2 months	crt.sh
*.answers.search.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-01-05` - `2022-06-29`	6 months	crt.sh
*.aralego.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-21` - `2022-11-20`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.holmesmind.com Go Daddy Secure Certificate Authority - G2	`2021-05-18` - `2022-06-19`	a year	crt.sh
*.cdn.hinet.net	`2021-06-11` - `2022-06-11`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-02` - `2022-05-03`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-04` - `2022-05-03`	3 months	crt.sh
*.ssp.hinet.net	`2021-10-12` - `2022-10-12`	a year	crt.sh
*.scupio.com Sectigo RSA Organization Validation Secure Server CA	`2021-10-13` - `2022-11-13`	a year	crt.sh
*.t.ssp.hinet.net	`2020-05-06` - `2022-05-06`	2 years	crt.sh
redintelligence.net R3	`2022-01-27` - `2022-04-27`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
contentspread.net R3	`2022-01-27` - `2022-04-27`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh

This page contains 27 frames:

Primary Page: https://www.plurk.com/s/p/ohk7l6
Frame ID: D9D43F65B6EB689131751C5F82019195
Requests: 39 HTTP requests in this frame

Frame: https://adx.doublemax.net/tos_zone/pb_adg/BE77D3724B83BD26CABB6D6269ED3AD.html
Frame ID: C9F904D70B970BC945A3B9E6CCDDC6B1
Requests: 6 HTTP requests in this frame

Frame: https://partnerads-test.ysm.yahoo.net/ypa/?aws=rev&ct=2&c=000000b82&u=https%3A%2F%2Fwww.plurk.com%2Fs%2Fp%2Fohk7l6&r=&w=1&tv=&tt=cartoon&lo=&ty=&ts=1646429932968&ao=&h=1&CoNo=0485e8c6efd55b3f&dT=1&er=0&si=p-plurk_1%3A100%25x180&psti=eyJkdCI6eyJhdSI6eyJjbCI6Ii8vYWQuc2l0ZW1hamkuY29tL3lwYS9wbHVyay5jc3MifSwiaWlhIjp7ImFsaSI6ImxlZnQifX19
Frame ID: 38440D9A7A4D74D3832D490E3B724354
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220302/r20190131/zrt_lookup.html
Frame ID: B2E78237EE08C3215C007AC3E653F04B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&adk=1812271804&adf=3025194257&lmt=1646429934&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.plurk.com%2Fs%2Fp%2Fohk7l6&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646429934300&bpp=1&bdt=2286&idt=1&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D29bf348a7199659f-2234a23654cd00e4%3AT%3D1646429932%3ART%3D1646429932%3AS%3DALNI_MbuJiNzrLBWGMa_cump79eGpBBfwQ&prev_slotnames=plurk%2Fplurk3&nras=1&correlator=987918840044&frm=20&pv=1&ga_vid=1496114140.1646429932&ga_sid=1646429932&ga_hid=431940658&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31065274%2C42531398%2C44750774%2C21066434%2C31065369%2C31065413%2C44758226%2C31064019&oid=2&pvsid=3748432465259471&pem=136&tmod=982871918&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=14
Frame ID: 42AEC37545119DDECBEA782BFD9D7225
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A5C60308D5F00A809389270DA305420D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B936911FC4898BFBF0E61210EE6BCEC2
Requests: 2 HTTP requests in this frame

Frame: https://cdn.doublemax.net/js/init.js
Frame ID: B4B1618F79C2633D446ED56385A4C6C5
Requests: 2 HTTP requests in this frame

Frame: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html
Frame ID: 29A955EB56AF5DC788F27497ED0AFCE8
Requests: 9 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: A4CBEBCC252D1C97FAE3E4DE047D47E1
Requests: 2 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js
Frame ID: 2E42081CE0DF4EFDAA2B18B2C68AFB4F
Requests: 15 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 3986413C9E783F1988DDB9147416B218
Requests: 1 HTTP requests in this frame

Frame: https://f996d5254144482816c9e2170e0f41eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Frame ID: 712B5C6A19D48CD0029E0CB165F49A7B
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.plurk.com
Frame ID: A4274FB091179109C12913A6BADEBE92
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B08D955743BB038CDA3E800501706CC0
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: FC544BFB3198A4EB236598DC324E3164
Requests: 2 HTTP requests in this frame

Frame: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=8014-53WT28pV3unDJgToyy250DlJz9b14sy8&CFFPCKUUID=3655-QtAk0ZNU9lIHKl3kykRCEuQX9QyWchDM&url=https%3A%2F%2Fadx.doublemax.net%2Ftos_zone%2Fpb_adg%2FBE77D3724B83BD26CABB6D6269ED3AD.html&maindomain=doublemax.net
Frame ID: D7069F47E1C3E10BEC7A1C9A07A43727
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Frame ID: FAB91DF651D8915B9AFC95AA224B1789
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4126554779393986&output=html&h=100&slotname=2341765805&adk=1529688458&adf=647216822&pi=t.ma~as.2341765805&w=320&psa=0&format=320x100&url=https%3A%2F%2Fwww.plurk.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646429936191&bpp=3&bdt=73&idt=84&shv=r20220302&mjsv=m202203030101&ptt=9&saldr=aa&correlator=442955703065&frm=24&ife=1&pv=2&ga_vid=1783807923.1646429936&ga_sid=1646429936&ga_hid=339723509&ga_fc=0&nhd=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1218236473&scr_x=-12245933&scr_y=-12245933&eid=42531398%2C44750773%2C31065508%2C44758227%2C31064018&oid=2&pvsid=200926058602320&pem=86&tmod=616443495&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mh6zzu6w2gmq&fsb=1&dtd=97
Frame ID: 52F6401081AF0860AE85104985E2C359
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 81550A05605F629A339E69C22280072D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: DE122C939B2975E6FC2368AF24656913
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY_IGqXTAB&v=APEucNXNwUrTf5QSGoGrUjpEs5VzXLweR1o6tk53Wl8eQr1obLRi-fnw9a_No66HgTPgMfc90jkMHJh8lbkyWiTMr05x6WE5qvxY_-F8sIh2p8NHLR5AiG6Y8I0Ei5Rnn7Ym6o-qAb22hEvPTT03kCQlDI21W5ntF8SzxmRI7iOgIgdoSpUiogM
Frame ID: 508837CF9C01884F0B88D9342D413725
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A92bdNY5zx2zHwds7e6PoFTP7u3P55OGGncTzMwHmgmprZmo3L0Rj5j7MPwf-booce_HRJmOjfxAEoWsKcCU2uGl7uog2IXJX8tMRvJw1SXxGOXbNVOGzxY-hoQS_baKxz_fN0Oz4S1sL9At-4JCmpp6eMbg&cry=1&dbm_d=AKAmf-AbDDQ6vwG-fLbHk99hujW7l27fu0e9aXIOlPjhlvhtD1FI6smtZRf0cz5C4HfvUEfcWKL-seB86ZjNq_f1_asO09Vbz0t8KcZcGR6xI9gd-pKV5fu64BKq3E9Dfg6jgEZLduTZ-Iie0a8BSWL2NsExcQqjwMlkid_0ininlEbiNBG0rT69LlVNDH70AneU5PIsF_2B27CvvTj4dnk6vOSR5WYc4xtelj1seLkbqaZiBL1w8cEgPjG8W2L33Ev6frMf-ipQFgtIZyRgWdluuDodfWL4Suh8jsVdrc3mqEgrhpW-7GXMI5vVPNX2MDPvu5B1KyOUMPf1L_2rerJwQTQ-NEpRlMNynEX9mjoJ_JXQLQQ7PIxfOkDamSswPFjSXGgnp2qtC4Y-NW34qrYhn87w6Wy99tHwE8t7D_W7hmIGTYj2z_VlxLmTgJSQhVMLYmE6y9wih5Fs72oR5Qr0r-CFGiEw2qgt_RaFofqzpLRUai8QFiULiBh8ry9ku8gqTscuPHCUL5uGRogT9yBCtJx9oHAskQo68VvlFfAo9g0GfRGoE0GeEe8TPkFKUe9L7OD92N8DpDzSznCyuSvHV5X2S6NBWJ1YzdtTO06H0FwMVyVDhGmhGJcOVwyi9yIzHQnJ2ZgA25HfUenzr-L20t42-enRpSqNfuLzCBO10bI8867MxH0iy5Y4J4mllwZeMBEKDAWIXve_VB5spm4NLceKcNAL21WkA0unGjEetAWUWMZVS7z-t80UMG7spdaXPBEHXi_AU-hdy1a3VIWOTA66lFKzBICQJnJN5qcC8q3BwwOBaIhSs9FakKh40ZOrooHl23y6UWXox3Y-WG9nm2ujugojqgG1bhWkklH7RAePgKFX3CQ3fyFZkHsrwBtF5t3cV6tFDa5SuwTrSaUcTMfzV6kBVS9iBSdR7AczCkbbQczP6-VUsSf3-lveQUhsrS7mR8LPGeDbzVKFiIxJGGGtNWulGeAQp5eV0_24wQBNkNADjWwlccFlXeOU5xpCpjO0F9HSzOFwsPo3EzfuDPQHavrCbsWky0isf7fUy_3YOxIvn59-jpzoyPDl9M_aGqrBKa-YjyWYuTlFYKKSawC-O93Sa5RakFM9gRRxc2NRsCxJfXbdiC_CG-Mpkdu5uH1E-R9by1qD3eEpOeEKhAJjVbmEMKMHzjXMH4VPLrVdKXwLWR5Nkd3TJ7G_HoLWZcMYTJ3ysZl30rW02yHjpwEtndHoSAM2aDxu84Z-UcG56OY42HKVyXoIS-jlnAmlcKlelD53UNIqC7WlGEa09i68UyC7ftU-CyY9GqOqeb1QKzJ6uGCzkgLK5MUb6O1MAZUAoTUUS-w3XSpN6H3rKqm17hC7geUDFdXzVSwBqeXZ7qoPGczPDGurOL6rwlwq-FdeOxc7_4h9tsYI655kFjiPFa0mXjLJnMepP6G0TblGqZUzP-ySfQmoE1zwis4aReAM4AQiIkHCYc4z3G0FCVa7X09e97Zeo-LU9vzMh5p7dYomByYTaySW8EM5HUcAJBVQyf8CGS36pNlahnJ3qEkxyP1DoEc_T-jOwV_8GX8E7z70izHMx6huinU247plbt8ernaRrT0CDwufHyDmsfY1aC0StLVoaYQQ3XyQGUhIalxsNyzutdYrx7nAhu6Dzk2_TqoLFegQRWVz9vhfTdF6r79qbJkOwbiTPQT8XBWspuSA7JVYffI9m2QypaBzg_MEj6vBMSZa_gheAnAZn1X0p5PuDFyq-w30nNlXdYx7AmZv6taE02bcAv9_Dm9__LM2TgwyCCMhqtw21YYEjZiiSaGDtdDqlxO8pAGQ81feFn7P7ZnHDdImZMcQvn3lRU2v3mgA5p5MlPyb8LtOUZg7bky_86wKpgEL152EfQD1ZxG6P9B3yYR0BvER01SJcj94A2OKdq8kP-skkxf8ZOnAklowdZYGqt9tobNZrm7MpOFmvvvHgURN3Ei97Ngx8GAC3Je0BHpOr7jFOkUtvT9R7ZruOnK_XoMGiODnJzKuWss6-yaC0fnWBUEXs58ln3BkIpc95oDsPSadYMhndmIZrkJnczheY_F7h7tCaKtIAoQasA6XjN0PyA25ON30GUYNx9Zf9bfQTqYWlnYUAwiGT5Kb_v6SH-VhU0bSIIUq4_3lpyAcFODu5dneMgRSG2cwSaQvISWjHWSl3c-jGqc8pj6G14l6BqxEdyT6y7ne575mXniZyDJfvUC6etHRvsMqnNs6yREZeKs7rYXSFApAGwKbifJkLgzYQHAMe4sTmiN5sO3eXZLL8Pb9_amkHLhQ2P7ppwKKSSamP1AnnBMxQys0XPERmfu-_qN9dSv_H4i1A-ytmmNZBv8M-btuJ9p6ky0e7HrO_8nxdLPDwxiAyPQDGDRCe63ky4hrR7sj3F8l2Hw3xC5YKe9avkTFStXpHkeXEe2RL2bQpj816IRlihJe2bMbkeSwiWA1wypgZUns1bUyt--kReGcu64-9PKrlB_ewzOkcMa2EvVqOU82eq0FIvWsDkioCtxEyX_2Rgw8Gi4lWQbd2IGEmQDEDr6xQVARyf8_FR4H6YZhzSB7KiyjUspB5Cr4mtycQB7mzi78P2p6wGq_lKNaqrPnkBuS_AdWdV3QAMbwBt9ILXfkhV34jawEcLQ_o9F0lzO7bQSX5VZvPO2ovyOEmJuNIhRaBHN6Sy2a87DeRN2kQgKTLyFGYVpukqszKsbbI0Qdf0Lljpr_Sn9BAKd2rQDPKGSdJ3ZeY-B1xkHxQd-YTcdRkUL7cZqjp6w0o20ziEzYFL_xY-ldC99BMs-ElznXkYz0ywizIeJXKKyNtCKFfzW-cAjl0kALGmKthkza3ydUZEI422R7-T7MdgA45mutcO4Z04Bv3_FfcLKMfWl_dAG2LtGogR8OTZQdoKSVXmnj-QSSi1T07eVzj1NZyH7JoFkhKNcMNSKSdRueHZyjdP3YxINPiS6OBAbllDFVsldOKsQKmPVK0Hp-ZfAujrzxjSPlT1sKW7RV58Lm0CXWGu_DKN62M78lh-ZdAZsa-OwPDqvTPI1b0KWPXrhAkjtP5F8FbcZzkHVgay6JJ82MclVD7Od0UYW3GX80E2icaSP1Ld8XUGbBotqBVbWRNeHo6TnFfmmY4S3l1lOHiYV5DcON6FG6aQ&cid=CAASEuRogimY2ep29ril1HGR0vRKAA&rfl=6%2Chttps%253A%252F%252Fwww.plurk.com%242%2C%2C%2C%2Chttps%253A%252F%252Fadx.doublemax.net%252F%240
Frame ID: DB500EF5D2200376896FCC34CEFE07E2
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: E2EDFEFF6545224FB67D9E5FD913731D
Requests: 3 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CMSsoby1rfYCFRxEHQkdAa4NJw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7417063435163.491
Frame ID: 5EF9CCFE1EFD335C2406D7F3D0D0C995
Requests: 2 HTTP requests in this frame

Frame: https://hal900029.redintelligence.net/request_content.php?s=35614700253553600757617011888029&a=39fef953
Frame ID: A14602AA789A164A8991BE96002DE3DC
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: A6C9E07B04684502EF2CE5D57E462666
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

VIP(era)_berus https://sun9-18.userapi.com/impg/6JB6toNECu-s64gP5ckFkUIat2EeXQJeJc5HXA/vm_VzcUOiNw.jpg?size=1242x11 - #ohk7l6 - Plurk

Detected technologies

Handlebars (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

handlebars(?:\.runtime)?(?:-v([\d.]+?))?(?:\.min)?\.js

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

SweetAlert (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

sweet(?:-)?alert(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

140
Requests

89 %
HTTPS

50 %
IPv6

33
Domains

54
Subdomains

45
IPs

8
Countries

1266 kB
Transfer

3168 kB
Size

14
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://sun9-18.userapi.com/impg/6JB6toNECu-s64gP5ckFkUIat2EeXQJeJc5HXA/vm_VzcUOiNw.jpg?size=1242x1177&quality=96&sign=7267b138b062b3e6f8d149e5fa463653&type=album
Title: https://sun9-18.userapi.com/impg/6JB6toNECu-s64gP5ckFkUIat2EeXQJeJc5HXA/vm_VzcUOiNw.jpg?size=1242x1177&quality=96&sign=7267b138b062b3e6f8d149e5fa463653&type=album

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 25

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=100&slotname=plurk%2Fplurk3&adk=2322206435&adf=2809036560&pi=t.ma~as.plurk%2Fplurk3&w=320&lmt=1646429932&url=https%3A%2F%2Fwww.plurk.com%2Fs%2Fp%2Fohk7l6&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646429932200&bpp=12&bdt=186&idt=91&shv=r20220302&mjsv=m202202280101&ptt=5&saldr=sa&abxe=1&correlator=987918840044&frm=20&pv=2&ga_vid=1496114140.1646429932&ga_sid=1646429932&ga_hid=431940658&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=640&ady=638&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31065274%2C42531398%2C44750774%2C21066434%2C31065369%2C31065413%2C44758226%2C31064019&oid=2&pvsid=3748432465259471&pem=136&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=L7ExiegjoG&p=https%3A//www.plurk.com&dtd=105 HTTP 302
https://adx.doublemax.net/tos_zone/pb_adg/BE77D3724B83BD26CABB6D6269ED3AD.html

Request Chain 34

https://ads.aralego.com/sdk HTTP 301
https://cdn.aralego.net/ucfad/sdk/us-east/sdk

Request Chain 53

https://sync.aralego.com/idsync HTTP 302
https://pr-bh.ybp.yahoo.com/sync/ucfunnel/efd8abdb-be81-361f-95d4-aed59e62fa8d?gdpr=0&euconsent= HTTP 302
https://sync.aralego.com/idsync?ucf_nid=dsp-AE38A6E4BB372DE1838A748E89487D9&ucf_user_id=y-ClIvh2pE2oVvMB1S.S81zxxqH0eWRwCK536O9SM-~A&redirect= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://sync.aralego.com/idsync?ucf_nid=dsp-9A2296D7D389BBA3144262983D2B9AEB&ucf_user_id=984a52c7-8b0e-46a4-b79e-1482309806f5 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/ucfunnel/efd8abdb-be81-361f-95d4-aed59e62fa8d?gdpr=0&euconsent= HTTP 302
https://sync.aralego.com/idsync?ucf_nid=dsp-AE38A6E4BB372DE1838A748E89487D9&ucf_user_id=y-ClIvh2pE2oVvMB1S.S81zxxqH0eWRwCK536O9SM-~A&redirect= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://sync.aralego.com/idsync?ucf_nid=dsp-9A2296D7D389BBA3144262983D2B9AEB&ucf_user_id=984a52c7-8b0e-46a4-b79e-1482309806f5 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/ucfunnel/efd8abdb-be81-361f-95d4-aed59e62fa8d?gdpr=0&euconsent= HTTP 302
https://sync.aralego.com/idsync?ucf_nid=dsp-AE38A6E4BB372DE1838A748E89487D9&ucf_user_id=y-ClIvh2pE2oVvMB1S.S81zxxqH0eWRwCK536O9SM-~A&redirect= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://sync.aralego.com/idsync?ucf_nid=dsp-9A2296D7D389BBA3144262983D2B9AEB&ucf_user_id=984a52c7-8b0e-46a4-b79e-1482309806f5 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/ucfunnel/efd8abdb-be81-361f-95d4-aed59e62fa8d?gdpr=0&euconsent= HTTP 302
https://sync.aralego.com/idsync?ucf_nid=dsp-AE38A6E4BB372DE1838A748E89487D9&ucf_user_id=y-ClIvh2pE2oVvMB1S.S81zxxqH0eWRwCK536O9SM-~A&redirect=

Request Chain 60

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 79

https://gum.criteo.com/sid/json?origin=publishertag&domain=adx.doublemax.net&sn=ChromeSyncframe&so=0&topUrl=www.plurk.com&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=joaqsXxvbmlycGUyMXhzYjR6SXl3TlJ1VldLNVB2cTJMMEp1dHFRVGNKWWtrak1kM1BybTFWV3ZpL2NDLzZzYU5UYmZlV0YyS1BIc3o3TUgvWU8wUllJbE5WamE3UHdQOWtRWVg0WVM4TG9iWnM2NXNNSHZqVUFiM2NxelorZnc3R0w0R2NvR0UvTDBZeDZlOWRjT2tUZktkMlF3ZitSaGhLK0pmbU12dWxodUUrU3dHbnorZ01EdG5EWGR5cmxPYnN6NEh5MnRXY0xGWS81M2xQNmh3TWtaUDlQUitnaXN1U1cxYmIzQmViUlJCTktwL3M2QXdHTkJuZ2ZZcXRUeXl3NitrOTFMa2JlUmtmSm9vak4wQjBQQU81aGd0ODFaZTA3N29oOVYrK1dEVFVhWT18&cppv=2

Request Chain 110

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEFJj61KwkTh3lF4cOwwKfM&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEFJj61KwkTh3lF4cOwwKfM&google_cver=1&C=1

Request Chain 111

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YiKG8EDtymRos62o6Wjs-wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEFJj61KwkTh3lF4cOwwKfM&google_cver=1

Request Chain 112

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEN7itp3hUr28GYOvoiJxvPI&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEN7itp3hUr28GYOvoiJxvPI%26google_cver%3D1

Request Chain 113

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzU4MzUyMjIwMDY0MTMwMDY0OA%3D%3D

Request Chain 119

https://hal900029.redintelligence.net/request.php?zone=kumirww3i0oj&nw=20&renderingType=javascript&namespace=5c79a1fd71&subid=&uid=89a77bcfddbde180&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=320x50&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1u688IYiYrnnEpLa7_UP-qiU2AvdreioYM_qz-SfCvAuEAEg2p6BGmCV4pCCoAfIAQmpAgk1wegDTrI-qAMBqgThAU_QW7ZI5hPPIGLzHIG3EYu2tl9wWymaCaUum4sS1tUrYalWpI45OLRfk9rQWKwr8oVMFDQ9fazSQKSAEJJrEeW9slQe-708wND1ofbmko9Ww8ma7Y2yvBaayc0SKUNhhkOrltgjZZz0qHDbizugWb0v648fZ8EOAefayzluMQFf5S5jYuuV9YDY2bNCclUQge94c02fI3nEN2qdvT-JN_7r3FJTi9T0f1Wdkswag8A7Mmno1eI83PUG2sWMK_0DszL8NrY37jTgmlMC9yNKqevclRRUXGP0ukdkIyBci-YVEcAEzo67sZYC4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgfgAoBmAsByAsBgAwBsBOazegN0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRogimY2ep29ril1HGR0vRKAA%26sig%3DAOD64_3ezLuZHghjwwK2D0Lkli0mPuRXGw%26client%3Dca-pub-4126554779393986%26dbm_c%3DAKAmf-DxtnvGv-OI_jseQbEpwi7Z-xLJ7JykywQIddK631DS-ngWA9Y9K4IxxKYGETiOMRRHK0T-Au50aGk-aImwxbulJ5N-Dvv7GZeHjAelDVgtsfRewd4-SNn83MwZDO9M0rqYFRf_UD05rb4AqASEd0ztM5MDhw%26cry%3D1%26dbm_d%3DAKAmf-Chod_yAYrtqc5hi_P0soPWvdynQRT1JzmYmIBWdla8AWS4nJFkP3x4WGJyfQ7jsrnEgLkT9Bqk2YdPJUC_k9LBdbhdipqfSlxxwjW9Rdcra9FySxczxsfhm_0Eky45SD-zuFW5-ZbVa8D4882_Aw3IUZB-BTF_wilSC2sOfuiGEe7CbhT-pSLmFXSp--ku6T60L5cv2_cARjWC8VLaTdylMOgWAe-51TJzvqK7dOHHYHLkLsP5IRz_8XB06n0hZiOLeGKCRbXdoVsz7ZWuFVeRBVF_EFyszXOwmSDOhOt0rQRjkD1VNINTrJx_jOjntAKChziya0FQ5q07SK1F4d9TQVxiumJVRejKExQneI_wMBn3AvQ-74zkJI8KadlAAUiW4qq-mYXkRtqpqu8LKv59QwRl20MFOMWvD86eOHzE2FcxTaqLOHEzvmMztxR4_c9SELfj%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4126554779393986%26output%3Dhtml%26h%3D100%26slotname%3D2341765805%26adk%3D1529688458%26adf%3D647216822%26pi%3Dt.ma~as.2341765805%26w%3D320%26psa%3D0%26format%3D320x100%26url%3Dhttps%253A%252F%252Fwww.plurk.com%252F%26ea%3D0%26flash%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.%26dt%3D1646429936191%26bpp%3D3%26bdt%3D73%26idt%3D84%26shv%3Dr20220302%26mjsv%3Dm202203030101%26ptt%3D9%26saldr%3Daa%26correlator%3D442955703065%26frm%3D24%26ife%3D1%26pv%3D2%26ga_vid%3D1783807923.1646429936%26ga_sid%3D1646429936%26ga_hid%3D339723509%26ga_fc%3D0%26nhd%3D4%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D-12245933%26ady%3D-12245933%26biw%3D-12245933%26bih%3D-12245933%26isw%3D320%26ish%3D100%26ifk%3D1218236473%26scr_x%3D-12245933%26scr_y%3D-12245933%26eid%3D42531398%252C44750773%252C31065508%252C44758227%252C31064018%26oid%3D2%26pvsid%3D200926058602320%26pem%3D86%26tmod%3D616443495%26uas%3D0%26nvt%3D1%26eae%3D2%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C320%252C100%26vis%3D1%26rsz%3D%257C%257CE%257C%26abl%3DCS%26pfx%3D0%26fu%3D4%26bc%3D31%26ifi%3D1%26uci%3D1.mh6zzu6w2gmq%26fsb%3D1%26dtd%3D97&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fadx.doublemax.net%2Chttps%3A%2F%2Fadx.doublemax.net%2Chttps%3A%2F%2Fadx.doublemax.net%2Chttps%3A%2F%2Fadx.doublemax.net%2Chttps%3A%2F%2Fwww.plurk.com&random=3924709444622&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900029.redintelligence.net/request.php?zone=kumirww3i0oj&nw=20&renderingType=javascript&namespace=5c79a1fd71&subid=&uid=89a77bcfddbde180&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=320x50&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1u688IYiYrnnEpLa7_UP-qiU2AvdreioYM_qz-SfCvAuEAEg2p6BGmCV4pCCoAfIAQmpAgk1wegDTrI-qAMBqgThAU_QW7ZI5hPPIGLzHIG3EYu2tl9wWymaCaUum4sS1tUrYalWpI45OLRfk9rQWKwr8oVMFDQ9fazSQKSAEJJrEeW9slQe-708wND1ofbmko9Ww8ma7Y2yvBaayc0SKUNhhkOrltgjZZz0qHDbizugWb0v648fZ8EOAefayzluMQFf5S5jYuuV9YDY2bNCclUQge94c02fI3nEN2qdvT-JN_7r3FJTi9T0f1Wdkswag8A7Mmno1eI83PUG2sWMK_0DszL8NrY37jTgmlMC9yNKqevclRRUXGP0ukdkIyBci-YVEcAEzo67sZYC4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgfgAoBmAsByAsBgAwBsBOazegN0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRogimY2ep29ril1HGR0vRKAA%26sig%3DAOD64_3ezLuZHghjwwK2D0Lkli0mPuRXGw%26client%3Dca-pub-4126554779393986%26dbm_c%3DAKAmf-DxtnvGv-OI_jseQbEpwi7Z-xLJ7JykywQIddK631DS-ngWA9Y9K4IxxKYGETiOMRRHK0T-Au50aGk-aImwxbulJ5N-Dvv7GZeHjAelDVgtsfRewd4-SNn83MwZDO9M0rqYFRf_UD05rb4AqASEd0ztM5MDhw%26cry%3D1%26dbm_d%3DAKAmf-Chod_yAYrtqc5hi_P0soPWvdynQRT1JzmYmIBWdla8AWS4nJFkP3x4WGJyfQ7jsrnEgLkT9Bqk2YdPJUC_k9LBdbhdipqfSlxxwjW9Rdcra9FySxczxsfhm_0Eky45SD-zuFW5-ZbVa8D4882_Aw3IUZB-BTF_wilSC2sOfuiGEe7CbhT-pSLmFXSp--ku6T60L5cv2_cARjWC8VLaTdylMOgWAe-51TJzvqK7dOHHYHLkLsP5IRz_8XB06n0hZiOLeGKCRbXdoVsz7ZWuFVeRBVF_EFyszXOwmSDOhOt0rQRjkD1VNINTrJx_jOjntAKChziya0FQ5q07SK1F4d9TQVxiumJVRejKExQneI_wMBn3AvQ-74zkJI8KadlAAUiW4qq-mYXkRtqpqu8LKv59QwRl20MFOMWvD86eOHzE2FcxTaqLOHEzvmMztxR4_c9SELfj%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4126554779393986%26output%3Dhtml%26h%3D100%26slotname%3D2341765805%26adk%3D1529688458%26adf%3D647216822%26pi%3Dt.ma~as.2341765805%26w%3D320%26psa%3D0%26format%3D320x100%26url%3Dhttps%253A%252F%252Fwww.plurk.com%252F%26ea%3D0%26flash%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.%26dt%3D1646429936191%26bpp%3D3%26bdt%3D73%26idt%3D84%26shv%3Dr20220302%26mjsv%3Dm202203030101%26ptt%3D9%26saldr%3Daa%26correlator%3D442955703065%26frm%3D24%26ife%3D1%26pv%3D2%26ga_vid%3D1783807923.1646429936%26ga_sid%3D1646429936%26ga_hid%3D339723509%26ga_fc%3D0%26nhd%3D4%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D-12245933%26ady%3D-12245933%26biw%3D-12245933%26bih%3D-12245933%26isw%3D320%26ish%3D100%26ifk%3D1218236473%26scr_x%3D-12245933%26scr_y%3D-12245933%26eid%3D42531398%252C44750773%252C31065508%252C44758227%252C31064018%26oid%3D2%26pvsid%3D200926058602320%26pem%3D86%26tmod%3D616443495%26uas%3D0%26nvt%3D1%26eae%3D2%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C320%252C100%26vis%3D1%26rsz%3D%257C%257CE%257C%26abl%3DCS%26pfx%3D0%26fu%3D4%26bc%3D31%26ifi%3D1%26uci%3D1.mh6zzu6w2gmq%26fsb%3D1%26dtd%3D97&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fadx.doublemax.net%2Chttps%3A%2F%2Fadx.doublemax.net%2Chttps%3A%2F%2Fadx.doublemax.net%2Chttps%3A%2F%2Fadx.doublemax.net%2Chttps%3A%2F%2Fwww.plurk.com&random=3924709444622&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 121

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7417063435163.491 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CMSsoby1rfYCFRxEHQkdAa4NJw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7417063435163.491

Request Chain 128

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPLPr0h7frV7DsoloFTex-WxZOvFA2T0FlJpnQWGNvbl8VdycZJGfzNAEf2bPViGSnd3LYKT0_d7nnB3B_as_rETGEavKzY7&google_gid=CAESEJmSXdhdjCVIxia29QCgKN0&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWlLRzhBQUFCR01oMjJUcg&google_push=AYg5qPLPr0h7frV7DsoloFTex-WxZOvFA2T0FlJpnQWGNvbl8VdycZJGfzNAEf2bPViGSnd3LYKT0_d7nnB3B_as_rETGEavKzY7

Request Chain 129

https://d.agkn.com/pixel/2175/?google_gid=CAESEP0HTC7T3V7gEjmeJW3EJf4&google_cver=1&google_push=AYg5qPLQYFDLFehTb3v5_fBZ-QkFZ8gE6E0QC8eywEFJ67X2dmn7v1zq9RH8vnuSpAiH6_z8glPU8Kgt4eMdr-tsc420dNUZWL9DaA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPLQYFDLFehTb3v5_fBZ-QkFZ8gE6E0QC8eywEFJ67X2dmn7v1zq9RH8vnuSpAiH6_z8glPU8Kgt4eMdr-tsc420dNUZWL9DaA&google_hm=Q0FFU0VQMEhUQzdUM1Y3Z0VqbWVKVzNFSmY0

Request Chain 131

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEF3ix7-6cNE4nvHFjbUvJG4&google_cver=1&google_push=AYg5qPLEHlR64mFdLlZVi5dcE0d4io6fe7W9gc8e9w7tQ0-Sr6cprouXvkhnRyD1moSBOo7Wa_6c1EOZ8QXA01JPeUcEwzD6sEtGZg HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEF3ix7-6cNE4nvHFjbUvJG4&google_cver=1&google_push=AYg5qPLEHlR64mFdLlZVi5dcE0d4io6fe7W9gc8e9w7tQ0-Sr6cprouXvkhnRyD1moSBOo7Wa_6c1EOZ8QXA01JPeUcEwzD6sEtGZg&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=4Wm1erkIRtSNftP_V1CwBA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLEHlR64mFdLlZVi5dcE0d4io6fe7W9gc8e9w7tQ0-Sr6cprouXvkhnRyD1moSBOo7Wa_6c1EOZ8QXA01JPeUcEwzD6sEtGZg

Request Chain 132

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJtlttEFF8frW3sFvy27AiM&google_cver=1&google_push=AYg5qPKFSZRaka5jhDA0tOey7aGiVoUu-vVZHxxuV_gCFAhHVw6xXvnQZvCveq5CLjiW31c_e_YZMMfiLweLAMRPoDlBkw0w-sjtLw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBDWFZIU0QtMy1GNEY0&google_push=AYg5qPKFSZRaka5jhDA0tOey7aGiVoUu-vVZHxxuV_gCFAhHVw6xXvnQZvCveq5CLjiW31c_e_YZMMfiLweLAMRPoDlBkw0w-sjtLw

Request Chain 133

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_cver=1&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWzS_IPoEMZH_jOqVv8hjIRETBJ8i43VsIVAGSz8axeOhStQlnqm5rQavNUY1dbF0F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWzS_IPoEMZH_jOqVv8hjIRETBJ8i43VsIVAGSz8axeOhStQlnqm5rQavNUY1dbF0F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWzS_IPoEMZH_jOqVv8hjIRETBJ8i43VsIVAGSz8axeOhStQlnqm5rQavNUY1dbF0F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWzS_IPoEMZH_jOqVv8hjIRETBJ8i43VsIVAGSz8axeOhStQlnqm5rQavNUY1dbF0F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWzS_IPoEMZH_jOqVv8hjIRETBJ8i43VsIVAGSz8axeOhStQlnqm5rQavNUY1dbF0F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWzS_IPoEMZH_jOqVv8hjIRETBJ8i43VsIVAGSz8axeOhStQlnqm5rQavNUY1dbF0F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWzS_IPoEMZH_jOqVv8hjIRETBJ8i43VsIVAGSz8axeOhStQlnqm5rQavNUY1dbF0F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWzS_IPoEMZH_jOqVv8hjIRETBJ8i43VsIVAGSz8axeOhStQlnqm5rQavNUY1dbF0F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWzS_IPoEMZH_jOqVv8hjIRETBJ8i43VsIVAGSz8axeOhStQlnqm5rQavNUY1dbF0F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWzS_IPoEMZH_jOqVv8hjIRETBJ8i43VsIVAGSz8axeOhStQlnqm5rQavNUY1dbF0F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWzS_IPoEMZH_jOqVv8hjIRETBJ8i43VsIVAGSz8axeOhStQlnqm5rQavNUY1dbF0F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWzS_IPoEMZH_jOqVv8hjIRETBJ8i43VsIVAGSz8axeOhStQlnqm5rQavNUY1dbF0F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWzS_IPoEMZH_jOqVv8hjIRETBJ8i43VsIVAGSz8axeOhStQlnqm5rQavNUY1dbF0F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWzS_IPoEMZH_jOqVv8hjIRETBJ8i43VsIVAGSz8axeOhStQlnqm5rQavNUY1dbF0F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWzS_IPoEMZH_jOqVv8hjIRETBJ8i43VsIVAGSz8axeOhStQlnqm5rQavNUY1dbF0F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWzS_IPoEMZH_jOqVv8hjIRETBJ8i43VsIVAGSz8axeOhStQlnqm5rQavNUY1dbF0F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWzS_IPoEMZH_jOqVv8hjIRETBJ8i43VsIVAGSz8axeOhStQlnqm5rQavNUY1dbF0F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWzS_IPoEMZH_jOqVv8hjIRETBJ8i43VsIVAGSz8axeOhStQlnqm5rQavNUY1dbF0F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWzS_IPoEMZH_jOqVv8hjIRETBJ8i43VsIVAGSz8axeOhStQlnqm5rQavNUY1dbF0F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWzS_IPoEMZH_jOqVv8hjIRETBJ8i43VsIVAGSz8axeOhStQlnqm5rQavNUY1dbF0F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWzS_IPoEMZH_jOqVv8hjIRETBJ8i43VsIVAGSz8axeOhStQlnqm5rQavNUY1dbF0F

140 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request ohk7l6 Show response
www.plurk.com/s/p/ 12 KB
4 KB 570ms
524ms Document
text/html 2606:4700::6811:4603
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.plurk.com/s/p/ohk7l6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:4603 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f16b269ab4b9d2d962d8ec3831bf0f5c94a2ce7d29d182126d8a012e2c9c2876

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Fri, 04 Mar 2022 21:38:52 GMT
content-type: text/html; charset=utf-8
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6e6dc2dfd93f2325-ZRH
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 46d3bef67382eb7440b7.css
s.plurk.com/ 6 KB
1 KB 41ms
30ms Stylesheet
text/css 2606:4700::6811:4603
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.plurk.com/46d3bef67382eb7440b7.css
Requested by: Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:4603 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 47a20e81ebd7dbf6e6b87e350b031dfbaaa06b15e4137b6e2aa1dba7ae2b2b34

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:52 GMT
content-encoding: br
cf-cache-status: HIT
age: 607823
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: T2H1PRST47YFA0ZE
x-amz-id-2: As0FWqe0XF32nkvviijIWkbwgg8PWONzuCd/+YwYlvNwj/EDQJCLAwr6SCS31xBQrAAD7zXdslk=
last-modified: Fri, 05 Nov 2021 12:30:54 GMT
server: cloudflare
etag: W/"5bce36e7cb61f44056ef622de385bb86"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=155520000
cf-ray: 6e6dc2e34e412325-ZRH
expires: Sat, 06 Feb 2027 21:38:52 GMT

GET
H2 200 handlebars.min.js Show response
cdnjs.cloudflare.com/ajax/libs/handlebars.js/1.3.0/ 43 KB
12 KB 34ms
17ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/handlebars.js/1.3.0/handlebars.min.js

Requested by

Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2dc9a1c2111185e85b712bba38d54be78740cc9ae1a128a0a8393e37767d81ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.plurk.com/
Origin: https://www.plurk.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3332650
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 11830
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:26 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e72-ac34"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jmi8Z2fQR%2FXAGJqaW5r8wsY2mo6mcUaEThF6LCmGRGZcj2SaiN7sfjhBbWPR4G4c4d1IUxTrZyIF%2BUjZV%2Frt2JhTC51KSjP6MoIwnhkMEOO2%2BYSnAyloiKjaQ4hhM50IW6qsS%2FWauKhW0pzev81sKc9M"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6e6dc2e34cdb9072-FRA
expires: Wed, 22 Feb 2023 21:38:52 GMT

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/ 85 KB
27 KB 36ms
19ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js

Requested by

Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.plurk.com/
Origin: https://www.plurk.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 614974
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27433
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-1538f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uhyYvPFjN1XvJOoQ677Es7NrFrJyqo9e8M6ZheRGoI5X4bRlSqECvPUkTnqifJmwI1O2mtomtAObPIFAu3StJ52s4LvbDUAwGEBDezGAeUkSc0NBZ2wlgJPpqDirDMEH38%2B%2BggjqAbAxgP%2BmvPmzicdP"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6e6dc2e35ce09072-FRA
expires: Wed, 22 Feb 2023 21:38:52 GMT

GET
H2 200 sweetalert.min.js Show response
cdnjs.cloudflare.com/ajax/libs/sweetalert/2.1.2/ 40 KB
11 KB 35ms
18ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/sweetalert/2.1.2/sweetalert.min.js

Requested by

Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ac46ebee46d515be86deeba385b4e41f8cff160364b362c9a6e153df327c66b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.plurk.com/
Origin: https://www.plurk.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1683394
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10494
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:16:56 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ff8-9f68"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Un4DmuJ6Ap1I4T9BZ67kvzlvpy1cDKgILMdsT2nE0larCwn%2Bb%2FGy344TnW%2BZMALrrwdPN89kzLny1LkoSIXSIGGoSVZ5lGh%2FGeUTeaWPYEH1fbRV6pqW%2FLTqSCKVz5PUVONEyEZtE5WZ6vwujGJDnoNp"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6e6dc2e35cde9072-FRA
expires: Wed, 22 Feb 2023 21:38:52 GMT

GET
H2 200 621a5cbd66c1ad116e38.js Show response
s.plurk.com/ 62 KB
26 KB 77ms
33ms Script
application/javascript 2606:4700::6811:4603
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.plurk.com/621a5cbd66c1ad116e38.js
Requested by: Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:4603 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e51a7e6710418fa43758820b5791171303d7e460a69ba4b5b849119aff4e1054

Request headers

Referer: https://www.plurk.com/
Origin: https://www.plurk.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:52 GMT
content-encoding: br
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
age: 164852
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: QATNAHGKT66DXVYC
x-amz-id-2: BkIQcN2AzeC/GgxsCa/2zHxOKrhP8bL0ET7O6V9Jzh8Qarcz8LTz5xjQXAjTOglk59fA3stzKt4=
last-modified: Wed, 07 Jul 2021 09:09:37 GMT
server: cloudflare
etag: W/"acf7002c465032291acb81fe622bfa78"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=155520000
cf-ray: 6e6dc2e37f46cc4e-ZRH
expires: Sat, 06 Feb 2027 21:38:52 GMT

GET
H2 200 edf4b21dcdf3501e2f3f.js Show response
s.plurk.com/ 66 KB
24 KB 38ms
27ms Script
application/javascript 2606:4700::6811:4603
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.plurk.com/edf4b21dcdf3501e2f3f.js
Requested by: Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:4603 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7717e8aac788320fba2bd09a938d2c50163d91a621848f5ff666a2994d324aa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:52 GMT
content-encoding: br
cf-cache-status: HIT
age: 833542
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: K29MGK3W2FFET983
x-amz-id-2: gs0hDfRP7aX9x647LXeOWEHpElSgWjYXC7HDjKTFALbZGJpbPsi27XIXxms9Ot/anjF5aPAa/r8=
last-modified: Wed, 26 Jan 2022 02:31:22 GMT
server: cloudflare
etag: W/"7af8f806f3aa60fcfd9f6ca09dc2c0c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=155520000
cf-ray: 6e6dc2e34e442325-ZRH
expires: Sat, 06 Feb 2027 21:38:52 GMT

GET
H2 200 b3ea64fba9c9d21dec7e.js Show response
s.plurk.com/ 106 KB
28 KB 51ms
41ms Script
application/javascript 2606:4700::6811:4603
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.plurk.com/b3ea64fba9c9d21dec7e.js
Requested by: Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:4603 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6fd9a6d94cfe2fb18fde93679990e94458d2b12240ec6338b82f1c29977899d9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:52 GMT
content-encoding: br
cf-cache-status: HIT
age: 718274
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CBFZZ4A2B9NKY5TR
x-amz-id-2: 3nlhrXQYk2xmOsCqqCXwXZ0CTG11Ect0JEflNP8eentmzxJZg8i9o1vHRwwV7CIPKghuZ4WslDE=
last-modified: Thu, 27 Jan 2022 12:28:45 GMT
server: cloudflare
etag: W/"6ea1d9bc4767a737d6ad32480a3e97f1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=155520000
cf-ray: 6e6dc2e34e462325-ZRH
expires: Sat, 06 Feb 2027 21:38:52 GMT

GET
H2 200 379d0a88f64f078d2de4.js Show response
s.plurk.com/ 149 KB
50 KB 60ms
50ms Script
application/javascript 2606:4700::6811:4603
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.plurk.com/379d0a88f64f078d2de4.js
Requested by: Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:4603 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a7f8dcf6328e94e8304b4330252551b90af1cb90e0cc7cac822c29038b9edee8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:52 GMT
content-encoding: br
cf-cache-status: HIT
age: 221291
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: X8YM54E9BB0KGQN7
x-amz-id-2: lkH56MF+vzd3NLOUfFe5hxEb+QWzy0SDbkSAb4gsVmmouX2Jy5x/I0Jy/ejlEZ1BGlmY87763+A=
last-modified: Wed, 02 Mar 2022 06:53:19 GMT
server: cloudflare
etag: W/"09556202c5562eb00250fc5b30d7fa3d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=155520000
cf-ray: 6e6dc2e34e4a2325-ZRH
expires: Sat, 06 Feb 2027 21:38:52 GMT

GET
H2 200 70c29119605c3b7b1595.js Show response
s.plurk.com/ 41 KB
14 KB 41ms
31ms Script
application/javascript 2606:4700::6811:4603
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.plurk.com/70c29119605c3b7b1595.js
Requested by: Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:4603 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd6144f41e66f40d562892973d95e1fbae3a0526848f5884d7181c9c1d95a5d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:52 GMT
content-encoding: br
cf-cache-status: HIT
age: 26427
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 311AJ6HJ3Y637A3E
x-amz-id-2: wu9RHPnuwWhafP2JA6cpTB+/wz6nSy0z+RkkjncKWPwFGvr24jXIypqGaTO/cKp+jdYuJmq0P3I=
last-modified: Fri, 04 Mar 2022 06:22:56 GMT
server: cloudflare
etag: W/"6caa9b887844294fa8c230bb39684277"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=155520000
cf-ray: 6e6dc2e34e4b2325-ZRH
expires: Sat, 06 Feb 2027 21:38:52 GMT

GET
H2 200 13829b8fbbd7ed4a71cc.css
s.plurk.com/ 28 KB
5 KB 40ms
30ms Stylesheet
text/css 2606:4700::6811:4603
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.plurk.com/13829b8fbbd7ed4a71cc.css
Requested by: Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:4603 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f51d5a26f08b3538d0c01d40e10d7a9063a9637c6bddcbf67717fde45b66dffb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:52 GMT
content-encoding: br
cf-cache-status: HIT
age: 833542
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: K29QB1AFRHSZ3H4C
x-amz-id-2: FjZAl90ViwVKTb0arTryrC8BxuIc784z7OolAf4t67KtE/k/Jcf4bstZiZozFMvFyY42CWkZYn0=
last-modified: Wed, 26 Jan 2022 02:31:11 GMT
server: cloudflare
etag: W/"bff1dfc3ff72256dcbec1feee0acd1d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=155520000
cf-ray: 6e6dc2e34e3f2325-ZRH
expires: Sat, 06 Feb 2027 21:38:52 GMT

GET
H2 200 2dcd99361a419d9ffccf.css
s.plurk.com/ 29 KB
7 KB 36ms
27ms Stylesheet
text/css 2606:4700::6811:4603
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.plurk.com/2dcd99361a419d9ffccf.css
Requested by: Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:4603 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 10d53438d4b557efa56f09a0c75c3818d4de40d4bf4f7d7d7cc77c1215c69fab

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:52 GMT
content-encoding: br
cf-cache-status: HIT
age: 26427
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 311DK1GC1TP4ENVR
x-amz-id-2: Vh4PGyLhylbDu77fGGRkh6iAgYRFJhCK5d32pnfns74xnP4MYwXtqEwQCu9ixqOsiNE+bRmbFQ0=
last-modified: Fri, 04 Mar 2022 06:22:56 GMT
server: cloudflare
etag: W/"c0ac8dd5959dc81b3cff71666221f971"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=155520000
cf-ray: 6e6dc2e34e3d2325-ZRH
expires: Sat, 06 Feb 2027 21:38:52 GMT

GET
H2 200 b33554bc3ebf3183bb0e.css
s.plurk.com/ 3 KB
1 KB 36ms
26ms Stylesheet
text/css 2606:4700::6811:4603
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.plurk.com/b33554bc3ebf3183bb0e.css
Requested by: Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:4603 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 49b1ba1312a38d4f154f76841671a2db2f915dce9a2fcfa82aa8a6e77f4e3b1a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:52 GMT
content-encoding: br
cf-cache-status: HIT
age: 26427
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 3111633N0HFQEZ1V
x-amz-id-2: Lq7oF5NMtndx5jvGp0nbY+0lqK637eyHDw1pw8qWMQvdgHr46K6q5Yr+Qcm+QY7ZoPxcXGG4n7Q=
last-modified: Fri, 04 Mar 2022 06:22:56 GMT
server: cloudflare
etag: W/"d787d036a7f453a639ac796d7a1b6c77"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=155520000
cf-ray: 6e6dc2e34e3b2325-ZRH
expires: Sat, 06 Feb 2027 21:38:52 GMT

GET
H2 200 839bd0af2cb7d92ba651.gif
s.plurk.com/emoticons/silver/ 512 B
887 B 36ms
35ms Image
image/gif 2606:4700::6811:4603
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.plurk.com/emoticons/silver/839bd0af2cb7d92ba651.gif
Requested by: Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:4603 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 34e4cb1ce70d09f8c7dcdf9c43aa48a03276686cb06a4005f6e4f90ebb39d5ce

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:52 GMT
cf-cache-status: HIT
age: 299568
cf-polished: status=not_needed
cf-ray: 6e6dc2e3ff5f2325-ZRH
last-modified: Tue, 01 Mar 2022 03:46:27 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 512
x-amz-id-2: Yhk27lyhrSSd8+tSoSygl/FbF8S9CK7JVdR/tRgatdaTnAxnaQMqemb26MLINWmIrEe3Ktmx/D0=
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "615f18f7ea8abc608c4c20eaa667883b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: VZVQHSSV4TNC946P
cache-control: public, max-age=155520000
accept-ranges: bytes
content-type: image/gif
expires: Sat, 06 Feb 2027 21:38:52 GMT

GET
H2 200 plurk.js Show response
ad.sitemaji.com/ypa/ 11 KB
4 KB 33ms
7ms Script
application/javascript 35.186.215.140
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.sitemaji.com/ypa/plurk.js
Requested by: Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.215.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.215.186.35.bc.googleusercontent.com
Software: nginx/1.12.1 (Ubuntu) /
Resource Hash: f859a10c966183e294a531f3dcd134d01620b17539e43e07d6ba9bab76d8e6b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 20:53:53 GMT
via: 1.1 google
last-modified: Thu, 20 Jun 2019 08:48:16 GMT
server: nginx/1.12.1 (Ubuntu)
age: 2699
etag: W/"5d0b4850-2acb"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400,public
content-encoding: br
alt-svc: clear
content-length: 3426
expires: Sat, 05 Mar 2022 20:53:53 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ 114 KB
40 KB 49ms
26ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2de335471454b2f56f418e6541d1092c7ca57c5a3d4b4fa5d91854619a8db2a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40295
x-xss-protection: 0
server: cafe
etag: 1420536722331530182
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 04 Mar 2022 21:38:52 GMT

GET
H2 200 v652eace1692a40cfa3763df669d7439c1639079717194 Show response
static.cloudflareinsights.com/beacon.min.js/ 14 KB
5 KB 82ms
50ms Script
text/javascript 2606:4700::6810:5e41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
Requested by: Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5e41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

Referer: https://www.plurk.com/
Origin: https://www.plurk.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:52 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
server: cloudflare
etag: W/2021.12.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6e6dc2e41f779241-FRA

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 239
date: Fri, 04 Mar 2022 21:34:53 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Fri, 04 Mar 2022 23:34:53 GMT

GET
H2 200 e67b183966200f68093e.woff2
s.plurk.com/plurkiconfont/fonts/ 17 KB
17 KB 24ms
23ms Font
font/woff2 2606:4700::6811:4603
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.plurk.com/plurkiconfont/fonts/e67b183966200f68093e.woff2
Requested by: Host: s.plurk.com
URL: https://s.plurk.com/46d3bef67382eb7440b7.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:4603 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 002885d15671018d6cbea9225dc9ece35a412108c16c533924d127bcc8e8bfdf

Request headers

Referer: https://s.plurk.com/46d3bef67382eb7440b7.css
Origin: https://www.plurk.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:52 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
age: 607821
cf-ray: 6e6dc2e3efafcc4e-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17324
x-amz-id-2: UEG1tAlwmWsptn/CJIF9EcM+D6GgO1zqYNz82vyF31XGP+g4UA3mYEZgUkgpCkgq5Dyodu4Ipng=
last-modified: Fri, 05 Nov 2021 12:30:44 GMT
server: cloudflare
etag: "c3b7fb5936c54759a60414339661ee5a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: T2H37SJPXV263MK2
access-control-allow-origin: *
cache-control: public, max-age=155520000
accept-ranges: bytes
content-type: font/woff2
expires: Sat, 06 Feb 2027 21:38:52 GMT

GET
H2 200 / Show response
ssl.sitemaji.com/geo/ 31 B
222 B 757ms
249ms Script
text/plain 60.199.208.47
TFN-TW Taiwan Fix...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssl.sitemaji.com/geo/?callback=SD.util.geoCache.callback
Requested by: Host: ad.sitemaji.com
URL: https://ad.sitemaji.com/ypa/plurk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 60.199.208.47 , Taiwan, ASN9924 (TFN-TW Taiwan Fixed Network, Telco and Network Service Provider., TW),
Reverse DNS: 60-199-208-47.static.tfn.net.tw
Software: nginx /
Resource Hash: 9aa8ff5b91ae38018f8328431ec7e616b2a991a7e753788c72d3eeec3c5d62a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:52 GMT
cache-control: max-age=86400, public
content-type: text/plain; charset=utf-8
server: nginx
content-encoding: br
vary: Accept-Encoding, Accept-Encoding
expires: Sat, 05 Mar 2022 21:38:52 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 28ms
13ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=431940658&t=pageview&_s=1&dl=https%3A%2F%2Fwww.plurk.com%2Fs%2Fp%2Fohk7l6&ul=en-us&de=UTF-8&dt=VIP(era)_berus%20https%3A%2F%2Fsun9-18.userapi.com%2Fimpg%2F6JB6toNECu-s64gP5ckFkUIat2EeXQJeJc5HXA%2Fvm_VzcUOiNw.jpg%3Fsize%3D1242x11%20-%20%23ohk7l6%20-%20Plurk&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1318304795&gjid=1195918112&cid=1496114140.1646429932&tid=UA-53436-7&_gid=1505610525.1646429932&_r=1&_slc=1&z=544287778

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.plurk.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 04 Mar 2022 21:38:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.plurk.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202280101/ 291 KB
105 KB 49ms
35ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202280101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4485239425924787&plah=www.plurk.com&bust=31065413

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9056f089c4c55beff6a4c0fe7a33e08b6eb83b0954952231567660f763fd5fca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 107221
x-xss-protection: 0
server: cafe
etag: 13565773829967287199
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 04 Mar 2022 21:38:52 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
441 B 61ms
21ms XHR
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-53436-7&cid=1496114140.1646429932&jid=1318304795&gjid=1195918112&_gid=1505610525.1646429932&_u=IEBAAEAAAAAAAC~&z=945615459

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.plurk.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 04 Mar 2022 21:38:52 GMT
content-type: text/plain
access-control-allow-origin: https://www.plurk.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 213 B
643 B 44ms
15ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.plurk.com&callback=_gfp_s_&client=ca-pub-4485239425924787

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202280101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4485239425924787&plah=www.plurk.com&bust=31065413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

5dd23c7c73fb83fbbfacf3276327d384befab7ad420d5d7a5a2869ad7c6e0154

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 198
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 54ms
17ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.plurk.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 04 Mar 2022 21:38:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 45ms
16ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.plurk.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 04 Mar 2022 21:38:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2

200

BE77D3724B83BD26CABB6D6269ED3AD.html Show response
adx.doublemax.net/tos_zone/pb_adg/ Frame C9F9
Redirect Chain

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=100&slotname=plurk%2Fplurk3&adk=2322206435&adf=2809036560&pi=t.ma~as.plurk%2Fplurk3&w=320&lmt=1646429932&...
https://adx.doublemax.net/tos_zone/pb_adg/BE77D3724B83BD26CABB6D6269ED3AD.html

355 B
693 B

1145ms
933ms

Document
text/html

143.204.98.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adx.doublemax.net/tos_zone/pb_adg/BE77D3724B83BD26CABB6D6269ED3AD.html
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202280101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4485239425924787&plah=www.plurk.com&bust=31065413
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-24.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f83acabfc2fa358f1e411196ddd964570fb2c2378cb68b2a7c98f2ec5628c308

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/

Response headers

content-type: text/html
content-length: 355
last-modified: Thu, 17 Jan 2019 03:16:07 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Fri, 04 Mar 2022 21:38:54 GMT
etag: "8474de7144c820319cf4d51ea644e6f7"
x-cache: RefreshHit from cloudfront
via: 1.1 ba77f90aac0ddbc2c4c2c02062fac762.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: WjEe-hanALI_F8Efo6p9TRqJ0H_b8mz5bRR2qTJ5f_72p9Zikv-dQg==

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://adx.doublemax.net/tos_zone/pb_adg/BE77D3724B83BD26CABB6D6269ED3AD.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 04 Mar 2022 21:38:52 GMT
server: cafe
content-length: 46
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 40ms
17ms Image
image/gif 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-53436-7&cid=1496114140.1646429932&jid=1318304795&_u=IEBAAEAAAAAAAC~&z=1549432902

Requested by

Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Mar 2022 21:38:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 45ms
21ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-53436-7&cid=1496114140.1646429932&jid=1318304795&_u=IEBAAEAAAAAAAC~&z=1549432902

Requested by

Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Mar 2022 21:38:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 syndication.js Show response
s.yimg.com/uv/dm/scripts/ 25 KB
9 KB 42ms
9ms Script
application/javascript 2a00:1288:80:807::1
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/uv/dm/scripts/syndication.js

Requested by

Host: ad.sitemaji.com
URL: https://ad.sitemaji.com/ypa/plurk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

b41d3866f039d722abc2f2abf5c97e4b511797010de632d46ae951d637e76602

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
x-amz-request-id: QXXYZAB606TH0BQZ
x-amz-id-2: DAxOa7+sciSlO3Q6F/lPw2Z2iT7eVz0nV0NNz2Ae+sIFrIzsO5B4AS9bMWne46GCKUcEZn30WiM=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 04 May 2021 21:12:47 GMT
server: ATS
etag: "9211c6876ec9718ac70b4fb7a9250114-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-version-id: Lx80WD58sMXOvq52dh4KtN9rCnGOZkN9
x-xss-protection: 1; mode=block
cache-control: public,max-age=60
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 / Show response
partnerads-test.ysm.yahoo.net/ypa/ Frame 3844 2 KB
2 KB 127ms
73ms Document
text/html 2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://partnerads-test.ysm.yahoo.net/ypa/?aws=rev&ct=2&c=000000b82&u=https%3A%2F%2Fwww.plurk.com%2Fs%2Fp%2Fohk7l6&r=&w=1&tv=&tt=cartoon&lo=&ty=&ts=1646429932968&ao=&h=1&CoNo=0485e8c6efd55b3f&dT=1&er=0&si=p-plurk_1%3A100%25x180&psti=eyJkdCI6eyJhdSI6eyJjbCI6Ii8vYWQuc2l0ZW1hamkuY29tL3lwYS9wbHVyay5jc3MifSwiaWlhIjp7ImFsaSI6ImxlZnQifX19

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/uv/dm/scripts/syndication.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS / Express

Resource Hash

c8b74257b6c6791a5ef4781054a6ba2f45e9d331b0b269a4392d931d8c2c4272

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/

Response headers

x-powered-by: Express
content-type: text/html; charset=utf-8
content-length: 1594
etag: W/"63a-NcYu9nypcREsmGs7g/O1VXY+bng"
date: Fri, 04 Mar 2022 21:38:53 GMT
referrer-policy: no-referrer-when-downgrade
age: 0
strict-transport-security: max-age=15552000
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff

GET
H2 200 abppx-201807112148.gif
s.yimg.com/pv/static/img/ 42 B
340 B 119ms
118ms Image
image/gif 2a00:1288:80:807::1
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.yimg.com/pv/static/img/abppx-201807112148.gif?ch=1&rn=5.123989090122028

Requested by

Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:54 GMT
x-content-type-options: nosniff
age: 2
x-amz-server-side-encryption: AES256
vary: Origin
content-length: 42
x-amz-id-2: u/MN+JhABPo2efOVKpYEynVyl8AEbYBp8r+N8I6iPs2k3q14s3eURXZrvCfbcA+TY7mb+CklCfc=
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 11 Jul 2018 21:48:10 GMT
server: ATS
etag: "d89746888da2d9510b64a9f031eaecd5"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: 9JYRDQGRNTW6V3NN
x-xss-protection: 1; mode=block
cache-control: max-age=31536000,public
accept-ranges: bytes
content-type: image/gif
x-amz-meta-x-ysws-access: public
expires: Sat, 05 Sep 2026 00:00:00 GMT

GET
H2 200 abppx-201807112148.gif
s.yimg.com/pv/static/img/ 42 B
181 B 422ms
422ms Image
image/gif 2a00:1288:80:807::1
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.yimg.com/pv/static/img/abppx-201807112148.gif?ch=2&rn=5.123989090122028

Requested by

Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:54 GMT
x-content-type-options: nosniff
age: 2
x-amz-server-side-encryption: AES256
vary: Origin
content-length: 42
x-amz-id-2: +oRiuMqe3bQY1HqCxUrXGtL1FwUmBdP2EJ6UGKx/HqE+lMlmRmxMKojBHF1curr+eyhkHp28Nvo=
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 11 Jul 2018 21:48:10 GMT
server: ATS
etag: "d89746888da2d9510b64a9f031eaecd5"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: 9JYY2HNHB891787K
x-xss-protection: 1; mode=block
cache-control: max-age=31536000,public
accept-ranges: bytes
content-type: image/gif
x-amz-meta-x-ysws-access: public
expires: Sat, 05 Sep 2026 00:00:00 GMT

GET
H2 200 resizeads.js Show response
s.yimg.com/uv/dm/scripts/ Frame 3844 552 B
985 B 10ms
10ms Script
text/javascript 2a00:1288:80:807::1
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/uv/dm/scripts/resizeads.js

Requested by

Host: partnerads-test.ysm.yahoo.net
URL: https://partnerads-test.ysm.yahoo.net/ypa/?aws=rev&ct=2&c=000000b82&u=https%3A%2F%2Fwww.plurk.com%2Fs%2Fp%2Fohk7l6&r=&w=1&tv=&tt=cartoon&lo=&ty=&ts=1646429932968&ao=&h=1&CoNo=0485e8c6efd55b3f&dT=1&er=0&si=p-plurk_1%3A100%25x180&psti=eyJkdCI6eyJhdSI6eyJjbCI6Ii8vYWQuc2l0ZW1hamkuY29tL3lwYS9wbHVyay5jc3MifSwiaWlhIjp7ImFsaSI6ImxlZnQifX19

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

fa4e782ea40343766d7e3fb3abb3617cc2fc1cb8b3ad6804fea38e988e8cc019

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://partnerads-test.ysm.yahoo.net/ypa/?aws=rev&ct=2&c=000000b82&u=https%3A%2F%2Fwww.plurk.com%2Fs%2Fp%2Fohk7l6&r=&w=1&tv=&tt=cartoon&lo=&ty=&ts=1646429932968&ao=&h=1&CoNo=0485e8c6efd55b3f&dT=1&er=0&si=p-plurk_1%3A100%25x180&psti=eyJkdCI6eyJhdSI6eyJjbCI6Ii8vYWQuc2l0ZW1hamkuY29tL3lwYS9wbHVyay5jc3MifSwiaWlhIjp7ImFsaSI6ImxlZnQifX19
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:29:13 GMT
x-amz-meta-created-date: Tue, 26 Sep 2017 21:10:07 GMT
age: 581
x-amz-server-side-encryption: AES256
x-amz-meta-x-ysws-mbst-vtime: 1506460207368868
vary: Origin
x-amz-request-id: 2BDQY48G2EWP8QAD
x-amz-id-2: 0zo0CXid+I07Io7rJx1DwU+krwc84N0G/9pm1mwqzrT0gWuZWoVsFGEmPedi6sxiKHQd3JWANUA=
accept-ranges: bytes
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 09 Mar 2018 19:27:39 GMT
server: ATS
etag: "ac896c9a394bedd6e62ae0f9cb825a3b"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-version-id: null
x-xss-protection: 1; mode=block
cache-control: max-age=600,public
content-length: 552
content-type: text/javascript; charset=utf-8
x-amz-meta-x-ysws-access: public
x-amz-meta-mbst-etag: "YM:1:ae448b35-dea0-4bac-9364-1b107400ba8900055a1e19874aa4"
x-content-type-options: nosniff
expires: Fri, 09 Mar 2018 19:37:38 GMT

GET
H2 200 p
search.yahoo.com/beacon/geop/ 43 B
509 B 137ms
32ms Image
image/gif 2a00:1288:110:c104::2000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://search.yahoo.com/beacon/geop/p?s=1197646563&abk=0&t=1646429933470&cono=0485e8c6efd55b3f&aC=000000b82

Requested by

Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:110:c104::2000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block; report=https://csp.search.yahoo.com/xssreport

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Mar 2022 21:38:53 GMT
x-content-type-options: nosniff
server: ATS
age: 0
expect-ct: max-age=31536000, enforce
strict-transport-security: max-age=31536000
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
cache-control: no-cache, no-store, private
x-envoy-upstream-service-time: 1
content-type: image/gif
content-length: 43
x-xss-protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
referrer-policy: no-referrer-when-downgrade

GET
H2

200

sdk Show response
cdn.aralego.net/ucfad/sdk/us-east/ Frame C9F9
Redirect Chain

https://ads.aralego.com/sdk
https://cdn.aralego.net/ucfad/sdk/us-east/sdk

42 KB
43 KB

121ms
46ms

Script
application/octet-stream

2606:4700:20::681a:567
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Requested by: Host: adx.doublemax.net
URL: https://adx.doublemax.net/tos_zone/pb_adg/BE77D3724B83BD26CABB6D6269ED3AD.html
Protocol: H2
Server: 2606:4700:20::681a:567 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ea014dbd2141838e64f839656dd6eec7e513ebac16b0b811430b3a81b777a58

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4349
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43274
last-modified: Thu, 10 Feb 2022 09:21:22 GMT
server: cloudflare
etag: "6204d912-a90a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bAR%2B1MnRStpjK5WMxP1g2iFkiV2v%2F%2FxzBlSzeiJENVmTyo9HaJwOhrdy3ddelUX%2BRAyEP5ljBL6QT65ZBUNzBJtHAcvAlAjJU1G%2B12PHArKZ8KYVUSTKDRfaUP2VmtZt6juH24UQjUNvNKM5Zw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: max-age=14400
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 6e6dc2f069440e1e-MXP

Redirect headers

Location: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Connection: close
Content-length: 0

GET
H3 200 ucfad-formats.css
cdn.aralego.net/css/dev/ Frame C9F9 975 B
882 B 53ms
29ms Stylesheet
text/css 2606:4700:20::681a:567
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/css/dev/ucfad-formats.css
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:567 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1be00e223b2840fe8ac2d3a1aec0cf757088dd68f53a92275d0e1db6cb9afced

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6179
cf-polished: origSize=1191
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 16 Mar 2018 07:19:46 GMT
server: cloudflare
etag: W/"5aab7012-4a7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AxRecc8pWKk6NZjAI87XK7WlZBB0MgT7O61fZnvvZ2t2GHvhiQdEi853IgBcneimsykZjR6uDBGbXlmh%2FAwOy1Wxj0lW4%2FquzXFVV%2BteiJcFnqWbm62rJycRXcXQW2zUGWLGIHaP6GybJdGDkw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 6e6dc2f0c846375d-MXP
cf-bgj: minify

GET
H/1.1 200
OK idRequest Show response
sync.aralego.com/ Frame C9F9 46 B
495 B 379ms
94ms XHR
text/html 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aralego.com/idRequest?lang=en-US,en&deviceInfo=8416001200&pixRatio=1&font=16px%20%22Times%20New%20Roman%22&
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 Potomac, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 3c4d88296b5dd03d4df0d978de460b9601712e8b19f1d2ad1e10ccde78b6d8e6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:54 GMT
vary: Accept-Encoding
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://adx.doublemax.net
access-control-allow-credentials: true
connection: close
content-length: 46

GET
H/1.1 200
OK ad_request Show response
ads.aralego.com/ Frame C9F9 435 B
1 KB 331ms
151ms XHR
text/html 199.115.117.82
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.aralego.com/ad_request?sw=1600&sh=1200&ifr=1&bl=en-US&je=1&dnt=0&host=adx.doublemax.net&u=https%3A%2F%2Fwww.plurk.com%2F&adid=ad-BE77D3724B83BD26CABB6D6269ED3AD&w=320&h=100&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.4558102537816737&ao=https%3A%2F%2Fwww.plurk.com&lang=en-US%2Cen&deviceInfo=8416001200&pixRatio=1&font=16px%20%22Times%20New%20Roman%22
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 199.115.117.82 Williamsport, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: f9fc6f74a83a6175dafc1007c4c7f2e7b27c90b898a78c6f9703dd0deec3c7ea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 04 Mar 2022 21:38:54 GMT
X-Width: 320
X-Height: 100
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,POST,OPTIONS
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: https://adx.doublemax.net
Access-Control-Expose-Headers: X-Width,X-Height,X-AdStyle,X-AdCap,X-AdWatchUrl,X-AdSource,X-SspId,X-Deal
X-AdSource: PSA
X-Adtype: html
Connection: close
Access-Control-Allow-Credentials: true
Content-Length: 435
X-AdStyle: banner

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 153 KB
53 KB 45ms
45ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6282e2d79780ff7c065f165959b3742f6b7a93fd2b2b46f66ff456c500713b94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53985
x-xss-protection: 0
server: cafe
etag: 8097312047896507900
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 04 Mar 2022 21:38:54 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 13 KB
10 KB 36ms
22ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220302&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2ebbf30515140a4fa1821db868cd5b1aea24817adedae62d5c14460f40ed5797

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 04 Mar 2022 21:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10428
x-xss-protection: 0

POST
H3 200 rum Show response
www.plurk.com/cdn-cgi/ 0
201 B 19ms
18ms XHR
text/plain 2606:4700::6811:4603
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.plurk.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:4603 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.plurk.com/s/p/ohk7l6
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
content-type: application/json

Response headers

date: Fri, 04 Mar 2022 21:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://www.plurk.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6e6dc2f10b1a0200-ZRH
vary: Origin

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 54ms
32ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 04 Mar 2022 21:38:54 GMT

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220302/r20190131/ Frame B2E7 10 KB
4 KB 21ms
6ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220302/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4502
x-xss-protection: 0
date: Fri, 04 Mar 2022 04:18:02 GMT
expires: Fri, 18 Mar 2022 04:18:02 GMT
cache-control: public, max-age=1209600
age: 62452
etag: 4044455266028820542
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 35ms
20ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.plurk.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 04 Mar 2022 21:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 32ms
15ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.plurk.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 04 Mar 2022 21:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 42AE 0
20 B 26ms
15ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&adk=1812271804&adf=3025194257&lmt=1646429934&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.plurk.com%2Fs%2Fp%2Fohk7l6&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646429934300&bpp=1&bdt=2286&idt=1&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D29bf348a7199659f-2234a23654cd00e4%3AT%3D1646429932%3ART%3D1646429932%3AS%3DALNI_MbuJiNzrLBWGMa_cump79eGpBBfwQ&prev_slotnames=plurk%2Fplurk3&nras=1&correlator=987918840044&frm=20&pv=1&ga_vid=1496114140.1646429932&ga_sid=1646429932&ga_hid=431940658&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31065274%2C42531398%2C44750774%2C21066434%2C31065369%2C31065413%2C44758226%2C31064019&oid=2&pvsid=3748432465259471&pem=136&tmod=982871918&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=14

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 04 Mar 2022 21:38:54 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 04 Mar 2022 21:38:54 GMT
cache-control: private

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A5C6 13 KB
5 KB 24ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 04 Mar 2022 15:32:40 GMT
expires: Sat, 04 Mar 2023 15:32:40 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 21974
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B936 783 B
535 B 34ms
18ms Document
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7eeb74dd1718eca39c953fc6368ac6772954493dffe9aa998991e46d7e1b3296

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-to7X590iTCrMpYFzVXNpmA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Fri, 04 Mar 2022 21:38:54 GMT
date: Fri, 04 Mar 2022 21:38:54 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-to7X590iTCrMpYFzVXNpmA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 wpnNdEHEE-H-HWkGYo82vcEULjX7WQfOj--jYhPbLdo.js Show response
pagead2.googlesyndication.com/bg/ Frame A5C6 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/wpnNdEHEE-H-HWkGYo82vcEULjX7WQfOj--jYhPbLdo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c299cd7441c413e1fe1d6906628f36bdc1142e35fb5907ce8fefa36213db2dda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 21:00:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 175127
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13712
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 02 Mar 2023 21:00:07 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B936 0
0 55ms
55ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220302&jk=3748432465259471&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A5C6 0
9 B 7ms
6ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?J-1ICg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 init.js Show response
cdn.doublemax.net/js/ Frame B4B1 6 KB
2 KB 47ms
24ms Script
application/javascript 143.204.98.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doublemax.net/js/init.js
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-24.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: UdwMmUAM2dmZqopCO7YOeMhqjXQRxqvB
content-encoding: gzip
last-modified: Fri, 04 Mar 2022 10:10:49 GMT
server: AmazonS3
age: 56
etag: W/"439e160b698f1ec2efb45c3b6cd6b265"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 ba77f90aac0ddbc2c4c2c02062fac762.cloudfront.net (CloudFront)
date: Fri, 04 Mar 2022 21:38:54 GMT
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: YgK__aQqu90_wbuxRl8RuNPsmaAukohORl5L7-ky5bR07Wr96smp4g==

GET
H3 200 cookieSyncIframe.html Show response
cdn.aralego.net/ucfad/cookie/ Frame 29A9 714 B
839 B 27ms
27ms Document
text/html 2606:4700:20::681a:567
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html
Requested by: Host: ads.aralego.com
URL: https://ads.aralego.com/sdk
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:567 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36a7d95f2760a813f3e782dfc125ea786174d581d6f6f896021d6994e9514bd6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/

Response headers

date: Fri, 04 Mar 2022 21:38:54 GMT
content-type: text/html
last-modified: Wed, 09 Feb 2022 05:59:13 GMT
access-control-allow-credentials: true
cache-control: max-age=14400
cf-cache-status: HIT
age: 2753
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mZ7yB0li3dewjy1ginw%2FvyFEL3PJiq4cIQxxkMrfTc8Rbkxcvz62LApOMkImzaZZdvFY7iG0xbi1UfsIA%2BnDpZT06h7tChOg6KASfqY9wO8sj4Q0mkZzSntFNaIdgIXkwfBKB%2Bdhp4dwwEd13Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 6e6dc2f30d33375d-MXP
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET

idsync
sync.aralego.com/ Frame C9F9
Redirect Chain

https://sync.aralego.com/idsync?
https://pr-bh.ybp.yahoo.com/sync/ucfunnel/efd8abdb-be81-361f-95d4-aed59e62fa8d?gdpr=0&euconsent=
https://sync.aralego.com/idsync?ucf_nid=dsp-AE38A6E4BB372DE1838A748E89487D9&ucf_user_id=y-ClIvh2pE2oVvMB1S.S81zxxqH0eWRwCK536O9SM-~A&redirect=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
https://sync.aralego.com/idsync?ucf_nid=dsp-9A2296D7D389BBA3144262983D2B9AEB&ucf_user_id=984a52c7-8b0e-46a4-b79e-1482309806f5
https://pr-bh.ybp.yahoo.com/sync/ucfunnel/efd8abdb-be81-361f-95d4-aed59e62fa8d?gdpr=0&euconsent=
https://sync.aralego.com/idsync?ucf_nid=dsp-AE38A6E4BB372DE1838A748E89487D9&ucf_user_id=y-ClIvh2pE2oVvMB1S.S81zxxqH0eWRwCK536O9SM-~A&redirect=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
https://sync.aralego.com/idsync?ucf_nid=dsp-9A2296D7D389BBA3144262983D2B9AEB&ucf_user_id=984a52c7-8b0e-46a4-b79e-1482309806f5
https://pr-bh.ybp.yahoo.com/sync/ucfunnel/efd8abdb-be81-361f-95d4-aed59e62fa8d?gdpr=0&euconsent=
https://sync.aralego.com/idsync?ucf_nid=dsp-AE38A6E4BB372DE1838A748E89487D9&ucf_user_id=y-ClIvh2pE2oVvMB1S.S81zxxqH0eWRwCK536O9SM-~A&redirect=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
https://sync.aralego.com/idsync?ucf_nid=dsp-9A2296D7D389BBA3144262983D2B9AEB&ucf_user_id=984a52c7-8b0e-46a4-b79e-1482309806f5
https://pr-bh.ybp.yahoo.com/sync/ucfunnel/efd8abdb-be81-361f-95d4-aed59e62fa8d?gdpr=0&euconsent=
https://sync.aralego.com/idsync?ucf_nid=dsp-AE38A6E4BB372DE1838A748E89487D9&ucf_user_id=y-ClIvh2pE2oVvMB1S.S81zxxqH0eWRwCK536O9SM-~A&redirect=

0
0

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame A4CB 3 KB
3 KB 52ms
9ms Document
text/html 2600:9000:2156:fc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.doublemax.net
URL: https://cdn.doublemax.net/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:fc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8eb77b6a3db49c1cc3904f868005225a0d9a2807dcdde5ec43c8f7088019ce6d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/

Response headers

content-type: text/html
content-length: 3043
last-modified: Fri, 04 Mar 2022 10:17:59 GMT
x-amz-version-id: CaFvSLowlTrg6zTGbyfs606VxI47OIyx
accept-ranges: bytes
server: AmazonS3
date: Fri, 04 Mar 2022 21:38:18 GMT
etag: "ba54836b3633c54707c162ea70d674cf"
x-cache: Hit from cloudfront
via: 1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: jGkfOO-_1mmZNdsAP-saW0C9T3fMIwEajW5osZ2GisQKbUwCMPPR7Q==
age: 52

GET
H2 200 edmp_init.js Show response
cdn.holmesmind.com/js/ Frame B4B1 662 B
1013 B 52ms
9ms Script
application/javascript 2600:9000:2156:fc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/edmp_init.js
Requested by: Host: cdn.doublemax.net
URL: https://cdn.doublemax.net/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:fc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront)
last-modified: Fri, 12 Mar 2021 02:45:40 GMT
server: AmazonS3
age: 51
etag: "f58f8a90686f8ffb3325107e8a788b71"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 04 Mar 2022 21:38:20 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 662
x-amz-cf-id: xfP-4_LBTlWGeg05V8QlV302EBLyn-abScqo1TZQhorKNwDnWmEk-Q==

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame 2E42 6 KB
6 KB 44ms
10ms Script
application/javascript 2600:9000:2156:fc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js
Requested by: Host: cdn.doublemax.net
URL: https://cdn.doublemax.net/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:fc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 15eb44d26f736a4a625736e93a080257b8914784fd0b8a77878e6200a30e81b3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront)
last-modified: Tue, 12 Oct 2021 03:41:12 GMT
server: AmazonS3
age: 51
etag: "7b6f1f02da49bb8037c73f66f2ec33ec"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 04 Mar 2022 21:38:20 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 6165
x-amz-cf-id: 7jNq4xw4NIeI2bh5JwyrMxNYgmDFlHgNt6xpUoRkJsyScyO4o6xVWw==

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 29A9 82 KB
28 KB 43ms
20ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.aralego.net
URL: https://cdn.aralego.net/ucfad/cookie/cookieSyncIframe.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

1a1ceef0848eb5ea2c816e56c35b6be9fcee9295c976ac5b0da03d4552d9ac4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27990
x-xss-protection: 0
server: sffe
etag: "1150 / 974 of 1000 / last-modified: 1646414401"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 04 Mar 2022 21:38:54 GMT

GET
H2 200 Preset.js Show response
adcdn.holmesmind.com/adserver/ Frame 2E42 639 B
660 B 73ms
14ms Script
text/html 2600:9000:2156:ba00:3:1794:2540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adcdn.holmesmind.com/adserver/Preset.js?z=8511
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ba00:3:1794:2540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: aa74fa265058380095577551c1db6e7eb3850ceeac5b939c18d0b2c708d6aab6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:33:55 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
age: 298
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://adx.doublemax.net
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 44E3jdm4B0p4wSl4zoB-e7bO7P_32Tpg9118AQksBiRoppK-pd0g2Q==
via: 1.1 baaf38f0a0d54e4834bf934fa5189cea.cloudfront.net (CloudFront)

GET cm.php
fcm.holmesmind.com/ Frame 3986 0
0

GET
H2

200

cm
c.holmesmind.com/ Frame A4CB
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
508 B

120ms
120ms

Image
text/html

35.201.76.93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.201.76.93 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:54 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: clear
content-type: text/html; charset=UTF-8

Redirect headers

location: https://c.holmesmind.com/cm?tc=getIn&
date: Fri, 04 Mar 2022 21:38:54 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: clear
content-type: text/html; charset=UTF-8

GET
H3 200 pubads_impl_2022030101.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 29A9 365 KB
122 KB 22ms
7ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030101.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

0bc44ea79e71bea23b78759ad6113a2106a0708b2db4988b73f47f3aa10f78fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 18:10:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12524
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124868
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 09:35:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 04 Mar 2023 18:10:10 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 29A9 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=cdn.aralego.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 04 Mar 2022 21:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 29A9 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=cdn.aralego.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 04 Mar 2022 21:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 29A9 307 B
157 B 46ms
45ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=919800321716817&correlator=830559329630557&eid=31064961%2C21068767&output=ldjh&gdfp_req=1&vrg=2022030101&ptt=17&impl=fifs&sc=1&sfv=1-0-38&ecs=20220304&iu_parts=18087395%2Ccookie&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&cdm=cdn.aralego.net&abxe=1&dt=1646429934716&lmt=1644386353&dlt=1646429934591&idt=109&ea=0&biw=-12245933&bih=-12245933&oid=2&adxs=-12245933&adys=-12245933&ucis=t66j38ctk8c3&adks=64515409&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nhd=2&url=https%3A%2F%2Fcdn.aralego.net%2Fucfad%2Fcookie%2FcookieSyncIframe.html&ref=https%3A%2F%2Fadx.doublemax.net%2F&top=https%3A%2F%2Fadx.doublemax.net%2F&frm=8&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=0x-1&ga_vid=338015385.1646429935&ga_sid=1646429935&ga_hid=554758045&ga_fc=false&fws=256&ohw=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

814b5fc8ccdcfc829bff4c7a4d273a3c26eda0b49d53ae80ccffc509abb52989

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:54 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://cdn.aralego.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
f996d5254144482816c9e2170e0f41eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 712B 6 KB
4 KB 50ms
14ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f996d5254144482816c9e2170e0f41eb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 04 Mar 2022 21:38:54 GMT
expires: Sat, 04 Mar 2023 21:38:54 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame 2E42 2 KB
1 KB 772ms
261ms Script
text/html 35.74.202.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=8511&rf=https%3A%2F%2Fadx.doublemax.net%2Ftos_zone%2Fpb_adg%2FBE77D3724B83BD26CABB6D6269ED3AD.html&n=340&o=1&d=1&b=2&ts=1&ii=2&FPCK=9389-2q9uuFjOJvER2IUAb2GJPufi2tSRF481&initver=210830P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.74.202.76 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-74-202-76.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: ddc3d7fd84b25937658d568be562c0ec631a928afe3c8eafd476234a15c08bab

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: https://adx.doublemax.net
date: Fri, 04 Mar 2022 21:38:55 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 rtbhouseV2.js Show response
banner-cfnetwork.cdn.hinet.net/js/ Frame 2E42 3 KB
1 KB 1170ms
286ms Script
application/javascript 202.39.67.6
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://banner-cfnetwork.cdn.hinet.net/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 202.39.67.6 New Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 202-39-67-6.hinet-ip.hinet.net
Software: HiNetCDN/2108 /
Resource Hash: d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:55 GMT
via: 1.1 b0abe882e46bdc540eee38204e28d758.cloudfront.net (CloudFront)
content-type: application/javascript
last-modified: Tue, 04 Aug 2020 09:25:10 GMT
server: HiNetCDN/2108
x-amz-cf-pop: TPE51-C1
etag: W/"6a605eea47197fa280f27aaf1fa1521d"
vary: Accept-Encoding
x-cache: HIT
x-amz-version-id: null
content-encoding: br
x-amz-cf-id: FjI7oz1YeMtYo_TjEJ_qcontlh-AihY8KEyzPAmrTPmloobGnK0A_g==
x-request-id: 2ad76bbb153401b8d971f50742495219

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame 2E42 128 KB
42 KB 62ms
29ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

2b393bb3b10ebc669e26880f42307f502cc8a84ed0e0b873c4155de8b8639cbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:54 GMT
content-encoding: gzip
last-modified: Fri, 25 Feb 2022 21:31:20 GMT
server: nginx
etag: W/"62194aa8-200be"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 05 Mar 2022 21:38:54 GMT

GET
H2 200 criteoV2.js Show response
banner-cfnetwork.cdn.hinet.net/js/ Frame 2E42 2 KB
973 B 1170ms
286ms Script
application/javascript 202.39.67.6
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://banner-cfnetwork.cdn.hinet.net/js/criteoV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 202.39.67.6 New Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 202-39-67-6.hinet-ip.hinet.net
Software: HiNetCDN/2108 /
Resource Hash: e2db1774aabd2443e6c741954f5e1071912a7a99f6e4151bc83d342554976d32

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:55 GMT
via: 1.1 239ab88732bfa02ab05c2b2116638aea.cloudfront.net (CloudFront)
content-type: application/javascript
last-modified: Tue, 04 Aug 2020 09:25:12 GMT
server: HiNetCDN/2108
x-amz-cf-pop: TPE51-C1
etag: W/"e8f33fcb581483ced4a09b3c8e7550e4"
vary: Accept-Encoding
x-cache: HIT
x-amz-version-id: null
content-encoding: br
x-amz-cf-id: TCkQeWtl65srgowp5xuAAku6yKmYx2qOCpkWhM274SdLehGMnZCzqQ==
x-request-id: feb40afd7002ca12d786ef1d2b4411c2

GET
H2 200 bridgewellV3.js Show response
banner-cfnetwork.cdn.hinet.net/js/ Frame 2E42 4 KB
1 KB 1189ms
306ms Script
application/javascript 202.39.67.6
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://banner-cfnetwork.cdn.hinet.net/js/bridgewellV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 202.39.67.6 New Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 202-39-67-6.hinet-ip.hinet.net
Software: HiNetCDN/2108 /
Resource Hash: c03c604cd89b4ab78da516a6271fbc1b4027e9d232ee55e09e0f43e49e2c169b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:55 GMT
via: 1.1 cda2fe8856474897aae1c45c7f104fba.cloudfront.net (CloudFront)
content-type: application/javascript
last-modified: Tue, 20 Apr 2021 06:25:23 GMT
server: HiNetCDN/2108
x-amz-cf-pop: TPE51-C1
etag: W/"c3b948e5a48dd0ec20c265d6d8da7add"
vary: Accept-Encoding
x-cache: HIT
x-amz-version-id: null
content-encoding: br
x-amz-cf-id: nSBS7NpMiFjDheo0mHB3wXJ3eGRgYha1q64xC3wb6-IXtAGwsojLZw==
x-request-id: 82df1511332037c90282f0db6866e744

GET
H2 200 appierV2.js Show response
banner-cfnetwork.cdn.hinet.net/js/ Frame 2E42 3 KB
1 KB 1179ms
296ms Script
application/javascript 202.39.67.6
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://banner-cfnetwork.cdn.hinet.net/js/appierV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 202.39.67.6 New Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 202-39-67-6.hinet-ip.hinet.net
Software: HiNetCDN/2108 /
Resource Hash: 8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:55 GMT
via: 1.1 8eb592ef19bb227df1ae5ebf377260cc.cloudfront.net (CloudFront)
content-type: application/javascript
last-modified: Thu, 11 Mar 2021 07:54:26 GMT
server: HiNetCDN/2108
x-amz-cf-pop: TPE51-C1
etag: W/"548ed610a8571343fb3022f543174735"
vary: Accept-Encoding
x-cache: HIT
x-amz-version-id: null
content-encoding: br
x-amz-cf-id: 5yIfQLFkwmzJqmVOhFjUxiWk6kN0ZbkVTyuHM0lHOqBIVIqIhOs35A==
x-request-id: 8549d4ff99a243d95dc419ea11edeb40

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 29A9 13 KB
10 KB 23ms
23ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022030101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6e59e0546d2f88f3db083b7327a803fc7b010494fd51611e0352dba207c34d97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 04 Mar 2022 21:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10457
x-xss-protection: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame A427 13 KB
5 KB 66ms
22ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.plurk.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

f408ea8d108fb46b0ec7612b384c10211e19f6a21592b34a042751697f4249cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 2202
date: Fri, 04 Mar 2022 21:38:54 GMT
content-length: 5145
strict-transport-security: max-age=31536000; preload;

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 29A9 17 KB
6 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 04 Mar 2022 21:38:54 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B08D 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 04 Mar 2022 15:32:40 GMT
expires: Sat, 04 Mar 2023 15:32:40 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 21974
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame FC54 783 B
535 B 18ms
18ms Document
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

eb9bfe773bdbe4b3fcab275086c32a32ce9185470860c9eacc6dc4f0f541a51b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Gz8ldfuik6jx7LY7Vbty4g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Fri, 04 Mar 2022 21:38:54 GMT
date: Fri, 04 Mar 2022 21:38:54 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-Gz8ldfuik6jx7LY7Vbty4g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 wpnNdEHEE-H-HWkGYo82vcEULjX7WQfOj--jYhPbLdo.js Show response
pagead2.googlesyndication.com/bg/ Frame B08D 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/wpnNdEHEE-H-HWkGYo82vcEULjX7WQfOj--jYhPbLdo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c299cd7441c413e1fe1d6906628f36bdc1142e35fb5907ce8fefa36213db2dda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 21:00:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 175127
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13712
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 02 Mar 2023 21:00:07 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame FC54 0
0 43ms
43ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022030101&jk=919800321716817&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2

200

sid Show response
mug.criteo.com/ Frame A427
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=adx.doublemax.net&sn=ChromeSyncframe&so=0&topUrl=www.plurk.com&lsw=1
https://mug.criteo.com/sid?cpp=joaqsXxvbmlycGUyMXhzYjR6SXl3TlJ1VldLNVB2cTJMMEp1dHFRVGNKWWtrak1kM1BybTFWV3ZpL2NDLzZzYU5UYmZlV0YyS1BIc3o3TUgvWU8wUllJbE5WamE3UHdQOWtRWVg0WVM4TG9iWnM2NXNNSHZqVUFiM2Nxel...

433 B
632 B

57ms
18ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=joaqsXxvbmlycGUyMXhzYjR6SXl3TlJ1VldLNVB2cTJMMEp1dHFRVGNKWWtrak1kM1BybTFWV3ZpL2NDLzZzYU5UYmZlV0YyS1BIc3o3TUgvWU8wUllJbE5WamE3UHdQOWtRWVg0WVM4TG9iWnM2NXNNSHZqVUFiM2NxelorZnc3R0w0R2NvR0UvTDBZeDZlOWRjT2tUZktkMlF3ZitSaGhLK0pmbU12dWxodUUrU3dHbnorZ01EdG5EWGR5cmxPYnN6NEh5MnRXY0xGWS81M2xQNmh3TWtaUDlQUitnaXN1U1cxYmIzQmViUlJCTktwL3M2QXdHTkJuZ2ZZcXRUeXl3NitrOTFMa2JlUmtmSm9vak4wQjBQQU81aGd0ODFaZTA3N29oOVYrK1dEVFVhWT18&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

b5daee428c074e27f87706721e92466d005c5a1aa2054d8fc8d6df1540a2b3d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Mar 2022 21:38:54 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 6147
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 04 Mar 2022 21:38:54 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=joaqsXxvbmlycGUyMXhzYjR6SXl3TlJ1VldLNVB2cTJMMEp1dHFRVGNKWWtrak1kM1BybTFWV3ZpL2NDLzZzYU5UYmZlV0YyS1BIc3o3TUgvWU8wUllJbE5WamE3UHdQOWtRWVg0WVM4TG9iWnM2NXNNSHZqVUFiM2NxelorZnc3R0w0R2NvR0UvTDBZeDZlOWRjT2tUZktkMlF3ZitSaGhLK0pmbU12dWxodUUrU3dHbnorZ01EdG5EWGR5cmxPYnN6NEh5MnRXY0xGWS81M2xQNmh3TWtaUDlQUitnaXN1U1cxYmIzQmViUlJCTktwL3M2QXdHTkJuZ2ZZcXRUeXl3NitrOTFMa2JlUmtmSm9vak4wQjBQQU81aGd0ODFaZTA3N29oOVYrK1dEVFVhWT18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1801
content-length: 567
expires: 0

GET
H2 200 landing.php Show response
fp.holmesmind.com/ Frame D706 0
217 B 297ms
274ms Document
text/html 34.117.219.39
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=8014-53WT28pV3unDJgToyy250DlJz9b14sy8&CFFPCKUUID=3655-QtAk0ZNU9lIHKl3kykRCEuQX9QyWchDM&url=https%3A%2F%2Fadx.doublemax.net%2Ftos_zone%2Fpb_adg%2FBE77D3724B83BD26CABB6D6269ED3AD.html&maindomain=doublemax.net
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.219.39 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 39.219.117.34.bc.googleusercontent.com
Software: nginx/1.20.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/

Response headers

server: nginx/1.20.0
date: Fri, 04 Mar 2022 21:38:55 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: x-requested-with,content-type
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 2E42 4 KB
2 KB 950ms
281ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

1419b8b18e2084e1d79ca111dba4eb9ea7dd22171029e13467e77d90c3f1a06e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:55 GMT
content-encoding: gzip
last-modified: Wed, 23 Feb 2022 08:43:40 GMT
server: nginx
etag: W/"6215f3bc-11a3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
strict-transport-security: max-age=0
expires: Fri, 04 Mar 2022 21:48:55 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame B08D 0
9 B 6ms
6ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?jzHUGQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220302&jk=3748432465259471&bg=!7e6l7qrNAAb7UztL-1M7ACkAdvg8Wg0RZSWr5LPVI9l7lwpjtJfMRYyq6hvZ_Db2AL1Y5WTG3LXC7AIAAABoUgAAAAFoAQeZApRrwuhWXheVEP5xXxXZJs-UxW3Wcu037aTXgef8B9H-RDv86NTgGB7UovwWtA2kVRk8O9nFRgA26Mqzcjy4gDYPE2cmQdNS3AUy7jU7ZNaE7Qxj4zseyFp8LRZdZsbaRsYUdv0eZyVDnUlU10CkotsRZIaRY2QnBn_gE8uld1FMvEkS07to4UPGghsGWHC6Ic9I6SkUFhAVkvSIum9NQ0PnVikn9klHWqBVexnL-IxfIm-46zMxklpFQJEuBjbBf6pZEl-VIn19VMqEAHip8PINsA5t5v2kFdqXSW2EWFO-p0CSBXGEREI9KIl_CnzcsEn062_XYiQ_98IHUTA7PG9gQxxW7USgvUnxAYLwhZAn79yiERnJPiyZb-BHWIKKOrQn0c6rZo5AYkFoOD4fH8-krnsDnAUuQOO33Um40AKg8RsGwaJeMlAXWKSksS3n2p-lRv-MYwPuUcZzxnJraxdrZFolaUd-Khz2a-zeyWvim-0sEhYjwjTZsjpSTKG-KdcNLMN8yNaWkdWVaB25pMh8l8XpVNsq9F-OVoFb9rmIWVAhTCgxNDVIqdArbpfdhx6D8uM8paucPFiiFomV1ybTT6EuKdarjBk4gx6No1UwjyYeqQMj76JbfyLqbHOlysA5714NJ8Aa1zzWGqtRvhZAbKdE4MsphWPSkdshY_HgN5hETR4zh50ZAkCcUwFBD5tnovxuicj8BELgvoXJv7S0Mby1f1yaE6xTGdnqY8TlOybIqf_wPD8tluMNtXL2RtBev3Xs2EpYzOaYJHdx6CWZwh0t01sSX9tvcMN8llm-XZYdmdM4eXKTwE5RL4BmLb5P4Xe5pZzDgzsnGjH3NlEdGl3DM2zs-GZ9gz5l-_VZvVLbx7o

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.plurk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Mar 2022 21:38:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 29A9 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022030101&jk=919800321716817&bg=!5Oel56PNAAb7UztL-1M7ACkAdvg8WhRI4ih-KDIzHCkV5niKQEzsG2eXn0aVE_cLNJ5VyHB4B2MBywIAAABPUgAAAARoAQcKABNkw0TWwwmu32AhFjwDRbNr6dW_mQLIYAceF6EXWjv3Yt3bdes12fnh-iGZb6KfQlEdmOJw5-qKKjG00wSU3tXnBxrJDPe-vvlq29QFPqOmtjtIzX0e51AiCIotLlOLjV3QrA7PNkOBItVa7UPtMq2eij6TfxTydMdwormW8Mmldof9G0UV91eXGtaPI_A1yZOhOt--E_71eTfy0tMyc0gdhIZZaWbBWD15cJnM08HFnqSov4UwF-iFdL2HDmfZ_dMVUbo20RwhKhB9gzGYv3VVM88M1N6Y25BkX62ElfRCS_S7BT610Ce89nCSoTYqSWHzJXLRfMA2-g6R_ABp5biTGWKu7sh075ZbiEdqLtbfqWwaZJ3j16FHe4Cfs-F-mfFGqxEEeTHdo6gyHtT5q-jczV3wKVNxYvzOAuVcDaYolALVn3ZqAVuF3WHqjBWOncgAzhySTArZGWNR6T6Z8z50xW-A-YPkRsTaTe6suPjkfSnm-n_P2WCbJFjoRrAVg7UgTA_Ttaf-zEmi6Ls6hrPzLmpgihgOacGj3iUBC9E9bag-jN-dRGBlRsUBQ1ioskBgb4FQ1Dc3-MIODwGSE2S13-s16F0MOi_zpUVqhwy-luV7jxROKCeeg9cRAU8oqg95SWu3yUId2Ar7BoKzYthCxiNLtH9hng21B-40a_D9ToaFq-x4a7YxTLfdAKH19l9715NCTpNyGoO_fgz-OAicrqf9PHGX1XEjQ7oEwb92DuE8hgOXmmS4N2Q97xjSifpsK2l2L7un4VriVOEp088Fpdru8Ys9WUstlMfGDgtZMnRu688yAPSBOyY-ItfITWUuO4gNzWpmLh4sBI3dnDVaaOg7gcy4A5X6wU6jHy8JOqDBo9PMlR6IbiepXFXLtovGi_FkUBtDPXoLCpO2pBVtqhnf2KBRUiqfOdX1ufqN3YFJMZdu-jjFf72lRYDIy0Q4g7a4KuZXcSNxcsezYg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Mar 2022 21:38:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame 2E42 10 KB
10 KB 13ms
13ms Script
application/javascript 2600:9000:2156:fc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=8511&rf=https%3A%2F%2Fadx.doublemax.net%2Ftos_zone%2Fpb_adg%2FBE77D3724B83BD26CABB6D6269ED3AD.html&n=340&o=1&d=1&b=2&ts=1&ii=2&FPCK=9389-2q9uuFjOJvER2IUAb2GJPufi2tSRF481&initver=210830P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:fc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront)
last-modified: Fri, 16 Oct 2020 09:58:46 GMT
server: AmazonS3
age: 43
etag: "84d8b1a745228113e60f5e62f0eff6d3"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 04 Mar 2022 21:38:55 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 10359
x-amz-cf-id: UnAfWOJH_w8ZMwd_KA3FXw6apcUlCuzdOZDrWP2Rso6F-cQvAeFxpg==

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 2E42 37 B
408 B 285ms
285ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

3c1689999e0f76f3d79780d4e560ef986b8815e46201a6ac7fb9ca4986c83e20

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:56 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://adx.doublemax.net
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

POST
H/1.1 204
No Content prebid.aspx Show response
prebid.scupio.com/recweb/ Frame 2E42 0
288 B 1189ms
294ms XHR
text/html 210.59.219.181

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.scupio.com/recweb/prebid.aspx?cb=0.0026605796205991794
Requested by: Host: banner-cfnetwork.cdn.hinet.net
URL: https://banner-cfnetwork.cdn.hinet.net/js/bridgewellV3.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 210.59.219.181 -, , ASN (),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://adx.doublemax.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 04 Mar 2022 21:38:56 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: text/html
Access-Control-Allow-Origin: https://adx.doublemax.net
Cache-Control: private
Access-Control-Allow-Credentials: true

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame FAB9 153 KB
53 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b269686665f369d6a39ec17e7c8b957a22d81753a3107d3eb1f8c74f4be2b8b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53869
x-xss-protection: 0
server: cafe
etag: 5345318643840822150
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 04 Mar 2022 21:38:56 GMT

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame 2E42 30 B
277 B 285ms
285ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=0b4e3218-27fe-4f62-8bd9-1895f482d711

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:56 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://adx.doublemax.net
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203030101/ Frame FAB9 292 KB
105 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4126554779393986&plah=adx.doublemax.net&bust=31065508

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fc928186135ad735396e1c1f433c0a3665a7fede0886338ce36a670578c81c90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 107540
x-xss-protection: 0
server: cafe
etag: 7546905052359100282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 04 Mar 2022 21:38:56 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame FAB9 107 B
122 B 17ms
17ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=adx.doublemax.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4126554779393986&plah=adx.doublemax.net&bust=31065508

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 04 Mar 2022 21:38:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame FAB9 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=adx.doublemax.net

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 04 Mar 2022 21:38:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 52F6 23 KB
11 KB 164ms
164ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4126554779393986&output=html&h=100&slotname=2341765805&adk=1529688458&adf=647216822&pi=t.ma~as.2341765805&w=320&psa=0&format=320x100&url=https%3A%2F%2Fwww.plurk.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646429936191&bpp=3&bdt=73&idt=84&shv=r20220302&mjsv=m202203030101&ptt=9&saldr=aa&correlator=442955703065&frm=24&ife=1&pv=2&ga_vid=1783807923.1646429936&ga_sid=1646429936&ga_hid=339723509&ga_fc=0&nhd=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1218236473&scr_x=-12245933&scr_y=-12245933&eid=42531398%2C44750773%2C31065508%2C44758227%2C31064018&oid=2&pvsid=200926058602320&pem=86&tmod=616443495&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mh6zzu6w2gmq&fsb=1&dtd=97

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

59934b022f8f857c9300596acc28a888acb7ac4ecb41a0491bf4f9c082e648fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 04 Mar 2022 21:38:56 GMT
server: cafe
content-length: 11048
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame FAB9 14 KB
10 KB 22ms
22ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220302&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01e21072b14dc21636c6628ec067fb736bb919c21d80609aeb04c79ac497f6ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 04 Mar 2022 21:38:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10505
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame FAB9 17 KB
6 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 04 Mar 2022 21:38:56 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8155 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 04 Mar 2022 15:32:40 GMT
expires: Sat, 04 Mar 2023 15:32:40 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 21976
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame DE12 783 B
536 B 18ms
18ms Document
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

96211dcf381cb7d33a171d3f44890c7958772bf76529366146790c421c1b71eb

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-FENs14qGIhwVvxx8jnPHkQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Fri, 04 Mar 2022 21:38:56 GMT
date: Fri, 04 Mar 2022 21:38:56 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-FENs14qGIhwVvxx8jnPHkQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 wpnNdEHEE-H-HWkGYo82vcEULjX7WQfOj--jYhPbLdo.js Show response
pagead2.googlesyndication.com/bg/ Frame 8155 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/wpnNdEHEE-H-HWkGYo82vcEULjX7WQfOj--jYhPbLdo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c299cd7441c413e1fe1d6906628f36bdc1142e35fb5907ce8fefa36213db2dda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 21:00:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 175129
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13712
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 02 Mar 2023 21:00:07 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame DE12 0
0 55ms
54ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220302&jk=200926058602320&rc=
Requested by: Host: adx.doublemax.net
URL: https://adx.doublemax.net/tos_zone/pb_adg/BE77D3724B83BD26CABB6D6269ED3AD.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame 2E42 0
193 B 287ms
287ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=8014-53WT28pV3unDJgToyy250DlJz9b14sy8&mp=0b4e3218-27fe-4f62-8bd9-1895f482d711

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:56 GMT
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://adx.doublemax.net
cache-control: no-cache, private
access-control-allow-credentials: true
strict-transport-security: max-age=0

GET
H2 200 pixel
0b4e3218-27fe-4f62-8bd9-1895f482d711.t.ssp.hinet.net/ Frame 2E42 0
80 B 1212ms
281ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0b4e3218-27fe-4f62-8bd9-1895f482d711.t.ssp.hinet.net/pixel?bd=0b4e3218-27fe-4f62-8bd9-1895f482d711&t=50ef57

Requested by

Host: adx.doublemax.net
URL: https://adx.doublemax.net/tos_zone/pb_adg/BE77D3724B83BD26CABB6D6269ED3AD.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:57 GMT
server: nginx
content-length: 0
strict-transport-security: max-age=0
content-type: image/png

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 8155 0
9 B 7ms
6ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?qN9Mqw
Requested by: Host: adx.doublemax.net
URL: https://adx.doublemax.net/tos_zone/pb_adg/BE77D3724B83BD26CABB6D6269ED3AD.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 5088 624 B
297 B 20ms
19ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY_IGqXTAB&v=APEucNXNwUrTf5QSGoGrUjpEs5VzXLweR1o6tk53Wl8eQr1obLRi-fnw9a_No66HgTPgMfc90jkMHJh8lbkyWiTMr05x6WE5qvxY_-F8sIh2p8NHLR5AiG6Y8I0Ei5Rnn7Ym6o-qAb22hEvPTT03kCQlDI21W5ntF8SzxmRI7iOgIgdoSpUiogM

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4126554779393986&output=html&h=100&slotname=2341765805&adk=1529688458&adf=647216822&pi=t.ma~as.2341765805&w=320&psa=0&format=320x100&url=https%3A%2F%2Fwww.plurk.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646429936191&bpp=3&bdt=73&idt=84&shv=r20220302&mjsv=m202203030101&ptt=9&saldr=aa&correlator=442955703065&frm=24&ife=1&pv=2&ga_vid=1783807923.1646429936&ga_sid=1646429936&ga_hid=339723509&ga_fc=0&nhd=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1218236473&scr_x=-12245933&scr_y=-12245933&eid=42531398%2C44750773%2C31065508%2C44758227%2C31064018&oid=2&pvsid=200926058602320&pem=86&tmod=616443495&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mh6zzu6w2gmq&fsb=1&dtd=97

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4126554779393986&output=html&h=100&slotname=2341765805&adk=1529688458&adf=647216822&pi=t.ma~as.2341765805&w=320&psa=0&format=320x100&url=https%3A%2F%2Fwww.plurk.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646429936191&bpp=3&bdt=73&idt=84&shv=r20220302&mjsv=m202203030101&ptt=9&saldr=aa&correlator=442955703065&frm=24&ife=1&pv=2&ga_vid=1783807923.1646429936&ga_sid=1646429936&ga_hid=339723509&ga_fc=0&nhd=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1218236473&scr_x=-12245933&scr_y=-12245933&eid=42531398%2C44750773%2C31065508%2C44758227%2C31064018&oid=2&pvsid=200926058602320&pem=86&tmod=616443495&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mh6zzu6w2gmq&fsb=1&dtd=97

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 04 Mar 2022 21:38:56 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame DB50 26 KB
15 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A92bdNY5zx2zHwds7e6PoFTP7u3P55OGGncTzMwHmgmprZmo3L0Rj5j7MPwf-booce_HRJmOjfxAEoWsKcCU2uGl7uog2IXJX8tMRvJw1SXxGOXbNVOGzxY-hoQS_baKxz_fN0Oz4S1sL9At-4JCmpp6eMbg&cry=1&dbm_d=AKAmf-AbDDQ6vwG-fLbHk99hujW7l27fu0e9aXIOlPjhlvhtD1FI6smtZRf0cz5C4HfvUEfcWKL-seB86ZjNq_f1_asO09Vbz0t8KcZcGR6xI9gd-pKV5fu64BKq3E9Dfg6jgEZLduTZ-Iie0a8BSWL2NsExcQqjwMlkid_0ininlEbiNBG0rT69LlVNDH70AneU5PIsF_2B27CvvTj4dnk6vOSR5WYc4xtelj1seLkbqaZiBL1w8cEgPjG8W2L33Ev6frMf-ipQFgtIZyRgWdluuDodfWL4Suh8jsVdrc3mqEgrhpW-7GXMI5vVPNX2MDPvu5B1KyOUMPf1L_2rerJwQTQ-NEpRlMNynEX9mjoJ_JXQLQQ7PIxfOkDamSswPFjSXGgnp2qtC4Y-NW34qrYhn87w6Wy99tHwE8t7D_W7hmIGTYj2z_VlxLmTgJSQhVMLYmE6y9wih5Fs72oR5Qr0r-CFGiEw2qgt_RaFofqzpLRUai8QFiULiBh8ry9ku8gqTscuPHCUL5uGRogT9yBCtJx9oHAskQo68VvlFfAo9g0GfRGoE0GeEe8TPkFKUe9L7OD92N8DpDzSznCyuSvHV5X2S6NBWJ1YzdtTO06H0FwMVyVDhGmhGJcOVwyi9yIzHQnJ2ZgA25HfUenzr-L20t42-enRpSqNfuLzCBO10bI8867MxH0iy5Y4J4mllwZeMBEKDAWIXve_VB5spm4NLceKcNAL21WkA0unGjEetAWUWMZVS7z-t80UMG7spdaXPBEHXi_AU-hdy1a3VIWOTA66lFKzBICQJnJN5qcC8q3BwwOBaIhSs9FakKh40ZOrooHl23y6UWXox3Y-WG9nm2ujugojqgG1bhWkklH7RAePgKFX3CQ3fyFZkHsrwBtF5t3cV6tFDa5SuwTrSaUcTMfzV6kBVS9iBSdR7AczCkbbQczP6-VUsSf3-lveQUhsrS7mR8LPGeDbzVKFiIxJGGGtNWulGeAQp5eV0_24wQBNkNADjWwlccFlXeOU5xpCpjO0F9HSzOFwsPo3EzfuDPQHavrCbsWky0isf7fUy_3YOxIvn59-jpzoyPDl9M_aGqrBKa-YjyWYuTlFYKKSawC-O93Sa5RakFM9gRRxc2NRsCxJfXbdiC_CG-Mpkdu5uH1E-R9by1qD3eEpOeEKhAJjVbmEMKMHzjXMH4VPLrVdKXwLWR5Nkd3TJ7G_HoLWZcMYTJ3ysZl30rW02yHjpwEtndHoSAM2aDxu84Z-UcG56OY42HKVyXoIS-jlnAmlcKlelD53UNIqC7WlGEa09i68UyC7ftU-CyY9GqOqeb1QKzJ6uGCzkgLK5MUb6O1MAZUAoTUUS-w3XSpN6H3rKqm17hC7geUDFdXzVSwBqeXZ7qoPGczPDGurOL6rwlwq-FdeOxc7_4h9tsYI655kFjiPFa0mXjLJnMepP6G0TblGqZUzP-ySfQmoE1zwis4aReAM4AQiIkHCYc4z3G0FCVa7X09e97Zeo-LU9vzMh5p7dYomByYTaySW8EM5HUcAJBVQyf8CGS36pNlahnJ3qEkxyP1DoEc_T-jOwV_8GX8E7z70izHMx6huinU247plbt8ernaRrT0CDwufHyDmsfY1aC0StLVoaYQQ3XyQGUhIalxsNyzutdYrx7nAhu6Dzk2_TqoLFegQRWVz9vhfTdF6r79qbJkOwbiTPQT8XBWspuSA7JVYffI9m2QypaBzg_MEj6vBMSZa_gheAnAZn1X0p5PuDFyq-w30nNlXdYx7AmZv6taE02bcAv9_Dm9__LM2TgwyCCMhqtw21YYEjZiiSaGDtdDqlxO8pAGQ81feFn7P7ZnHDdImZMcQvn3lRU2v3mgA5p5MlPyb8LtOUZg7bky_86wKpgEL152EfQD1ZxG6P9B3yYR0BvER01SJcj94A2OKdq8kP-skkxf8ZOnAklowdZYGqt9tobNZrm7MpOFmvvvHgURN3Ei97Ngx8GAC3Je0BHpOr7jFOkUtvT9R7ZruOnK_XoMGiODnJzKuWss6-yaC0fnWBUEXs58ln3BkIpc95oDsPSadYMhndmIZrkJnczheY_F7h7tCaKtIAoQasA6XjN0PyA25ON30GUYNx9Zf9bfQTqYWlnYUAwiGT5Kb_v6SH-VhU0bSIIUq4_3lpyAcFODu5dneMgRSG2cwSaQvISWjHWSl3c-jGqc8pj6G14l6BqxEdyT6y7ne575mXniZyDJfvUC6etHRvsMqnNs6yREZeKs7rYXSFApAGwKbifJkLgzYQHAMe4sTmiN5sO3eXZLL8Pb9_amkHLhQ2P7ppwKKSSamP1AnnBMxQys0XPERmfu-_qN9dSv_H4i1A-ytmmNZBv8M-btuJ9p6ky0e7HrO_8nxdLPDwxiAyPQDGDRCe63ky4hrR7sj3F8l2Hw3xC5YKe9avkTFStXpHkeXEe2RL2bQpj816IRlihJe2bMbkeSwiWA1wypgZUns1bUyt--kReGcu64-9PKrlB_ewzOkcMa2EvVqOU82eq0FIvWsDkioCtxEyX_2Rgw8Gi4lWQbd2IGEmQDEDr6xQVARyf8_FR4H6YZhzSB7KiyjUspB5Cr4mtycQB7mzi78P2p6wGq_lKNaqrPnkBuS_AdWdV3QAMbwBt9ILXfkhV34jawEcLQ_o9F0lzO7bQSX5VZvPO2ovyOEmJuNIhRaBHN6Sy2a87DeRN2kQgKTLyFGYVpukqszKsbbI0Qdf0Lljpr_Sn9BAKd2rQDPKGSdJ3ZeY-B1xkHxQd-YTcdRkUL7cZqjp6w0o20ziEzYFL_xY-ldC99BMs-ElznXkYz0ywizIeJXKKyNtCKFfzW-cAjl0kALGmKthkza3ydUZEI422R7-T7MdgA45mutcO4Z04Bv3_FfcLKMfWl_dAG2LtGogR8OTZQdoKSVXmnj-QSSi1T07eVzj1NZyH7JoFkhKNcMNSKSdRueHZyjdP3YxINPiS6OBAbllDFVsldOKsQKmPVK0Hp-ZfAujrzxjSPlT1sKW7RV58Lm0CXWGu_DKN62M78lh-ZdAZsa-OwPDqvTPI1b0KWPXrhAkjtP5F8FbcZzkHVgay6JJ82MclVD7Od0UYW3GX80E2icaSP1Ld8XUGbBotqBVbWRNeHo6TnFfmmY4S3l1lOHiYV5DcON6FG6aQ&cid=CAASEuRogimY2ep29ril1HGR0vRKAA&rfl=6%2Chttps%253A%252F%252Fwww.plurk.com%242%2C%2C%2C%2Chttps%253A%252F%252Fadx.doublemax.net%252F%240

Requested by

Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1cd40e649676648cb9d2ed3a17662aebbdd8aeedb13fcc653b9ee7e5972db8a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4126554779393986&output=html&h=100&slotname=2341765805&adk=1529688458&adf=647216822&pi=t.ma~as.2341765805&w=320&psa=0&format=320x100&url=https%3A%2F%2Fwww.plurk.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646429936191&bpp=3&bdt=73&idt=84&shv=r20220302&mjsv=m202203030101&ptt=9&saldr=aa&correlator=442955703065&frm=24&ife=1&pv=2&ga_vid=1783807923.1646429936&ga_sid=1646429936&ga_hid=339723509&ga_fc=0&nhd=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1218236473&scr_x=-12245933&scr_y=-12245933&eid=42531398%2C44750773%2C31065508%2C44758227%2C31064018&oid=2&pvsid=200926058602320&pem=86&tmod=616443495&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mh6zzu6w2gmq&fsb=1&dtd=97
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Mar 2022 21:38:56 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15763
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/ Frame DB50 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 18 Mar 2022 21:38:05 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DB50 124 KB
39 KB 42ms
18ms Script
text/javascript 2a00:1450:4001:829::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

6ded445534230fe3d1274bd48ed100b17ea890a65d5c0250172369a5b522f3ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38860
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646224922100600"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 04 Mar 2022 21:38:56 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/ Frame DB50 15 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d054377044014c1069958d9c610330164f05edbf091b2be9b6be60dc4f043494

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:36:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 149
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6417
x-xss-protection: 0
server: cafe
etag: 10598556267281433416
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 18 Mar 2022 21:36:27 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame DB50 0
0 15ms
15ms Image
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTBJQLRZE2qFSZMgqpw34oF0v8TtYOFxRJt4RjascgsHsxtGZ5J5bXVTkXdQPI87rsELo5DfnVWHzb-edGAeoArtcr3QQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4126554779393986&output=html&h=100&slotname=2341765805&adk=1529688458&adf=647216822&pi=t.ma~as.2341765805&w=320&psa=0&format=320x100&url=https%3A%2F%2Fwww.plurk.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646429936191&bpp=3&bdt=73&idt=84&shv=r20220302&mjsv=m202203030101&ptt=9&saldr=aa&correlator=442955703065&frm=24&ife=1&pv=2&ga_vid=1783807923.1646429936&ga_sid=1646429936&ga_hid=339723509&ga_fc=0&nhd=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1218236473&scr_x=-12245933&scr_y=-12245933&eid=42531398%2C44750773%2C31065508%2C44758227%2C31064018&oid=2&pvsid=200926058602320&pem=86&tmod=616443495&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mh6zzu6w2gmq&fsb=1&dtd=97
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame DB50 42 B
63 B 39ms
39ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BeRenQkt5Z7KwYNEKuThM-QZg3-mx9nOXDO4tP26vumVTKjpxML7PDOiVmoszT6YI8JJvD2OflHWEImbuMPpOYiGLTSWJPl95ZPujN_LgreXWhVbE

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Mar 2022 21:38:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5088
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEFJj61KwkTh3lF4cOwwKfM&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEFJj61KwkTh3lF4cOwwKfM&google_cver=1&C=1

43 B
894 B

25ms
25ms

Image
image/gif

2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEFJj61KwkTh3lF4cOwwKfM&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY_IGqXTAB&v=APEucNXNwUrTf5QSGoGrUjpEs5VzXLweR1o6tk53Wl8eQr1obLRi-fnw9a_No66HgTPgMfc90jkMHJh8lbkyWiTMr05x6WE5qvxY_-F8sIh2p8NHLR5AiG6Y8I0Ei5Rnn7Ym6o-qAb22hEvPTT03kCQlDI21W5ntF8SzxmRI7iOgIgdoSpUiogM
Protocol: HTTP/1.1
Server: 2.18.234.21 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 04 Mar 2022 21:38:56 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 04 Mar 2022 21:38:56 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 04 Mar 2022 21:38:56 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEFJj61KwkTh3lF4cOwwKfM&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Fri, 04 Mar 2022 21:38:56 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5088
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YiKG8EDtymRos62o6Wjs-wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEFJj61KwkTh3lF4cOwwKfM&google_cver=1

43 B
894 B

24ms
24ms

Image
image/gif

2.18.234.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEFJj61KwkTh3lF4cOwwKfM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY_IGqXTAB&v=APEucNXNwUrTf5QSGoGrUjpEs5VzXLweR1o6tk53Wl8eQr1obLRi-fnw9a_No66HgTPgMfc90jkMHJh8lbkyWiTMr05x6WE5qvxY_-F8sIh2p8NHLR5AiG6Y8I0Ei5Rnn7Ym6o-qAb22hEvPTT03kCQlDI21W5ntF8SzxmRI7iOgIgdoSpUiogM
Protocol: HTTP/1.1
Server: 2.18.234.21 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 04 Mar 2022 21:38:56 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 04 Mar 2022 21:38:56 GMT

Redirect headers

pragma: no-cache
date: Fri, 04 Mar 2022 21:38:56 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEFJj61KwkTh3lF4cOwwKfM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 5088
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEN7itp3hUr28GYOvoiJxvPI&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEN7itp3hUr28GYOvoiJxvPI%26google_cver%3D1

43 B
1 KB

17ms
16ms

Image
image/gif

37.252.172.37

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEN7itp3hUr28GYOvoiJxvPI%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY_IGqXTAB&v=APEucNXNwUrTf5QSGoGrUjpEs5VzXLweR1o6tk53Wl8eQr1obLRi-fnw9a_No66HgTPgMfc90jkMHJh8lbkyWiTMr05x6WE5qvxY_-F8sIh2p8NHLR5AiG6Y8I0Ei5Rnn7Ym6o-qAb22hEvPTT03kCQlDI21W5ntF8SzxmRI7iOgIgdoSpUiogM

Protocol

HTTP/1.1

Server

37.252.172.37 -, , ASN (),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 04 Mar 2022 21:38:56 GMT
X-Proxy-Origin: 193.27.14.20; 193.27.14.20; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: b1011bcf-8cf1-40c1-9e15-27ea71451b0d
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 04 Mar 2022 21:38:56 GMT
X-Proxy-Origin: 193.27.14.20; 193.27.14.20; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 257c8a15-2867-4bd8-b249-d6235a092062
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEN7itp3hUr28GYOvoiJxvPI%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5088
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzU4MzUyMjIwMDY0MTMwMDY0OA%3D%3D

170 B
188 B

27ms
27ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzU4MzUyMjIwMDY0MTMwMDY0OA%3D%3D

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Mar 2022 21:38:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 04 Mar 2022 21:38:56 GMT
X-Proxy-Origin: 193.27.14.20; 193.27.14.20; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 906a8360-7e65-4a5f-8276-7bc82df8c63b
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzU4MzUyMjIwMDY0MTMwMDY0OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220302/r20110914/ Frame DB50 25 KB
9 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220302/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A92bdNY5zx2zHwds7e6PoFTP7u3P55OGGncTzMwHmgmprZmo3L0Rj5j7MPwf-booce_HRJmOjfxAEoWsKcCU2uGl7uog2IXJX8tMRvJw1SXxGOXbNVOGzxY-hoQS_baKxz_fN0Oz4S1sL9At-4JCmpp6eMbg&cry=1&dbm_d=AKAmf-AbDDQ6vwG-fLbHk99hujW7l27fu0e9aXIOlPjhlvhtD1FI6smtZRf0cz5C4HfvUEfcWKL-seB86ZjNq_f1_asO09Vbz0t8KcZcGR6xI9gd-pKV5fu64BKq3E9Dfg6jgEZLduTZ-Iie0a8BSWL2NsExcQqjwMlkid_0ininlEbiNBG0rT69LlVNDH70AneU5PIsF_2B27CvvTj4dnk6vOSR5WYc4xtelj1seLkbqaZiBL1w8cEgPjG8W2L33Ev6frMf-ipQFgtIZyRgWdluuDodfWL4Suh8jsVdrc3mqEgrhpW-7GXMI5vVPNX2MDPvu5B1KyOUMPf1L_2rerJwQTQ-NEpRlMNynEX9mjoJ_JXQLQQ7PIxfOkDamSswPFjSXGgnp2qtC4Y-NW34qrYhn87w6Wy99tHwE8t7D_W7hmIGTYj2z_VlxLmTgJSQhVMLYmE6y9wih5Fs72oR5Qr0r-CFGiEw2qgt_RaFofqzpLRUai8QFiULiBh8ry9ku8gqTscuPHCUL5uGRogT9yBCtJx9oHAskQo68VvlFfAo9g0GfRGoE0GeEe8TPkFKUe9L7OD92N8DpDzSznCyuSvHV5X2S6NBWJ1YzdtTO06H0FwMVyVDhGmhGJcOVwyi9yIzHQnJ2ZgA25HfUenzr-L20t42-enRpSqNfuLzCBO10bI8867MxH0iy5Y4J4mllwZeMBEKDAWIXve_VB5spm4NLceKcNAL21WkA0unGjEetAWUWMZVS7z-t80UMG7spdaXPBEHXi_AU-hdy1a3VIWOTA66lFKzBICQJnJN5qcC8q3BwwOBaIhSs9FakKh40ZOrooHl23y6UWXox3Y-WG9nm2ujugojqgG1bhWkklH7RAePgKFX3CQ3fyFZkHsrwBtF5t3cV6tFDa5SuwTrSaUcTMfzV6kBVS9iBSdR7AczCkbbQczP6-VUsSf3-lveQUhsrS7mR8LPGeDbzVKFiIxJGGGtNWulGeAQp5eV0_24wQBNkNADjWwlccFlXeOU5xpCpjO0F9HSzOFwsPo3EzfuDPQHavrCbsWky0isf7fUy_3YOxIvn59-jpzoyPDl9M_aGqrBKa-YjyWYuTlFYKKSawC-O93Sa5RakFM9gRRxc2NRsCxJfXbdiC_CG-Mpkdu5uH1E-R9by1qD3eEpOeEKhAJjVbmEMKMHzjXMH4VPLrVdKXwLWR5Nkd3TJ7G_HoLWZcMYTJ3ysZl30rW02yHjpwEtndHoSAM2aDxu84Z-UcG56OY42HKVyXoIS-jlnAmlcKlelD53UNIqC7WlGEa09i68UyC7ftU-CyY9GqOqeb1QKzJ6uGCzkgLK5MUb6O1MAZUAoTUUS-w3XSpN6H3rKqm17hC7geUDFdXzVSwBqeXZ7qoPGczPDGurOL6rwlwq-FdeOxc7_4h9tsYI655kFjiPFa0mXjLJnMepP6G0TblGqZUzP-ySfQmoE1zwis4aReAM4AQiIkHCYc4z3G0FCVa7X09e97Zeo-LU9vzMh5p7dYomByYTaySW8EM5HUcAJBVQyf8CGS36pNlahnJ3qEkxyP1DoEc_T-jOwV_8GX8E7z70izHMx6huinU247plbt8ernaRrT0CDwufHyDmsfY1aC0StLVoaYQQ3XyQGUhIalxsNyzutdYrx7nAhu6Dzk2_TqoLFegQRWVz9vhfTdF6r79qbJkOwbiTPQT8XBWspuSA7JVYffI9m2QypaBzg_MEj6vBMSZa_gheAnAZn1X0p5PuDFyq-w30nNlXdYx7AmZv6taE02bcAv9_Dm9__LM2TgwyCCMhqtw21YYEjZiiSaGDtdDqlxO8pAGQ81feFn7P7ZnHDdImZMcQvn3lRU2v3mgA5p5MlPyb8LtOUZg7bky_86wKpgEL152EfQD1ZxG6P9B3yYR0BvER01SJcj94A2OKdq8kP-skkxf8ZOnAklowdZYGqt9tobNZrm7MpOFmvvvHgURN3Ei97Ngx8GAC3Je0BHpOr7jFOkUtvT9R7ZruOnK_XoMGiODnJzKuWss6-yaC0fnWBUEXs58ln3BkIpc95oDsPSadYMhndmIZrkJnczheY_F7h7tCaKtIAoQasA6XjN0PyA25ON30GUYNx9Zf9bfQTqYWlnYUAwiGT5Kb_v6SH-VhU0bSIIUq4_3lpyAcFODu5dneMgRSG2cwSaQvISWjHWSl3c-jGqc8pj6G14l6BqxEdyT6y7ne575mXniZyDJfvUC6etHRvsMqnNs6yREZeKs7rYXSFApAGwKbifJkLgzYQHAMe4sTmiN5sO3eXZLL8Pb9_amkHLhQ2P7ppwKKSSamP1AnnBMxQys0XPERmfu-_qN9dSv_H4i1A-ytmmNZBv8M-btuJ9p6ky0e7HrO_8nxdLPDwxiAyPQDGDRCe63ky4hrR7sj3F8l2Hw3xC5YKe9avkTFStXpHkeXEe2RL2bQpj816IRlihJe2bMbkeSwiWA1wypgZUns1bUyt--kReGcu64-9PKrlB_ewzOkcMa2EvVqOU82eq0FIvWsDkioCtxEyX_2Rgw8Gi4lWQbd2IGEmQDEDr6xQVARyf8_FR4H6YZhzSB7KiyjUspB5Cr4mtycQB7mzi78P2p6wGq_lKNaqrPnkBuS_AdWdV3QAMbwBt9ILXfkhV34jawEcLQ_o9F0lzO7bQSX5VZvPO2ovyOEmJuNIhRaBHN6Sy2a87DeRN2kQgKTLyFGYVpukqszKsbbI0Qdf0Lljpr_Sn9BAKd2rQDPKGSdJ3ZeY-B1xkHxQd-YTcdRkUL7cZqjp6w0o20ziEzYFL_xY-ldC99BMs-ElznXkYz0ywizIeJXKKyNtCKFfzW-cAjl0kALGmKthkza3ydUZEI422R7-T7MdgA45mutcO4Z04Bv3_FfcLKMfWl_dAG2LtGogR8OTZQdoKSVXmnj-QSSi1T07eVzj1NZyH7JoFkhKNcMNSKSdRueHZyjdP3YxINPiS6OBAbllDFVsldOKsQKmPVK0Hp-ZfAujrzxjSPlT1sKW7RV58Lm0CXWGu_DKN62M78lh-ZdAZsa-OwPDqvTPI1b0KWPXrhAkjtP5F8FbcZzkHVgay6JJ82MclVD7Od0UYW3GX80E2icaSP1Ld8XUGbBotqBVbWRNeHo6TnFfmmY4S3l1lOHiYV5DcON6FG6aQ&cid=CAASEuRogimY2ep29ril1HGR0vRKAA&rfl=6%2Chttps%253A%252F%252Fwww.plurk.com%242%2C%2C%2C%2Chttps%253A%252F%252Fadx.doublemax.net%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5421be34bc9ac3564a6daa35c769d13876e5fa7c4a5ed4892e9e8c65d31c1e27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9662
x-xss-protection: 0
server: cafe
etag: 2172778821077356944
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 18 Mar 2022 21:38:03 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame DB50 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 12:47:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31875
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Mar 2023 12:47:41 GMT

GET
H/1.1 200
OK kumirww3i0oj Show response
hal9000.redintelligence.net/zone/ Frame DB50 11 KB
4 KB 44ms
12ms Script
text/html 138.201.84.252

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/kumirww3i0oj?subid=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1u688IYiYrnnEpLa7_UP-qiU2AvdreioYM_qz-SfCvAuEAEg2p6BGmCV4pCCoAfIAQmpAgk1wegDTrI-qAMBqgThAU_QW7ZI5hPPIGLzHIG3EYu2tl9wWymaCaUum4sS1tUrYalWpI45OLRfk9rQWKwr8oVMFDQ9fazSQKSAEJJrEeW9slQe-708wND1ofbmko9Ww8ma7Y2yvBaayc0SKUNhhkOrltgjZZz0qHDbizugWb0v648fZ8EOAefayzluMQFf5S5jYuuV9YDY2bNCclUQge94c02fI3nEN2qdvT-JN_7r3FJTi9T0f1Wdkswag8A7Mmno1eI83PUG2sWMK_0DszL8NrY37jTgmlMC9yNKqevclRRUXGP0ukdkIyBci-YVEcAEzo67sZYC4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgfgAoBmAsByAsBgAwBsBOazegN0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRogimY2ep29ril1HGR0vRKAA%26sig%3DAOD64_3ezLuZHghjwwK2D0Lkli0mPuRXGw%26client%3Dca-pub-4126554779393986%26dbm_c%3DAKAmf-DxtnvGv-OI_jseQbEpwi7Z-xLJ7JykywQIddK631DS-ngWA9Y9K4IxxKYGETiOMRRHK0T-Au50aGk-aImwxbulJ5N-Dvv7GZeHjAelDVgtsfRewd4-SNn83MwZDO9M0rqYFRf_UD05rb4AqASEd0ztM5MDhw%26cry%3D1%26dbm_d%3DAKAmf-Chod_yAYrtqc5hi_P0soPWvdynQRT1JzmYmIBWdla8AWS4nJFkP3x4WGJyfQ7jsrnEgLkT9Bqk2YdPJUC_k9LBdbhdipqfSlxxwjW9Rdcra9FySxczxsfhm_0Eky45SD-zuFW5-ZbVa8D4882_Aw3IUZB-BTF_wilSC2sOfuiGEe7CbhT-pSLmFXSp--ku6T60L5cv2_cARjWC8VLaTdylMOgWAe-51TJzvqK7dOHHYHLkLsP5IRz_8XB06n0hZiOLeGKCRbXdoVsz7ZWuFVeRBVF_EFyszXOwmSDOhOt0rQRjkD1VNINTrJx_jOjntAKChziya0FQ5q07SK1F4d9TQVxiumJVRejKExQneI_wMBn3AvQ-74zkJI8KadlAAUiW4qq-mYXkRtqpqu8LKv59QwRl20MFOMWvD86eOHzE2FcxTaqLOHEzvmMztxR4_c9SELfj%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4126554779393986&output=html&h=100&slotname=2341765805&adk=1529688458&adf=647216822&pi=t.ma~as.2341765805&w=320&psa=0&format=320x100&url=https%3A%2F%2Fwww.plurk.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646429936191&bpp=3&bdt=73&idt=84&shv=r20220302&mjsv=m202203030101&ptt=9&saldr=aa&correlator=442955703065&frm=24&ife=1&pv=2&ga_vid=1783807923.1646429936&ga_sid=1646429936&ga_hid=339723509&ga_fc=0&nhd=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1218236473&scr_x=-12245933&scr_y=-12245933&eid=42531398%2C44750773%2C31065508%2C44758227%2C31064018&oid=2&pvsid=200926058602320&pem=86&tmod=616443495&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mh6zzu6w2gmq&fsb=1&dtd=97
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.252 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: ab4d2d5bb202ac19c33ddeaaacd12168af4bb4a48a5344b22ffca88f88c5d743

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 04 Mar 2022 21:38:56 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3886
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame E2ED 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 04 Mar 2022 12:47:41 GMT
expires: Sat, 04 Mar 2023 12:47:41 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 31875
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 wpnNdEHEE-H-HWkGYo82vcEULjX7WQfOj--jYhPbLdo.js Show response
pagead2.googlesyndication.com/bg/ Frame E2ED 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/wpnNdEHEE-H-HWkGYo82vcEULjX7WQfOj--jYhPbLdo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c299cd7441c413e1fe1d6906628f36bdc1142e35fb5907ce8fefa36213db2dda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 21:00:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 175129
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13712
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 02 Mar 2023 21:00:07 GMT

GET
H/1.1

200
OK

request.php Show response
hal900029.redintelligence.net/ Frame DB50
Redirect Chain

https://hal900029.redintelligence.net/request.php?zone=kumirww3i0oj&nw=20&renderingType=javascript&namespace=5c79a1fd71&subid=&uid=89a77bcfddbde180&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900029.redintelligence.net/request.php?zone=kumirww3i0oj&nw=20&renderingType=javascript&namespace=5c79a1fd71&subid=&uid=89a77bcfddbde180&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

2 KB
1 KB

110ms
88ms

Script
application/x-javascript

88.99.219.174

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900029.redintelligence.net/request.php?zone=kumirww3i0oj&nw=20&renderingType=javascript&namespace=5c79a1fd71&subid=&uid=89a77bcfddbde180&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=320x50&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1u688IYiYrnnEpLa7_UP-qiU2AvdreioYM_qz-SfCvAuEAEg2p6BGmCV4pCCoAfIAQmpAgk1wegDTrI-qAMBqgThAU_QW7ZI5hPPIGLzHIG3EYu2tl9wWymaCaUum4sS1tUrYalWpI45OLRfk9rQWKwr8oVMFDQ9fazSQKSAEJJrEeW9slQe-708wND1ofbmko9Ww8ma7Y2yvBaayc0SKUNhhkOrltgjZZz0qHDbizugWb0v648fZ8EOAefayzluMQFf5S5jYuuV9YDY2bNCclUQge94c02fI3nEN2qdvT-JN_7r3FJTi9T0f1Wdkswag8A7Mmno1eI83PUG2sWMK_0DszL8NrY37jTgmlMC9yNKqevclRRUXGP0ukdkIyBci-YVEcAEzo67sZYC4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgfgAoBmAsByAsBgAwBsBOazegN0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRogimY2ep29ril1HGR0vRKAA%26sig%3DAOD64_3ezLuZHghjwwK2D0Lkli0mPuRXGw%26client%3Dca-pub-4126554779393986%26dbm_c%3DAKAmf-DxtnvGv-OI_jseQbEpwi7Z-xLJ7JykywQIddK631DS-ngWA9Y9K4IxxKYGETiOMRRHK0T-Au50aGk-aImwxbulJ5N-Dvv7GZeHjAelDVgtsfRewd4-SNn83MwZDO9M0rqYFRf_UD05rb4AqASEd0ztM5MDhw%26cry%3D1%26dbm_d%3DAKAmf-Chod_yAYrtqc5hi_P0soPWvdynQRT1JzmYmIBWdla8AWS4nJFkP3x4WGJyfQ7jsrnEgLkT9Bqk2YdPJUC_k9LBdbhdipqfSlxxwjW9Rdcra9FySxczxsfhm_0Eky45SD-zuFW5-ZbVa8D4882_Aw3IUZB-BTF_wilSC2sOfuiGEe7CbhT-pSLmFXSp--ku6T60L5cv2_cARjWC8VLaTdylMOgWAe-51TJzvqK7dOHHYHLkLsP5IRz_8XB06n0hZiOLeGKCRbXdoVsz7ZWuFVeRBVF_EFyszXOwmSDOhOt0rQRjkD1VNINTrJx_jOjntAKChziya0FQ5q07SK1F4d9TQVxiumJVRejKExQneI_wMBn3AvQ-74zkJI8KadlAAUiW4qq-mYXkRtqpqu8LKv59QwRl20MFOMWvD86eOHzE2FcxTaqLOHEzvmMztxR4_c9SELfj%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4126554779393986%26output%3Dhtml%26h%3D100%26slotname%3D2341765805%26adk%3D1529688458%26adf%3D647216822%26pi%3Dt.ma~as.2341765805%26w%3D320%26psa%3D0%26format%3D320x100%26url%3Dhttps%253A%252F%252Fwww.plurk.com%252F%26ea%3D0%26flash%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.%26dt%3D1646429936191%26bpp%3D3%26bdt%3D73%26idt%3D84%26shv%3Dr20220302%26mjsv%3Dm202203030101%26ptt%3D9%26saldr%3Daa%26correlator%3D442955703065%26frm%3D24%26ife%3D1%26pv%3D2%26ga_vid%3D1783807923.1646429936%26ga_sid%3D1646429936%26ga_hid%3D339723509%26ga_fc%3D0%26nhd%3D4%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D-12245933%26ady%3D-12245933%26biw%3D-12245933%26bih%3D-12245933%26isw%3D320%26ish%3D100%26ifk%3D1218236473%26scr_x%3D-12245933%26scr_y%3D-12245933%26eid%3D42531398%252C44750773%252C31065508%252C44758227%252C31064018%26oid%3D2%26pvsid%3D200926058602320%26pem%3D86%26tmod%3D616443495%26uas%3D0%26nvt%3D1%26eae%3D2%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C320%252C100%26vis%3D1%26rsz%3D%257C%257CE%257C%26abl%3DCS%26pfx%3D0%26fu%3D4%26bc%3D31%26ifi%3D1%26uci%3D1.mh6zzu6w2gmq%26fsb%3D1%26dtd%3D97&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fadx.doublemax.net%2Chttps%3A%2F%2Fadx.doublemax.net%2Chttps%3A%2F%2Fadx.doublemax.net%2Chttps%3A%2F%2Fadx.doublemax.net%2Chttps%3A%2F%2Fwww.plurk.com&random=3924709444622&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4126554779393986&output=html&h=100&slotname=2341765805&adk=1529688458&adf=647216822&pi=t.ma~as.2341765805&w=320&psa=0&format=320x100&url=https%3A%2F%2Fwww.plurk.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646429936191&bpp=3&bdt=73&idt=84&shv=r20220302&mjsv=m202203030101&ptt=9&saldr=aa&correlator=442955703065&frm=24&ife=1&pv=2&ga_vid=1783807923.1646429936&ga_sid=1646429936&ga_hid=339723509&ga_fc=0&nhd=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1218236473&scr_x=-12245933&scr_y=-12245933&eid=42531398%2C44750773%2C31065508%2C44758227%2C31064018&oid=2&pvsid=200926058602320&pem=86&tmod=616443495&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mh6zzu6w2gmq&fsb=1&dtd=97
Protocol: HTTP/1.1
Server: 88.99.219.174 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: 30922d9f14cdfa815e1f98b089cf0d420343439cca909eeb51002242c2d7d4c5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 04 Mar 2022 21:38:56 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 35614700253553600757617011888029
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 892
Expires: Fri, 04 Mar 2022 21:38:56 +0100

Redirect headers

Pragma: no-cache
Date: Fri, 04 Mar 2022 21:38:56 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=kumirww3i0oj&nw=20&renderingType=javascript&namespace=5c79a1fd71&subid=&uid=89a77bcfddbde180&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=320x50&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1u688IYiYrnnEpLa7_UP-qiU2AvdreioYM_qz-SfCvAuEAEg2p6BGmCV4pCCoAfIAQmpAgk1wegDTrI-qAMBqgThAU_QW7ZI5hPPIGLzHIG3EYu2tl9wWymaCaUum4sS1tUrYalWpI45OLRfk9rQWKwr8oVMFDQ9fazSQKSAEJJrEeW9slQe-708wND1ofbmko9Ww8ma7Y2yvBaayc0SKUNhhkOrltgjZZz0qHDbizugWb0v648fZ8EOAefayzluMQFf5S5jYuuV9YDY2bNCclUQge94c02fI3nEN2qdvT-JN_7r3FJTi9T0f1Wdkswag8A7Mmno1eI83PUG2sWMK_0DszL8NrY37jTgmlMC9yNKqevclRRUXGP0ukdkIyBci-YVEcAEzo67sZYC4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgfgAoBmAsByAsBgAwBsBOazegN0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRogimY2ep29ril1HGR0vRKAA%26sig%3DAOD64_3ezLuZHghjwwK2D0Lkli0mPuRXGw%26client%3Dca-pub-4126554779393986%26dbm_c%3DAKAmf-DxtnvGv-OI_jseQbEpwi7Z-xLJ7JykywQIddK631DS-ngWA9Y9K4IxxKYGETiOMRRHK0T-Au50aGk-aImwxbulJ5N-Dvv7GZeHjAelDVgtsfRewd4-SNn83MwZDO9M0rqYFRf_UD05rb4AqASEd0ztM5MDhw%26cry%3D1%26dbm_d%3DAKAmf-Chod_yAYrtqc5hi_P0soPWvdynQRT1JzmYmIBWdla8AWS4nJFkP3x4WGJyfQ7jsrnEgLkT9Bqk2YdPJUC_k9LBdbhdipqfSlxxwjW9Rdcra9FySxczxsfhm_0Eky45SD-zuFW5-ZbVa8D4882_Aw3IUZB-BTF_wilSC2sOfuiGEe7CbhT-pSLmFXSp--ku6T60L5cv2_cARjWC8VLaTdylMOgWAe-51TJzvqK7dOHHYHLkLsP5IRz_8XB06n0hZiOLeGKCRbXdoVsz7ZWuFVeRBVF_EFyszXOwmSDOhOt0rQRjkD1VNINTrJx_jOjntAKChziya0FQ5q07SK1F4d9TQVxiumJVRejKExQneI_wMBn3AvQ-74zkJI8KadlAAUiW4qq-mYXkRtqpqu8LKv59QwRl20MFOMWvD86eOHzE2FcxTaqLOHEzvmMztxR4_c9SELfj%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4126554779393986%26output%3Dhtml%26h%3D100%26slotname%3D2341765805%26adk%3D1529688458%26adf%3D647216822%26pi%3Dt.ma~as.2341765805%26w%3D320%26psa%3D0%26format%3D320x100%26url%3Dhttps%253A%252F%252Fwww.plurk.com%252F%26ea%3D0%26flash%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.%26dt%3D1646429936191%26bpp%3D3%26bdt%3D73%26idt%3D84%26shv%3Dr20220302%26mjsv%3Dm202203030101%26ptt%3D9%26saldr%3Daa%26correlator%3D442955703065%26frm%3D24%26ife%3D1%26pv%3D2%26ga_vid%3D1783807923.1646429936%26ga_sid%3D1646429936%26ga_hid%3D339723509%26ga_fc%3D0%26nhd%3D4%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D-12245933%26ady%3D-12245933%26biw%3D-12245933%26bih%3D-12245933%26isw%3D320%26ish%3D100%26ifk%3D1218236473%26scr_x%3D-12245933%26scr_y%3D-12245933%26eid%3D42531398%252C44750773%252C31065508%252C44758227%252C31064018%26oid%3D2%26pvsid%3D200926058602320%26pem%3D86%26tmod%3D616443495%26uas%3D0%26nvt%3D1%26eae%3D2%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C320%252C100%26vis%3D1%26rsz%3D%257C%257CE%257C%26abl%3DCS%26pfx%3D0%26fu%3D4%26bc%3D31%26ifi%3D1%26uci%3D1.mh6zzu6w2gmq%26fsb%3D1%26dtd%3D97&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fadx.doublemax.net%2Chttps%3A%2F%2Fadx.doublemax.net%2Chttps%3A%2F%2Fadx.doublemax.net%2Chttps%3A%2F%2Fadx.doublemax.net%2Chttps%3A%2F%2Fwww.plurk.com&random=3924709444622&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Fri, 04 Mar 2022 21:38:56 +0100

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E2ED 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BpsXL8IYiYrLkHY-2gAee_KjYBgAAAAA4AeAEAg&bg=!rK-lr-vNAAb7UztL-1M7ACkAdvg8Wl21C4dobPBwiEXsF2nkzeF83DKwiFPzQTEoEdVIx1Eht0giLAIAAABWUgAAAAFoAQeZA040jeosVXWaOPrvQgExievvTfjcB9ImUfx1EsSHoRxm1P6Qeunc6pyx9fKNLj_ATddIhz6ASk96a6HX4ZE7mZj--jIBZtVYIA6FqAomhc6uWOtG473dEXql0bnDYlz8RkC8GElFgSSC22YMbszV8fzlzF9bLLzKg3nsDmb5iAKbbCgFJh9uqbMV2OaeeGzRZyOTXIePGj772wbt1AW1Cy6FZpTgv6oMZLSK9wOA1NQS23tj4IgvsMrOgdSz-k_QxipdlBM4oiiX7vRzLLEhkkHmj3qgvmlylRwkBNYr2mHH6Glxx_wSBOj5b0ZYDbaLncwOCgGkhIJwf0_bRziGM6X-xT34rT2krL44w8zzx9gpQPEO8XlwzbOOzvzbhPhLXoWypMx3Mf0AM1hQa2NkhD3B_2LQKXA3EJpN15xTECHYC6BdvhdFXxzLDHqFFH23FakBH1rW5WF8bPMaim4Ss4DQ742LDXydGNyx0iFW3pnw-M7ywsKX-c_vUnGmB0xExl-SCe2Y07v4gblro-U2az1xKUNR1B8n5BRAeJiS0vJ7IEDU76mxmJrUC1dg47A5g-0MUz5VyIYW0qYdQeLxXKuwGUVvL6cprUJn5dsQzzrLNWnpO8HtwHBM6dQW51xc728O4bmvjeJ_fyzikHL5Rrjhw-hWUm8SsrXe-cHZxADZfA-3gQiKq-5IbvRc_FdJFkTy3Pu5hRpz6HueY-ZQlQYlhwObH9-CN6XBOODMBXRPhQ0zCg69SylqggULFHf9jvMH4f395TxwwsZBQgoCSQ7bWynlVTbPuJFhGxK0AQPGWphnUjMp25My3bjOG6BN-v8RJSYCTnoNS9Snb-sWVfNHYwqSa5BXtcZbrj8AGr23263UrZDMQevpAD6Rc7Oir5psXCAsejCWM33P-WaL1Ug8OV_WRCecJWHGUPqCNmbOxtzIaB-94Svwh1mfN_shETMWqMHIL9IprczfTx5lI6IGTg7VnRL8-LhpentAb9NLns70pzL44eE1ffhv5wcchZR2Wl-75G_QNMfifuqwWolnZJZPHgiqH0o3P-U0ADYEQemjmjYXcfK0eDfHKr-i7-UdsJQDOMxJL4t63XZp1cNRVLvVP2lIu0TSia2JXY8

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Mar 2022 21:38:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

activityi;dc_pre=CMSsoby1rfYCFRxEHQkdAa4NJw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7417063435163.491 Show response
8019191.fls.doubleclick.net/ Frame 5EF9
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7417063435163.491?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CMSsoby1rfYCFRxEHQkdAa4NJw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7417063435163.491?

391 B
346 B

42ms
27ms

Document
text/html

142.250.185.166

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CMSsoby1rfYCFRxEHQkdAa4NJw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7417063435163.491?

Requested by

Host: www.plurk.com
URL: https://www.plurk.com/s/p/ohk7l6

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.166 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

734b73fd3c5ce74af6902625f299b7f69d9ec4d8045b0c133f23b1cdd736977f

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 04 Mar 2022 21:38:56 GMT
expires: Fri, 04 Mar 2022 21:38:56 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 323
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 04 Mar 2022 21:38:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CMSsoby1rfYCFRxEHQkdAa4NJw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7417063435163.491?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK request_content.php Show response
hal900029.redintelligence.net/ Frame A146 7 KB
3 KB 34ms
12ms Document
text/html 88.99.219.174

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900029.redintelligence.net/request_content.php?s=35614700253553600757617011888029&a=39fef953
Requested by: Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request.php?zone=kumirww3i0oj&nw=20&renderingType=javascript&namespace=5c79a1fd71&subid=&uid=89a77bcfddbde180&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=320x50&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1u688IYiYrnnEpLa7_UP-qiU2AvdreioYM_qz-SfCvAuEAEg2p6BGmCV4pCCoAfIAQmpAgk1wegDTrI-qAMBqgThAU_QW7ZI5hPPIGLzHIG3EYu2tl9wWymaCaUum4sS1tUrYalWpI45OLRfk9rQWKwr8oVMFDQ9fazSQKSAEJJrEeW9slQe-708wND1ofbmko9Ww8ma7Y2yvBaayc0SKUNhhkOrltgjZZz0qHDbizugWb0v648fZ8EOAefayzluMQFf5S5jYuuV9YDY2bNCclUQge94c02fI3nEN2qdvT-JN_7r3FJTi9T0f1Wdkswag8A7Mmno1eI83PUG2sWMK_0DszL8NrY37jTgmlMC9yNKqevclRRUXGP0ukdkIyBci-YVEcAEzo67sZYC4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgfgAoBmAsByAsBgAwBsBOazegN0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRogimY2ep29ril1HGR0vRKAA%26sig%3DAOD64_3ezLuZHghjwwK2D0Lkli0mPuRXGw%26client%3Dca-pub-4126554779393986%26dbm_c%3DAKAmf-DxtnvGv-OI_jseQbEpwi7Z-xLJ7JykywQIddK631DS-ngWA9Y9K4IxxKYGETiOMRRHK0T-Au50aGk-aImwxbulJ5N-Dvv7GZeHjAelDVgtsfRewd4-SNn83MwZDO9M0rqYFRf_UD05rb4AqASEd0ztM5MDhw%26cry%3D1%26dbm_d%3DAKAmf-Chod_yAYrtqc5hi_P0soPWvdynQRT1JzmYmIBWdla8AWS4nJFkP3x4WGJyfQ7jsrnEgLkT9Bqk2YdPJUC_k9LBdbhdipqfSlxxwjW9Rdcra9FySxczxsfhm_0Eky45SD-zuFW5-ZbVa8D4882_Aw3IUZB-BTF_wilSC2sOfuiGEe7CbhT-pSLmFXSp--ku6T60L5cv2_cARjWC8VLaTdylMOgWAe-51TJzvqK7dOHHYHLkLsP5IRz_8XB06n0hZiOLeGKCRbXdoVsz7ZWuFVeRBVF_EFyszXOwmSDOhOt0rQRjkD1VNINTrJx_jOjntAKChziya0FQ5q07SK1F4d9TQVxiumJVRejKExQneI_wMBn3AvQ-74zkJI8KadlAAUiW4qq-mYXkRtqpqu8LKv59QwRl20MFOMWvD86eOHzE2FcxTaqLOHEzvmMztxR4_c9SELfj%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4126554779393986%26output%3Dhtml%26h%3D100%26slotname%3D2341765805%26adk%3D1529688458%26adf%3D647216822%26pi%3Dt.ma~as.2341765805%26w%3D320%26psa%3D0%26format%3D320x100%26url%3Dhttps%253A%252F%252Fwww.plurk.com%252F%26ea%3D0%26flash%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.%26dt%3D1646429936191%26bpp%3D3%26bdt%3D73%26idt%3D84%26shv%3Dr20220302%26mjsv%3Dm202203030101%26ptt%3D9%26saldr%3Daa%26correlator%3D442955703065%26frm%3D24%26ife%3D1%26pv%3D2%26ga_vid%3D1783807923.1646429936%26ga_sid%3D1646429936%26ga_hid%3D339723509%26ga_fc%3D0%26nhd%3D4%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D-12245933%26ady%3D-12245933%26biw%3D-12245933%26bih%3D-12245933%26isw%3D320%26ish%3D100%26ifk%3D1218236473%26scr_x%3D-12245933%26scr_y%3D-12245933%26eid%3D42531398%252C44750773%252C31065508%252C44758227%252C31064018%26oid%3D2%26pvsid%3D200926058602320%26pem%3D86%26tmod%3D616443495%26uas%3D0%26nvt%3D1%26eae%3D2%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C320%252C100%26vis%3D1%26rsz%3D%257C%257CE%257C%26abl%3DCS%26pfx%3D0%26fu%3D4%26bc%3D31%26ifi%3D1%26uci%3D1.mh6zzu6w2gmq%26fsb%3D1%26dtd%3D97&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fadx.doublemax.net%2Chttps%3A%2F%2Fadx.doublemax.net%2Chttps%3A%2F%2Fadx.doublemax.net%2Chttps%3A%2F%2Fadx.doublemax.net%2Chttps%3A%2F%2Fwww.plurk.com&random=3924709444622&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: 350c5cb4dd838b0e175275324b98551ad7f273d55bea70dd77e8cfaa3dd33ddc

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

Date: Fri, 04 Mar 2022 21:38:56 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Fri, 04 Mar 2022 21:38:56 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2303
Connection: close
Content-Type: text/html; charset=utf-8

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame A6C9 1 KB
749 B 7ms
7ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Fri, 04 Mar 2022 05:53:44 GMT
expires: Sat, 05 Mar 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 56712
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame DB50 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6fd2ebd5bf1388b30eed1fb1d4e6b88f6af9266151f66ee249d1d5f9c6eb65f4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame A146 89 KB
90 KB 31ms
8ms Script
text/javascript 2a00:1450:4001:82f::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js

Requested by

Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request_content.php?s=35614700253553600757617011888029&a=39fef953

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900029.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 08:29:31 GMT
x-content-type-options: nosniff
age: 47365
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 91556
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Mar 2023 08:29:31 GMT

GET
H/1.1 200
OK office-320.jpg
cdn.contentspread.net/24i/advertiser/32995/creativesup/ Frame A146 19 KB
19 KB 56ms
13ms Image
image/jpeg 145.239.2.103

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/advertiser/32995/creativesup/office-320.jpg
Requested by: Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request_content.php?s=35614700253553600757617011888029&a=39fef953
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 145.239.2.103 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1c27476657b3842d8dec949b6ce5bc724f099bfa8f6f54ef5e31d8fb96aa50d6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900029.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 04 Mar 2022 21:38:56 GMT
Last-Modified: Tue, 11 Apr 2017 16:07:59 GMT
Server: nginx
ETag: "58ecff5f-4cfa"
Content-Type: image/jpeg
Connection: close
Accept-Ranges: bytes
Content-Length: 19706

GET
H2 200 dpixel
cms.quantserve.com/ Frame A6C9 35 B
464 B 26ms
8ms Image
image/gif 2620:116:800d:21:fcb8:22d2:d390:5f1b

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESECP8Nt0LO3HkEGN86_IQLV8&google_cver=1&google_push=AYg5qPLu0mZGcq8cykD14Jrk0iKYFRpyL74gc175bIm9Snz6LYWaaYN40sfA-LqWS-0uRgAUjCZV_APY9Ahdy71PtyZ6aZorTUppBA

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:fcb8:22d2:d390:5f1b -, , ASN (),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Mar 2022 21:38:56 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A6C9
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPLPr0h7frV7DsoloFTex-WxZOvFA2T0FlJpnQW...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWlLRzhBQUFCR01oMjJUcg&google_push=AYg5qPLPr0h7frV7DsoloFTex-WxZOvFA2T0FlJpnQWGNvbl8VdycZJGfzNAEf2bPViGSnd3LYKT0_d7nnB3B_as_rETGEavKzY7

170 B
188 B

18ms
18ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWlLRzhBQUFCR01oMjJUcg&google_push=AYg5qPLPr0h7frV7DsoloFTex-WxZOvFA2T0FlJpnQWGNvbl8VdycZJGfzNAEf2bPViGSnd3LYKT0_d7nnB3B_as_rETGEavKzY7

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Mar 2022 21:38:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWlLRzhBQUFCR01oMjJUcg&google_push=AYg5qPLPr0h7frV7DsoloFTex-WxZOvFA2T0FlJpnQWGNvbl8VdycZJGfzNAEf2bPViGSnd3LYKT0_d7nnB3B_as_rETGEavKzY7
Date: Fri, 04 Mar 2022 21:38:56 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A6C9
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEP0HTC7T3V7gEjmeJW3EJf4&google_cver=1&google_push=AYg5qPLQYFDLFehTb3v5_fBZ-QkFZ8gE6E0QC8eywEFJ67X2dmn7v1zq9RH8vnuSpAiH6_z8glPU8Kgt4eMdr-tsc420dNUZWL9DaA
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPLQYFDLFehTb3v5_fBZ-QkFZ8gE6E0QC8eywEFJ67X2dmn7v1zq9RH8vnuSpAiH6_z8glPU8Kgt4eMdr-tsc420dNUZWL9DaA&google_hm=Q0FFU0VQMEhUQzdUM1Y...

170 B
188 B

17ms
16ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPLQYFDLFehTb3v5_fBZ-QkFZ8gE6E0QC8eywEFJ67X2dmn7v1zq9RH8vnuSpAiH6_z8glPU8Kgt4eMdr-tsc420dNUZWL9DaA&google_hm=Q0FFU0VQMEhUQzdUM1Y3Z0VqbWVKVzNFSmY0

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Mar 2022 21:38:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 04 Mar 2022 21:38:56 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPLQYFDLFehTb3v5_fBZ-QkFZ8gE6E0QC8eywEFJ67X2dmn7v1zq9RH8vnuSpAiH6_z8glPU8Kgt4eMdr-tsc420dNUZWL9DaA&google_hm=Q0FFU0VQMEhUQzdUM1Y3Z0VqbWVKVzNFSmY0
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame A6C9 43 B
350 B 35ms
17ms Image
image/gif 35.227.252.103

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEJSCkVRK1ZaeLfLVgrzOsKA&google_cver=1&google_push=AYg5qPKo6MPNpujGNz3epzFsucFsgPMBlowvNaoDWxIF56FXldlF2CVnPYPRvEhc9YBrR-IZwzPf-mKxuDwGkq242rVl2tlqaHWLhA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4126554779393986&output=html&h=100&slotname=2341765805&adk=1529688458&adf=647216822&pi=t.ma~as.2341765805&w=320&psa=0&format=320x100&url=https%3A%2F%2Fwww.plurk.com%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646429936191&bpp=3&bdt=73&idt=84&shv=r20220302&mjsv=m202203030101&ptt=9&saldr=aa&correlator=442955703065&frm=24&ife=1&pv=2&ga_vid=1783807923.1646429936&ga_sid=1646429936&ga_hid=339723509&ga_fc=0&nhd=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=100&ifk=1218236473&scr_x=-12245933&scr_y=-12245933&eid=42531398%2C44750773%2C31065508%2C44758227%2C31064018&oid=2&pvsid=200926058602320&pem=86&tmod=616443495&uas=0&nvt=1&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C100&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mh6zzu6w2gmq&fsb=1&dtd=97
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 -, , ASN (),
Reverse DNS
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Mar 2022 21:38:55 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: ish24mv5icki604iqueheuctr2i02rpf

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A6C9
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=4Wm1erkIRtSNftP_V1CwBA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
17ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=4Wm1erkIRtSNftP_V1CwBA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLEHlR64mFdLlZVi5dcE0d4io6fe7W9gc8e9w7tQ0-Sr6cprouXvkhnRyD1moSBOo7Wa_6c1EOZ8QXA01JPeUcEwzD6sEtGZg

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Mar 2022 21:38:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=4Wm1erkIRtSNftP_V1CwBA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLEHlR64mFdLlZVi5dcE0d4io6fe7W9gc8e9w7tQ0-Sr6cprouXvkhnRyD1moSBOo7Wa_6c1EOZ8QXA01JPeUcEwzD6sEtGZg
date: Fri, 04 Mar 2022 21:38:54 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A6C9
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJtlttEFF8frW3sFvy27AiM&google_cver=1&google_push=AYg5qPKFSZRaka5jhDA0tOey7aGiVoUu-vVZHxxuV_gCFAhHVw6xXvnQZvCveq5CLjiW31c_e_Y...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBDWFZIU0QtMy1GNEY0&google_push=AYg5qPKFSZRaka5jhDA0tOey7aGiVoUu-vVZHxxuV_gCFAhHVw6xXvnQZvCveq5CLjiW31c_e_YZMMfiLweLAMRPoDlBkw0w-sjtLw

170 B
188 B

20ms
19ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBDWFZIU0QtMy1GNEY0&google_push=AYg5qPKFSZRaka5jhDA0tOey7aGiVoUu-vVZHxxuV_gCFAhHVw6xXvnQZvCveq5CLjiW31c_e_YZMMfiLweLAMRPoDlBkw0w-sjtLw

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Mar 2022 21:38:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBDWFZIU0QtMy1GNEY0&google_push=AYg5qPKFSZRaka5jhDA0tOey7aGiVoUu-vVZHxxuV_gCFAhHVw6xXvnQZvCveq5CLjiW31c_e_YZMMfiLweLAMRPoDlBkw0w-sjtLw
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame A6C9
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWz...

0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame A6C9 0
12 B 16ms
15ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JNjU_G2kzrwtOBjGxhbPhJzIS3fy7zPsrhT26httoq-DS-LP7teLZQG4maYyDrHhfbqA-_

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 21:38:56 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK viewability Show response
hal900029.redintelligence.net/ Frame A146 0
150 B 34ms
12ms Script
text/html 88.99.219.174

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900029.redintelligence.net/viewability?s=35614700253553600757617011888029&a=ec327ccb&vb=m
Requested by: Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request_content.php?s=35614700253553600757617011888029&a=39fef953
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900029.redintelligence.net/request_content.php?s=35614700253553600757617011888029&a=39fef953
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 04 Mar 2022 21:38:56 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame A146 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 dc_pre=CMSsoby1rfYCFRxEHQkdAa4NJw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7417063435163.491
adservice.google.com/ddm/fls/z/ Frame 5EF9 42 B
63 B 44ms
43ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CMSsoby1rfYCFRxEHQkdAa4NJw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7417063435163.491

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CMSsoby1rfYCFRxEHQkdAa4NJw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7417063435163.491?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Mar 2022 21:38:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FAB9 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220302&jk=200926058602320&bg=!YmGlYSXNAAb7UztL-1M7ACkAdvg8WtgaGDu9tr5ehHrhz6izENBXBV66-2NRuqWjUUPs2rhj4jOlzgIAAABEUgAAAANoAQcKAE9FHwFryPF8D4HlonWxx2RJ8_lrDY_BX1Y1cyoGnSxgaZo4-SsO2cGqDmvLKy_2Q0-_6Vy7_rbKOMSkGsIDf5iwH7uOu6zipVaWTjbjwTfDmQMEXKt0FVNLHdhDgN039ybAkb4qyFTEh6j8gr2WOQ7FRpGgEx3PhLJA7JEAut2dgeiNdYC7CBNBsmrtXNDuBJKgdlhqszjzy8GgOeTJVOZNYkuigoZhaNNzXe4W93KATv4Sif6wAVSmCx4KHQt38L7ANQMRc93ISMJaqI7tk0XIWkIAKp4OPoKnL3zo4a7UNlalGGFJ2JNGZvgWBTJGNez8HM8pNl_u_3DRpv9Dnv6UUNRTTEO0Vc71utA2o9s39NZ-Jiy3-OW1Tf0DMt7oPSDyvAqJZoCbel5kbczcH49x4H_O9UcJrop-y331bRdA-0KFSv5bixY8wmjwM06VcS5EaVUMDMePGMMUn6Iw5irBfrkFR-foCbrkKnXYmVEp58B3pCEyPyqRBDWu7gR3ZUETdNvbfNfNDrM9vi4iVrqEhjPeUZSEjds3szrnp5O-ad79KHwkzwZsQKV1uhmQVm9x_n8I5Be5A5XjScodO3TxEh3X01_rSC0m_wNU6xxo_k5PTGY8xWiq2J5Kb317d-ivb2u0OqL1B3TFsG2hOE8cW-KD_DPSA1mHY0_yBvPkInMVgSK4KqIb46vxeERYJXjVxwv237BGHPIDgM517x0-VlQbHXEQPHwsqlq1V6iQpARNPuondAfonSOHD5DSSZAzS4U67NDwP2aflpU3m9y5-YaqJkG8foUKNGrScYk7n77VDV3aq84HV8qlikJIlWdLaln4axXoShnVQL0Ffg1V0bR-DryqumGfVxK7gMhYeivtfv6RLHWNZ2yL2VlMA0yM43aaMxErAOL2tak8mIFysEr5uW7wiiaYOxkCAAcWBR1Bxa0yoB7vEwfYdEejSUZ5xLuc_EyIp-9ZLRMbjqbXoNppp3tK0TGg2KNgnljf4wV-76POz69Qqq0WNG28FD_6h_qrG4skVLAh3l9hz_i63Sx98L0ClgAmmLTOqm-Vhs-QWfXHNO9-IK8TTIofeMRvwJeX309h6FOmSpSv_5hWw5aWyXt26blj-HwK6AzDP7S6L7Wwbg

Requested by

Host: adx.doublemax.net
URL: https://adx.doublemax.net/tos_zone/pb_adg/BE77D3724B83BD26CABB6D6269ED3AD.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adx.doublemax.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Mar 2022 21:38:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame DB50 42 B
64 B 42ms
41ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstdpWLrZMXQnjorDG6Ll4fOyV35nST2NPrqVTsu82cjyWLjPjHhue5z76gSwp0L40W9TLVDG6ssMMjy-c8TC5W1VJUyhjRFh8J89jIj&sai=AMfl-YSDvrdlFZH59xsoQPZB-EJjABR8UJiZojiY96ypVWuHoOndQoe1JU85BKulDYSUh_rYO7rx38_US61SputEw3xT4Z8QIE7C2bA&sig=Cg0ArKJSzBajwSjVADGMEAE&cid=CAASEuRogimY2ep29ril1HGR0vRKAA&id=lidar2&mcvt=1000&p=0,0,50,320&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220302&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1529688458&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1646429936465&rpt=409&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Mar 2022 21:38:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900029.redintelligence.net/ Frame A146 0
150 B 35ms
12ms Script
text/html 88.99.219.174

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900029.redintelligence.net/viewability?s=35614700253553600757617011888029&a=ec327ccb&vb=v
Requested by: Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request_content.php?s=35614700253553600757617011888029&a=39fef953
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900029.redintelligence.net/request_content.php?s=35614700253553600757617011888029&a=39fef953
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 04 Mar 2022 21:38:57 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sync.aralego.com
URL: https://sync.aralego.com/idsync?ucf_nid=dsp-AE38A6E4BB372DE1838A748E89487D9&ucf_user_id=y-ClIvh2pE2oVvMB1S.S81zxxqH0eWRwCK536O9SM-~A&redirect=

Domain: fcm.holmesmind.com
URL: https://fcm.holmesmind.com/cm.php

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWzS_IPoEMZH_jOqVv8hjIRETBJ8i43VsIVAGSz8axeOhStQlnqm5rQavNUY1dbF0F

Verdicts & Comments Add Verdict or Comment

205 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.plurk.com/	1970-01-20 18:51:41	Name: _ga Value: GA1.2.1496114140.1646429932
.plurk.com/	1970-01-20 01:21:56	Name: _gid Value: GA1.2.1505610525.1646429932
.plurk.com/	1970-01-20 01:20:29	Name: _gat Value: 1
.plurk.com/	1970-01-20 10:42:05	Name: __gads Value: ID=29bf348a7199659f-2234a23654cd00e4:T=1646429932:RT=1646429932:S=ALNI_MbuJiNzrLBWGMa_cump79eGpBBfwQ
.doubleclick.net/	1970-01-20 10:42:05	Name: IDE Value: AHWqTUlJvY-eyIv81V7KsMX14-T4MdQH2E9H7-2Ggu5jWcdrBlPUgTAA_lurKK_C
.aralego.com/	1970-01-20 10:06:05	Name: sspid Value: efd8abdb-be81-361f-95d4-aed59e62fa8d
.criteo.com/	1970-01-20 10:42:05	Name: uid Value: 42e842c3-f5cf-4679-93e8-98914a516d40
.holmesmind.com/	1970-01-23 16:57:27	Name: P Value: 322495-PAEmC5xJ5DK6vjcDtVYPeH0t6dvvD4Wc
.holmesmind.com/	1970-01-20 01:41:37	Name: Vision Value: 20220305-23:59,20220305-08,20220305-08,20220305-23:59
.holmesmind.com/	1970-01-20 01:41:37	Name: C Value: null
.holmesmind.com/	1970-01-20 03:45:27	Name: RK Value: null
.yahoo.com/	1970-01-20 10:06:27	Name: A3 Value: d=AQABBO6GImICEMFx58j01Iv3JZT9A4GjYnkFEgEBAQHYI2IsYgAAAAAA_eMAAA&S=AQAAAp3E1bXKts79ToPHrlLd-dk
.adsrvr.org/	1970-01-20 10:06:05	Name: TDID Value: 984a52c7-8b0e-46a4-b79e-1482309806f5
.adsrvr.org/	1970-01-20 10:06:05	Name: TDCPM Value: CAEYBSABKAIyCwjs_u7Vw4y_OhAFOAE.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YiKG8EDtymRos62o6Wjs_wAABFEAAAAB&google_cver=1&google_gid=CAESEGvaxCpY9LaiUmkRVqNVfKc&google_push=AYg5qPKClSSgrx4dLBYCEbrzEQtWDyZOp-oWzS_IPoEMZH_jOqVv8hjIRETBJ8i43VsIVAGSz8axeOhStQlnqm5rQavNUY1dbF0F Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0b4e3218-27fe-4f62-8bd9-1895f482d711.t.ssp.hinet.net
8019191.fls.doubleclick.net
ad.holmesmind.com
ad.sitemaji.com
adcdn.holmesmind.com
ads.aralego.com
adservice.google.com
adservice.google.de
adx.doublemax.net
ajax.googleapis.com
banner-cfnetwork.cdn.hinet.net
c.holmesmind.com
cdn.aralego.net
cdn.contentspread.net
cdn.doublemax.net
cdn.holmesmind.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
cms.quantserve.com
d.agkn.com
dsum-sec.casalemedia.com
f996d5254144482816c9e2170e0f41eb.safeframe.googlesyndication.com
fcm.holmesmind.com
fp.holmesmind.com
googleads.g.doubleclick.net
gum.criteo.com
hal9000.redintelligence.net
hal900029.redintelligence.net
ib.adnxs.com
image6.pubmatic.com
mug.criteo.com
pagead2.googlesyndication.com
partner.googleadservices.com
partnerads-test.ysm.yahoo.net
pixel.everesttech.net
pixel.rubiconproject.com
prebid.scupio.com
rtb.openx.net
s.plurk.com
s.yimg.com
search.yahoo.com
securepubads.g.doubleclick.net
ssl.sitemaji.com
static.cloudflareinsights.com
static.criteo.net
stats.g.doubleclick.net
sync.aralego.com
t.ssp.hinet.net
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
www.plurk.com
cm.g.doubleclick.net
fcm.holmesmind.com
sync.aralego.com
138.201.84.252
142.250.181.226
142.250.185.166
143.204.98.24
145.239.2.103
162.210.196.208
178.250.2.146
18.156.47.94
185.64.190.78
199.115.117.82
2.18.234.21
202.39.67.6
203.75.214.136
210.59.219.181
2600:9000:2156:ba00:3:1794:2540:93a1
2600:9000:2156:fc00:0:e06c:e940:93a1
2606:4700:20::681a:567
2606:4700::6810:135e
2606:4700::6810:5e41
2606:4700::6811:4603
2620:116:800d:21:fcb8:22d2:d390:5f1b
2a00:1288:110:c104::2000
2a00:1288:80:807::1
2a00:1288:80:807::2
2a00:1450:4001:801::2004
2a00:1450:4001:803::2002
2a00:1450:4001:810::200e
2a00:1450:4001:813::2001
2a00:1450:4001:813::2003
2a00:1450:4001:828::2002
2a00:1450:4001:829::2002
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::200a
2a00:1450:4001:830::2002
2a00:1450:400c:c00::9b
2a02:2638:1::13
2a02:2638::3
34.117.219.39
34.246.234.200
35.186.215.140
35.201.76.93
35.227.252.103
35.74.202.76
37.252.172.37
60.199.208.47
69.173.144.138
88.99.219.174
002885d15671018d6cbea9225dc9ece35a412108c16c533924d127bcc8e8bfdf
01e21072b14dc21636c6628ec067fb736bb919c21d80609aeb04c79ac497f6ac
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bc44ea79e71bea23b78759ad6113a2106a0708b2db4988b73f47f3aa10f78fb
0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c
10d53438d4b557efa56f09a0c75c3818d4de40d4bf4f7d7d7cc77c1215c69fab
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1419b8b18e2084e1d79ca111dba4eb9ea7dd22171029e13467e77d90c3f1a06e
15eb44d26f736a4a625736e93a080257b8914784fd0b8a77878e6200a30e81b3
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1a1ceef0848eb5ea2c816e56c35b6be9fcee9295c976ac5b0da03d4552d9ac4b
1be00e223b2840fe8ac2d3a1aec0cf757088dd68f53a92275d0e1db6cb9afced
1c27476657b3842d8dec949b6ce5bc724f099bfa8f6f54ef5e31d8fb96aa50d6
1cd40e649676648cb9d2ed3a17662aebbdd8aeedb13fcc653b9ee7e5972db8a5
28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c
2ac46ebee46d515be86deeba385b4e41f8cff160364b362c9a6e153df327c66b
2b393bb3b10ebc669e26880f42307f502cc8a84ed0e0b873c4155de8b8639cbf
2dc9a1c2111185e85b712bba38d54be78740cc9ae1a128a0a8393e37767d81ae
2de335471454b2f56f418e6541d1092c7ca57c5a3d4b4fa5d91854619a8db2a7
2ebbf30515140a4fa1821db868cd5b1aea24817adedae62d5c14460f40ed5797
30922d9f14cdfa815e1f98b089cf0d420343439cca909eeb51002242c2d7d4c5
34e4cb1ce70d09f8c7dcdf9c43aa48a03276686cb06a4005f6e4f90ebb39d5ce
350c5cb4dd838b0e175275324b98551ad7f273d55bea70dd77e8cfaa3dd33ddc
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
36a7d95f2760a813f3e782dfc125ea786174d581d6f6f896021d6994e9514bd6
3c1689999e0f76f3d79780d4e560ef986b8815e46201a6ac7fb9ca4986c83e20
3c4d88296b5dd03d4df0d978de460b9601712e8b19f1d2ad1e10ccde78b6d8e6
47a20e81ebd7dbf6e6b87e350b031dfbaaa06b15e4137b6e2aa1dba7ae2b2b34
49b1ba1312a38d4f154f76841671a2db2f915dce9a2fcfa82aa8a6e77f4e3b1a
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5421be34bc9ac3564a6daa35c769d13876e5fa7c4a5ed4892e9e8c65d31c1e27
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
59934b022f8f857c9300596acc28a888acb7ac4ecb41a0491bf4f9c082e648fc
5dd23c7c73fb83fbbfacf3276327d384befab7ad420d5d7a5a2869ad7c6e0154
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6282e2d79780ff7c065f165959b3742f6b7a93fd2b2b46f66ff456c500713b94
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
6ded445534230fe3d1274bd48ed100b17ea890a65d5c0250172369a5b522f3ba
6e59e0546d2f88f3db083b7327a803fc7b010494fd51611e0352dba207c34d97
6fd2ebd5bf1388b30eed1fb1d4e6b88f6af9266151f66ee249d1d5f9c6eb65f4
6fd9a6d94cfe2fb18fde93679990e94458d2b12240ec6338b82f1c29977899d9
734b73fd3c5ce74af6902625f299b7f69d9ec4d8045b0c133f23b1cdd736977f
7ea014dbd2141838e64f839656dd6eec7e513ebac16b0b811430b3a81b777a58
7eeb74dd1718eca39c953fc6368ac6772954493dffe9aa998991e46d7e1b3296
814b5fc8ccdcfc829bff4c7a4d273a3c26eda0b49d53ae80ccffc509abb52989
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834
8eb77b6a3db49c1cc3904f868005225a0d9a2807dcdde5ec43c8f7088019ce6d
9056f089c4c55beff6a4c0fe7a33e08b6eb83b0954952231567660f763fd5fca
96211dcf381cb7d33a171d3f44890c7958772bf76529366146790c421c1b71eb
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9aa8ff5b91ae38018f8328431ec7e616b2a991a7e753788c72d3eeec3c5d62a0
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7f8dcf6328e94e8304b4330252551b90af1cb90e0cc7cac822c29038b9edee8
aa74fa265058380095577551c1db6e7eb3850ceeac5b939c18d0b2c708d6aab6
ab4d2d5bb202ac19c33ddeaaacd12168af4bb4a48a5344b22ffca88f88c5d743
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b269686665f369d6a39ec17e7c8b957a22d81753a3107d3eb1f8c74f4be2b8b3
b41d3866f039d722abc2f2abf5c97e4b511797010de632d46ae951d637e76602
b5daee428c074e27f87706721e92466d005c5a1aa2054d8fc8d6df1540a2b3d1
b7717e8aac788320fba2bd09a938d2c50163d91a621848f5ff666a2994d324aa
bd6144f41e66f40d562892973d95e1fbae3a0526848f5884d7181c9c1d95a5d1
c03c604cd89b4ab78da516a6271fbc1b4027e9d232ee55e09e0f43e49e2c169b
c299cd7441c413e1fe1d6906628f36bdc1142e35fb5907ce8fefa36213db2dda
c8b74257b6c6791a5ef4781054a6ba2f45e9d331b0b269a4392d931d8c2c4272
d054377044014c1069958d9c610330164f05edbf091b2be9b6be60dc4f043494
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc
ddc3d7fd84b25937658d568be562c0ec631a928afe3c8eafd476234a15c08bab
e2db1774aabd2443e6c741954f5e1071912a7a99f6e4151bc83d342554976d32
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e51a7e6710418fa43758820b5791171303d7e460a69ba4b5b849119aff4e1054
eb9bfe773bdbe4b3fcab275086c32a32ce9185470860c9eacc6dc4f0f541a51b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f16b269ab4b9d2d962d8ec3831bf0f5c94a2ce7d29d182126d8a012e2c9c2876
f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032
f408ea8d108fb46b0ec7612b384c10211e19f6a21592b34a042751697f4249cf
f51d5a26f08b3538d0c01d40e10d7a9063a9637c6bddcbf67717fde45b66dffb
f83acabfc2fa358f1e411196ddd964570fb2c2378cb68b2a7c98f2ec5628c308
f859a10c966183e294a531f3dcd134d01620b17539e43e07d6ba9bab76d8e6b1
f9fc6f74a83a6175dafc1007c4c7f2e7b27c90b898a78c6f9703dd0deec3c7ea
fa4e782ea40343766d7e3fb3abb3617cc2fc1cb8b3ad6804fea38e988e8cc019
fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818
fc928186135ad735396e1c1f433c0a3665a7fede0886338ce36a670578c81c90
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

www.plurk.com Open in urlscan Pro 2606:4700::6811:4603 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

140 Requests

89 %HTTPS

50 %IPv6

33 Domains

54 Subdomains

45 IPs

8 Countries

1266 kBTransfer

3168 kBSize

14 Cookies

1 Outgoing links

Redirected requests

140 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

www.plurk.com Open in urlscan Pro
2606:4700::6811:4603 Public Scan

Screenshot
Live screenshot

Full Image

140
Requests

89 %
HTTPS

50 %
IPv6

33
Domains

54
Subdomains

45
IPs

8
Countries

1266 kB
Transfer

3168 kB
Size

14
Cookies

140 HTTP transactions
2 data transactions