karasu-os.com Open in urlscan Pro
18.159.80.129 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://karasu-os.com/SurpriseGuest?character=Leviathan
Submission: On November 25 via manual (November 25th 2021, 6:33:11 pm UTC) from GB — Scanned from GB

Summary HTTP 143 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 33 IPs in 3 countries across 21 domains to perform 143 HTTP transactions. The main IP is 18.159.80.129, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is karasu-os.com.
TLS certificate: Issued by R3 on November 8th 2021. Valid for: 3 months.

This is the only time karasu-os.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
63	18.159.80.129 18.159.80.129	16509 (AMAZON-02) (AMAZON-02)
4	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3036::ac43:a1d1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
1	2600:9000:225... 2600:9000:2250:ea00:2:cb38:840:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2620:116:800d... 2620:116:800d:21:51e4:db4b:4436:b305	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
1	18.66.112.53 18.66.112.53	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1	2600:9000:223... 2600:9000:223f:e200:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	13.32.121.116 13.32.121.116	16509 (AMAZON-02) (AMAZON-02)
1	13.32.121.127 13.32.121.127	16509 (AMAZON-02) (AMAZON-02)
1	54.78.108.238 54.78.108.238	16509 (AMAZON-02) (AMAZON-02)
1	18.66.112.15 18.66.112.15	16509 (AMAZON-02) (AMAZON-02)
14	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	74.125.133.156 74.125.133.156	15169 (GOOGLE) (GOOGLE)
1	13.32.121.5 13.32.121.5	16509 (AMAZON-02) (AMAZON-02)
6 8	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
6 10	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
4 6	37.252.172.45 37.252.172.45	29990 (ASN-APPNEX) (ASN-APPNEX)
2	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2006	15169 (GOOGLE) (GOOGLE)
1	209.197.3.19 209.197.3.19	20446 (HIGHWINDS3) (HIGHWINDS3)
3	2.18.232.99 2.18.232.99	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2.18.235.40 2.18.235.40	16625 (AKAMAI-AS) (AKAMAI-AS)
3	13.32.121.29 13.32.121.29	16509 (AMAZON-02) (AMAZON-02)
143	33

63 18.159.80.129 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

karasu-os.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::ac43:a1d1 (United States)

ASN13335 (CLOUDFLARENET, US)

go.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:ea00:2:cb38:840:93a1 (United States)

ASN16509 (AMAZON-02, US)

go.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:51e4:db4b:4436:b305 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.53 (United States)

ASN16509 (AMAZON-02, US)

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:e200:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.121.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-116.fra60.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.121.127 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-127.fra60.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.78.108.238 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-108-238.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.15 (United States)

ASN16509 (AMAZON-02, US)

vc.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.133.156 (United States)

ASN15169 (GOOGLE, US)
PTR: wo-in-f156.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.121.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-5.fra60.r.cloudfront.net

choices.truste.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.185.194 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2.18.234.21 (Frankfurt am Main, Germany) 6 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 37.252.172.45 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.197.3.19 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: vip0x013.map2.ssl.hwcdn.net

servedby.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.232.99 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-99.deploy.static.akamaitechnologies.com

cdn.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.235.40 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
px.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.32.121.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-29.fra60.r.cloudfront.net

choices.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
63	karasu-os.com karasu-os.com	523 KB
27	googlesyndication.com 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	154 KB
19	doubleclick.net 6 redirects securepubads.g.doubleclick.net googleads.g.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net	204 KB
10	casalemedia.com 6 redirects dsum-sec.casalemedia.com	9 KB
6	adnxs.com 4 redirects ib.adnxs.com	6 KB
4	flashtalking.com servedby.flashtalking.com cdn.flashtalking.com secure.flashtalking.com	58 KB
4	google.com adservice.google.com www.google.com	2 KB
4	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com	64 KB
3	trustarc.com choices.trustarc.com	15 KB
3	moatads.com z.moatads.com px.moatads.com	102 KB
3	google-analytics.com www.google-analytics.com	20 KB
2	googletagservices.com www.googletagservices.com	73 KB
2	quantserve.com secure.quantserve.com pixel.quantserve.com	10 KB
2	googletagmanager.com www.googletagmanager.com	110 KB
1	2mdn.net s0.2mdn.net	17 KB
1	truste.com choices.truste.com	10 KB
1	hotjar.io vc.hotjar.io	256 B
1	quantcount.com rules.quantcount.com	429 B
1	google.co.uk adservice.google.co.uk	792 B
1	ezoic.net go.ezoic.net	2 KB
1	ezodn.com go.ezodn.com	93 KB
143	21

	Domain	Requested by
63	karasu-os.com	karasu-os.com
14	pagead2.googlesyndication.com	securepubads.g.doubleclick.net 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net bid.g.doubleclick.net www.googletagservices.com
10	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
10	tpc.googlesyndication.com	securepubads.g.doubleclick.net 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net
8	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
6	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
4	googleads.g.doubleclick.net	4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com karasu-os.com
4	securepubads.g.doubleclick.net	karasu-os.com securepubads.g.doubleclick.net
3	choices.trustarc.com	choices.truste.com
3	www.google.com	4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com tpc.googlesyndication.com
3	4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	px.moatads.com	4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
2	cdn.flashtalking.com	servedby.flashtalking.com 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
2	googleads4.g.doubleclick.net	bid.g.doubleclick.net
2	www.googletagservices.com	4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
2	www.googletagmanager.com	karasu-os.com www.googletagmanager.com
1	secure.flashtalking.com	4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
1	z.moatads.com	cdn.flashtalking.com
1	servedby.flashtalking.com	4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
1	s0.2mdn.net	4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
1	choices.truste.com	4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
1	bid.g.doubleclick.net	4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
1	vc.hotjar.io	script.hotjar.com
1	in.hotjar.com	script.hotjar.com
1	pixel.quantserve.com	karasu-os.com
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	rules.quantcount.com	secure.quantserve.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.co.uk	securepubads.g.doubleclick.net
1	static.hotjar.com	www.googletagmanager.com
1	secure.quantserve.com	karasu-os.com
1	go.ezoic.net	karasu-os.com
1	go.ezodn.com	karasu-os.com
143	35

This site contains links to these domains. Also see Links.

Domain
silktide.com
www.ezoic.com
shallwedate.jp
www.facebook.com
twitter.com
www.instagram.com
obey-me.fandom.com
www.reddit.com
discord.gg

Subject Issuer	Validity	Valid
karasu-os.com R3	`2021-11-08` - `2022-02-06`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-05` - `2022-07-04`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.ezoic.net Amazon	`2021-02-15` - `2022-03-16`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh
*.google.co.uk GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.hotjar.io Amazon	`2021-08-17` - `2022-09-15`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.truste.com Amazon	`2021-02-16` - `2022-03-17`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
servedby.flashtalking.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-04` - `2022-02-22`	a year	crt.sh
cdn.flashtalking.com DigiCert SHA2 Secure Server CA	`2021-05-25` - `2022-06-02`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-01-21` - `2022-01-25`	a year	crt.sh
*.trustarc.com Go Daddy Secure Certificate Authority - G2	`2020-05-21` - `2022-07-17`	2 years	crt.sh

This page contains 11 frames:

Primary Page: https://karasu-os.com/SurpriseGuest?character=Leviathan
Frame ID: 4A070F51B711DF5C9803F56B654387D1
Requests: 95 HTTP requests in this frame

Frame: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 859B7116E6804ECFD1BA5E6B2BC527AB
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-ad575b5823df97fc9725e14a57070642.html
Frame ID: 9D266A87E0D06AE5ECFD550A183D419B
Requests: 1 HTTP requests in this frame

Frame: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9FCE18EACBFF4EC4EA52167148A53E90
Requests: 20 HTTP requests in this frame

Frame: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 78350D868AB88B06918A1D36C07C9D18
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPwBENm9sbICGNqCxroBMAE&v=APEucNXl8J2akf2wqIqTtuFexWKG6oDF7ZjKCWQIuF7KkJhoVQL61I-lSMxl-kjjxCOsHuRqrgX3hp3EDVpQ-27aFcYmNQqpsBog0Qla1K8I2VHMsu8zEVxHIHLACBa3nkwVnujOqXDyNNJ_ccjKPte231vunfkdW5uMV-Z-GGhTs-xudFGtl26Ef_ZpPy2sqIKDazAjQuX2KWyV0GESJgYuZUgGSpd3OA
Frame ID: 52752231158D7707033D40F6571D71E3
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDryqX-Ahj15va5ATAB&v=APEucNVT5DRcFtbGlGgG2F4fgaoymC6DqvBzxZoXdzp7UMWlnrUrzgq7-lyi5mG4ZSF-uywZo3q4m2GS6-cgYDtOPkAul_D6FrdvFZNMqByGlkSuel73bt_MFv0QGw-tNFOHy8JkebaoPt3yP-JLtfNgvO-wyK4ZXlYNHQci4rxw_CJKI301iVrZu8AUKCoonIMSijL5pcRB_sVqu6up6J_4YxElWwpQGA
Frame ID: 9E8E7F353E5230F585C13286FD2A0DCB
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 232E0254DC3F3DBF0AC8B3E97F7AD421
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B35495AB1E8C71405140C0F041AF1BD3
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C421735B2355D5FE4BB7A88AE0972AE0
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 7982ACFB9737A5245AFBA2AE749D58FD
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Surprise Guest | Obey Me! Resources (fan-made) | Karasu-OS.com

Page Statistics

143
Requests

94 %
HTTPS

47 %
IPv6

21
Domains

35
Subdomains

33
IPs

3
Countries

1462 kB
Transfer

4241 kB
Size

37
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: http://silktide.com/cookieconsent
Title: Cookie Consent plugin for the EU cookie law

Search URL Search Domain Scan URL

URL: https://www.ezoic.com/what-is-ezoic/

Search URL Search Domain Scan URL

URL: https://shallwedate.jp/obeyme/en/
Title: Official Website

Search URL Search Domain Scan URL

URL: https://www.facebook.com/obeyme.solmare/
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/ObeyMeOfficial1
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.instagram.com/obey_me_official/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://obey-me.fandom.com/
Title: Fandom Wiki

Search URL Search Domain Scan URL

URL: https://www.reddit.com/r/obeyme/
Title: Subreddit

Search URL Search Domain Scan URL

URL: https://twitter.com/karasu_os
Title: Twitter

Search URL Search Domain Scan URL

URL: https://discord.gg/Y3KMW7U
Title: Discord

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 100

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVKQlh8FsnBO1cZ-MZt5pE&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVKQlh8FsnBO1cZ-MZt5pE&google_cver=1&C=1

Request Chain 101

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YZ-W4qO4dV4VSk160euHkwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVKQlh8FsnBO1cZ-MZt5pE&google_cver=1

Request Chain 102

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESED83WagK0ZGdkfW24SQXbtk&google_cver=1

Request Chain 103

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM3ODEyMjY4OTE1NDE0NDk2OQ%3D%3D

Request Chain 106

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVKQlh8FsnBO1cZ-MZt5pE&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVKQlh8FsnBO1cZ-MZt5pE&google_cver=1&C=1

Request Chain 107

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YZ-W4pXeFBPRixs2gyDW3AAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVKQlh8FsnBO1cZ-MZt5pE&google_cver=1

Request Chain 108

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESED83WagK0ZGdkfW24SQXbtk&google_cver=1

Request Chain 109

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM3ODEyMjY4OTE1NDE0NDk2OQ%3D%3D

143 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request SurpriseGuest Show response
karasu-os.com/ 406 KB
28 KB 404ms
294ms Document
text/html 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

0b8d430fb281c111a2e9a8842ec12376e7a214f36d1d3fd8f9d7f18e1ae08c69

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9

Response headers

cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Thu, 25 Nov 2021 18:33:04 GMT
display: pub_site_sol
etag: W/"4323a-OCqXNhrQYfkM9nCaofv1Yf9KclY-gzip"
expect-ct: max-age=0
expires: Wed, 24 Nov 2021 18:33:04 GMT
pagespeed: off
referrer-policy: no-referrer
response: 200
server: nginx
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-ezoic-cdn: Hit ds;ds;045ce681cde48faa6428df1cbfd263f7;2-213290-123;21f67ace-bc6b-4a00-7b22-37462be07e20
x-frame-options: SAMEORIGIN
x-middleton-display: pub_site_sol
x-middleton-response: 200
x-origin-cache-control
x-permitted-cross-domain-policies: none
x-sol: pub_site
x-xss-protection: 0

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 77 KB
27 KB 157ms
56ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

71c6ea85dba250b22bc1baaa084572f76dcbb99cb2779e5a603aa867717889a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1054 / 264 of 1000 / last-modified: 1637708722"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26863
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 25 Nov 2021 18:33:05 GMT

GET
H2 200 dall.js Show response
go.ezodn.com/hb/ 315 KB
93 KB 817ms
332ms Script
application/javascript 2606:4700:3036::ac43:a1d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/hb/dall.js?b=adyoulike,criteo,oftmedia,onemobile,onetag,sharethrough,smilewanted,yahoossp,yieldmo&cb=195-0-31
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:a1d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 63872e8829a1e6e3ffb6bc93e24a9bdec0c2033e8559f6e5dcc76a3d5bb75a1f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 25 Nov 2021 18:33:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y3%2F3baCudjW%2FZTTStWzlLhTFczWgt1woPVAXHJzPh6t69%2F54fEKCsDYXm13wXVItMdlKiKqOO%2FoShulsaQqHp3VMY%2BTuxjcg0m8TwPQdihrhxm6sQv6Xrw5%2BRyd0xKgnz8mS7BBz33Z3Eb4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b3cf6a1fc7109cc-GIG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 bootstrap.min.css
karasu-os.com/stylesheets/ 158 KB
21 KB 98ms
96ms Stylesheet
text/css 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://karasu-os.com/stylesheets/bootstrap.min.css

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

0c5ed985fdbddc027124d4e6879ce1a1860832cda85e2b517c18d8fbd2fffc06

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;dbaa80f4affee4b96174c33fe8e50b0a;2-213290-123;5541f11d-1a28-4d32-7ca3-bde9c6fb033f
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"278e1-17cfb8bf7f6-gzip"
x-sol: orig
x-permitted-cross-domain-policies: none
display: staticcontent_sol, orig_site_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Sun, 07 Nov 2021 17:57:06 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=864000
content-type: text/css; charset=UTF-8
x-content-type-options: nosniff

GET
H2 200 theme.css
karasu-os.com/stylesheets/ 32 KB
5 KB 56ms
54ms Stylesheet
text/css 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://karasu-os.com/stylesheets/theme.css

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

86b9e05e81cb69d85f0097f7dd695ad5b70ca11af4f90b326529f6c9116cf89b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;0b900751946a57e8758d780954a4513e;2-213290-123;469ce824-b618-46b3-7b2b-823a2bfee368
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"8043-179fc643be0-gzip"
x-sol: orig
x-permitted-cross-domain-policies: none
display: staticcontent_sol, orig_site_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=864000
content-type: text/css; charset=UTF-8
x-content-type-options: nosniff

GET
H2 200 style.css
karasu-os.com/stylesheets/ 2 KB
852 B 63ms
62ms Stylesheet
text/css 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://karasu-os.com/stylesheets/style.css

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

8cc4f27f499efc784c71d850f178782c1bc56201fffd07946310059a8aa1b950

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;9b6cf76cab91e702682f719212913811;2-213290-123;41162a39-d423-499b-4212-19f7fc0cc0a8
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"747-17cfb8bf7fa-gzip"
x-sol: orig
x-permitted-cross-domain-policies: none
display: staticcontent_sol, orig_site_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
content-length: 691
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Sun, 07 Nov 2021 17:57:06 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=864000
content-type: text/css; charset=UTF-8
x-content-type-options: nosniff

GET
H2 200 ads-loader.js Show response
karasu-os.com/javascripts/ 22 B
321 B 53ms
52ms Script
application/javascript 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://karasu-os.com/javascripts/ads-loader.js

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

7d1c62db72640e9a75188363d762ffee84ea49027f533ce5d8ef96c1e1f68438

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;53d8cb2f40f3e1ef4fbfea38dcd0b299;2-213290-123;1bbc711b-e44e-4852-7aa6-e0c365de8ea6
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"16-17d34a981d5-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
content-length: 26
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Thu, 18 Nov 2021 20:07:43 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=864000
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff

GET
H2 200 jquery-3.6.0.min.js Show response
karasu-os.com/javascripts/ 87 KB
30 KB 95ms
95ms Script
application/javascript 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://karasu-os.com/javascripts/jquery-3.6.0.min.js

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;283acd2eb9899784d58eb66202cea628;2-213290-123;a2b0c582-bea8-4582-5669-94ccac566388
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"15d9d-17cfb8bf7f6-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Sun, 07 Nov 2021 17:57:06 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=864000
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff

GET
H2 200 bootstrap.bundle.min.js Show response
karasu-os.com/javascripts/ 81 KB
21 KB 66ms
66ms Script
application/javascript 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://karasu-os.com/javascripts/bootstrap.bundle.min.js

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

7e02c082fedfc821a8a51fe004dab6896dd928876a21ccac8675142c2e2f7b1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;58b07c623b40456ea2d4cfbf9eefe8f2;2-213290-123;b479ea1c-15b5-4f73-44e7-fe61a91dadf8
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"14535-17cfb8bf7f6-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Sun, 07 Nov 2021 17:57:06 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=864000
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff

GET
H2 200 commonFunctions.js Show response
karasu-os.com/javascripts/ 4 KB
1 KB 64ms
63ms Script
application/javascript 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://karasu-os.com/javascripts/commonFunctions.js

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

161d7ac3ff2ce474be423e9805121d9ebe5d837c71c313bc992d2066714187c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;9aeab384194083a6b1f0089be8267bae;2-213290-123;dd19d25d-226e-4243-48e7-27e12706aa2e
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"e70-17c4885c793-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
content-length: 1294
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Sun, 03 Oct 2021 23:38:19 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=864000
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff

GET
H2 200 spg.css
karasu-os.com/stylesheets/ 2 KB
732 B 60ms
59ms Stylesheet
text/css 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://karasu-os.com/stylesheets/spg.css

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

6155f483e669cac2ea164fb576d75fbc96ac6f2f3c854d8d32857abb0f675c64

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;5f8bfeeb9079bbb1a8d2180e4fac7fc8;2-213290-123;d2ccbc91-82ec-4187-416b-0f80ef407ba7
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"8ed-17d358855da-gzip"
x-sol: orig
x-permitted-cross-domain-policies: none
display: staticcontent_sol, orig_site_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
content-length: 571
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Fri, 19 Nov 2021 00:11:07 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=864000
content-type: text/css; charset=UTF-8
x-content-type-options: nosniff

GET
H2 200 surpriseGuestFunctions.js Show response
karasu-os.com/javascripts/ 3 KB
899 B 57ms
56ms Script
application/javascript 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://karasu-os.com/javascripts/surpriseGuestFunctions.js

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

161f60d8b9844e5107a17a00f6f4e2a17c2eb853987525004a3552610ad96ebe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;b2b0dbb5efc7b7a6d8372e64bfd320b3;2-213290-123;7d426aa8-2418-4013-57a3-66d64eb0c2b1
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"b7b-17d34a981d5-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
content-length: 761
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Thu, 18 Nov 2021 20:07:43 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=864000
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff

GET
H2 200 cookieconsent.min.js Show response
karasu-os.com/ezoic/ 4 KB
2 KB 45ms
45ms Script
application/javascript 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://karasu-os.com/ezoic/cookieconsent.min.js
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
etag: "11a4-5c701b9c2cf40-gzip"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
accept-ranges: bytes
x-robots-tag: noindex
content-length: 1707
expires: Fri, 25 Nov 2022 18:33:05 GMT

GET
H2 200 banger.js Show response
karasu-os.com/porpoiseant/ 53 KB
12 KB 49ms
48ms Script
application/javascript 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://karasu-os.com/porpoiseant/banger.js?cb=195-0&bv=86&v=57&PageSpeed=off
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: c2cbd9a562b178f361680d07aa8a444e0a5a2d7e660723f4662ae707e832eb62

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 135 KB
50 KB 158ms
66ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TQRDPDG

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d2ad65934316905fefc98007a689f3fc16f55efaa06d0dda6909e8717be7805e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50783
x-xss-protection: 0
last-modified: Thu, 25 Nov 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 25 Nov 2021 18:33:05 GMT

GET
H2 200 cmbv2.js Show response
karasu-os.com/detroitchicago/ 80 KB
23 KB 59ms
59ms Script
application/javascript 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://karasu-os.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1d-5y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1dx1fx51
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e63df77239dbe9656857991236cc1e8dd5f889e6b5660b106a31d47abcb4bd88

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public, max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 background_sheep.jpg
karasu-os.com/images/ 176 KB
111 KB 84ms
83ms Image
image/jpeg 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/background_sheep.jpg

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/stylesheets/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

8a85fbef256a60b92234a630aefea901884f785a996833fb5ea9711832845c04

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;2b68d48f05b96e1604a6c6b420873c34;2-213290-123;ae9c12eb-116a-49e9-5800-7786482fd407
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"2be3e-17a4ebba250-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/jpeg
x-content-type-options: nosniff

GET
H2 200 Nunito-Regular.ttf
karasu-os.com/fonts/ 149 KB
65 KB 73ms
73ms Font
application/x-font-ttf 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://karasu-os.com/fonts/Nunito-Regular.ttf

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/stylesheets/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

9e2747806c4a30f0d4f39596a13dd97dc5484b96845d945d90b300e1bbdebc72

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
Origin: https://karasu-os.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;e7ea00eb0e9eaa0e028c95758bf8443d;2-213290-123;ffdf2a2d-2f51-4c8f-5a41-0ce81362ceeb
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"25564-17cfb8bf7f6-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-max-age: 1728000
access-control-allow-methods: POST, GET, OPTIONS
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Sun, 07 Nov 2021 17:57:06 GMT
server: nginx
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
content-language: en
access-control-allow-origin: https://karasu-os.com
x-download-options: noopen
cache-control: public, max-age=864000
content-type: application/x-font-ttf
x-content-type-options: nosniff

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 22f181a715673cb0c19a426d1b0f8d05950ebf34b6c224a0c0cfc4092bcd0fc9

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bbd3e5220e9eda0e6982e9b3e3c1c3168e9c26e43a3b6662ace2f03dde6e217d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a5bf767bcfa8f33e1e1c35556b7b84c02424fa522e6dd4d7dccc1d71e1bd5d20

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7012ef4488d486afbb1635d839cca3fcec9ad7c85c89fb3d63ed17e036fc8cc0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 ezcl.webp Show response
karasu-os.com/utilcave_com/inc/ 1 KB
1 KB 79ms
78ms Script
application/javascript 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://karasu-os.com/utilcave_com/inc/ezcl.webp?cb=4
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1c5ad2fd42dffdf04a0f1d757c1cccb4d840218d7ecada79d6cc9db33ca40319

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
x-sol: middleton
server: nginx
display: staticcontent_sol
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: staticcontent_sol
cache-control: max-age=86400
content-length: 605

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 457bb5d23d7a3589819b4e450ace2c09798a5ca70645866bef887aff462fd1d7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 houston.js Show response
karasu-os.com/detroitchicago/ 4 KB
1 KB 65ms
64ms Script
application/javascript 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://karasu-os.com/detroitchicago/houston.js?gcb=0&cb=16
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a89057208861e739c4ea6ea2e1126afd5b41c89f22548e5afeb74b7c71614777

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 1351

GET
DATA 200
OK truncated
/ 134 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 93ee19994358156fbbe3bcbb748f51b8d5bd6199ff589f8955eaacfa59d5cb2c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 ezoic.png
go.ezoic.net/utilcave_com/img/ 1 KB
2 KB 170ms
40ms Image
image/png 2600:9000:2250:ea00:2:cb38:840:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go.ezoic.net/utilcave_com/img/ezoic.png
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:ea00:2:cb38:840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e1a156c3daa4ae0c41f21ef266131ca5a34d56695e3d860b232da142ef031234

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 07:27:28 GMT
via: 1.1 1aa52a2a71a599aaf6b3df3a9c53b268.cloudfront.net (CloudFront)
x-sol: middleton
age: 299137
x-cache: Hit from cloudfront
x-middleton-display: staticcontent_sol
content-length: 1181
x-amz-cf-id: KXNu2Qb5G4rqh0XO1Ne1fEUndjtitEVp-6efU8JFazu1S_jlFvNJXA==
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
etag: "49d-5bd497273b080-gzip-gzip"
vary: Accept-Encoding,Accept-Encoding
content-type: image/png
cache-control: max-age=604800
x-amz-cf-pop: FRA60-P2
display: staticcontent_sol
expires: Mon, 29 Nov 2021 07:27:28 GMT

GET
DATA 200
OK truncated
/ 116 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7482b6eaa9a50729dc26bd9c4f1b37063f6f2706e340f9f7cce9e98dd68231eb

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 168 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b87fbf1b2b78214eeaaafbaee7521c2c8c5c221082f0535394aa60e020cdc4f7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 pubads_impl_2021111601.js Show response
securepubads.g.doubleclick.net/gpt/ 344 KB
116 KB 51ms
50ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118471
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 09:34:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 25 Nov 2021 18:33:05 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 70 B
97 B 99ms
49ms XHR
application/json 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=karasu-os.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

05587675f2a11c33a30439283781b2cc70cea980807c759b314b9b1b4e42703c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 72
x-xss-protection: 0
expires: Thu, 25 Nov 2021 18:33:05 GMT

GET
H2 200 nmash.js
karasu-os.com/porpoiseant/ 24 KB
6 KB 46ms
45ms Other
application/javascript 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://karasu-os.com/porpoiseant/nmash.js?v=86
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d86923070cdd3b26c384dfb89877b54c56cc30ebcaca4b9ef0fefeb935d5c7ef

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
last-modified: Thu, 25 Nov 2021 07:25:23 GMT
server: nginx
etag: "6083-5d197e0b18982;5c701b9c2cf40-gzip"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
accept-ranges: bytes
x-robots-tag: noindex

GET
H2 200 imp.gif Show response
karasu-os.com/detroitchicago/ 43 B
159 B 46ms
45ms XHR
image/gif 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://karasu-os.com/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A1%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A2%2C%22ad_load_version%22%3A1%2C%22ad_location_ids%22%3A%222%2C4%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A2%2C%22bidder_method%22%3A1%2C%22bidder_version%22%3A1%2C%22city%22%3A%22Manchester%22%2C%22country%22%3A%22GB%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A2%2C%22domain_id%22%3A213290%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A2%2C%22ezcache_skip_code%22%3A0%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A1%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A30%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A1%2C%22page_ad_positions%22%3A%221109%2C1122%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%22672b2df3-a80b-46cc-781f-d58c118f0083%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%22M40%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A275002%2C%22response_time_orig%22%3A100%2C%22serverid%22%3A%223.124.188.27%3A8167%22%2C%22state%22%3A%22MAN%22%2C%22sub_page_ad_positions%22%3A%221109%2C1122%22%2C%22t_epoch%22%3A1637865184%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fkarasu-os.com%2FSurpriseGuest%3Fcharacter%3DLeviathan%22%2C%22user_id%22%3A0%2C%22word_count%22%3A6956%2C%22worst_bad_word_level%22%3A0%7D
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1d-5y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1dx1fx51
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
x-middleton-display: imp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 24 Nov 2021 18:33:08 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
10 KB 155ms
46ms Script
application/javascript 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1d-5y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1dx1fx51
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: gzip
etag: "FMCWFRCBdbNj8Eh2c0G78Q=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Thu, 02 Dec 2021 18:33:05 GMT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/webp

GET
H2 200 cmbdv2.js Show response
karasu-os.com/detroitchicago/ 43 KB
10 KB 61ms
61ms Script
application/javascript 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://karasu-os.com/detroitchicago/cmbdv2.js?gcb=195-0&cb=03-5y0c-5y18-4&cmbcb=20&sj=x03x0cx18
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 632893d6d9d049c0767de0bc8b6a1d8a70dae1b80096b0beaf9c8e3d9f55c032

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public, max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 Lucifer.png
karasu-os.com/images/faces/ 20 KB
7 KB 56ms
51ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/faces/Lucifer.png

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

6d7385451b13d96bd984368e23b81e138c24d6fb1014f7602ac09577b9dc10f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;7f609953c0861281bddaf35fc7f946b0;2-213290-123;681addd0-5acd-417c-6df3-24f7be7ccf76
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"4e1a-1767c39145f-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

GET
H2 200 Mammon.png
karasu-os.com/images/faces/ 20 KB
7 KB 66ms
61ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/faces/Mammon.png

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

c5edfcadeedf8858bed4553c9ae71b05469fd8d526db5d2f3798bf8d0e2c16bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;a17bf88dc34af11b712fab0c14177e9d;2-213290-123;87fe9f99-a6d4-4cbe-6c79-18086dc59d42
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"5058-1767c39145f-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

GET
H2 200 Leviathan.png
karasu-os.com/images/faces/ 20 KB
7 KB 56ms
51ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/faces/Leviathan.png

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

3a533687f94ef278c8ff3d8a1ce06e715ddc35ae22c99acf08e3b2ef00bae638

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;66c09470a200a2a5b27828f0dbe0fd7f;2-213290-123;d22e8ee4-21e5-403f-53bd-6f6991a4614e
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"4fbb-1767c39145f-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

GET
H2 200 Satan.png
karasu-os.com/images/faces/ 20 KB
7 KB 66ms
62ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/faces/Satan.png

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

da7d4078e0beeebbc945883b951a821f6df0cb84b56531eef2c2cdec4bc0a2e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;129acc4d750f86fbd227ca8ee16f8c83;2-213290-123;9c74d071-8120-4a75-6492-1b2594fba052
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"50fc-1767c39145f-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

GET
H2 200 Asmodeus.png
karasu-os.com/images/faces/ 20 KB
7 KB 56ms
52ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/faces/Asmodeus.png

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

e9d138498972b3c74e912822a6965c07052fe81473e347f523760b35ff58576c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;bf901445c1813d13fbc71a89a0f9fc20;2-213290-123;7c4e3fec-7bfd-4f3f-64fc-d0f46fca30c1
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"513a-1767c39145b-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

GET
H2 200 Beelzebub.png
karasu-os.com/images/faces/ 21 KB
8 KB 60ms
56ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/faces/Beelzebub.png

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

d42e40233ab335376bdd0259b667d2393077d1d51e8d75c2a1519caae50abe87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;605ba04ca329288e2f7945e34c887ee6;2-213290-123;c013c499-87cc-467e-659e-3f68673f7595
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"537e-1767c39145b-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

GET
H2 200 Belphegor.png
karasu-os.com/images/faces/ 20 KB
7 KB 62ms
59ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/faces/Belphegor.png

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

874e22be5cec83f9e295c0b4ba49e78183a4368022b41eb0ebbbe45b8c8a9aee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;74514bec2292b163edf2a877127cd60d;2-213290-123;25f3cb20-9845-41b1-5e71-062cf9e933b1
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"51cd-1767c39145b-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

GET
H2 200 Diavolo.png
karasu-os.com/images/faces/ 21 KB
8 KB 63ms
60ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/faces/Diavolo.png

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

3bc1ccf2e07729b8504bb436649897e6e4a67eb184505f455652414b74dabd2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;08ddb688d37f12d3310ca51d66a71981;2-213290-123;8a8a78d2-7148-4413-75a9-c361e35c6ea6
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"54e4-1767c39145b-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

GET
H2 200 Barbatos.png
karasu-os.com/images/faces/ 23 KB
10 KB 75ms
72ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/faces/Barbatos.png

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

182cbf643e6f9288daf45ee98cefba9f20152d66e528ed012c56917aaedc6497

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;6007a8fe55332b2be2bb2b684d3efc08;2-213290-123;f69a0c9f-e008-4349-60bd-38483a177695
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"5b7e-1767c39145b-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

GET
H2 200 Luke.png
karasu-os.com/images/faces/ 23 KB
10 KB 116ms
114ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/faces/Luke.png

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

e649d66d5268b408dec7fc74fd4e10043d5be5b1a2abf00ebb12a084ea7344e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;3bd2cd30ef48b31f5b74b23bae7661e2;2-213290-123;96fbac94-e953-4730-470d-67b63200e09b
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"5cfa-1767c39145f-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

GET
H2 200 cl.gif
karasu-os.com/detroitchicago/ 43 B
100 B 45ms
43ms Image
image/gif 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://karasu-os.com/detroitchicago/cl.gif?pvID=672b2df3-a80b-46cc-781f-d58c118f0083&dID=213290
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
x-middleton-display: imp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 24 Nov 2021 18:33:04 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 163 KB
60 KB 107ms
58ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-2ZDH6YNWJQ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TQRDPDG

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

01b21e7b538ca070ec1619551b93425b2295a4116bafbb8a3f568d71e7fbb877

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61728
x-xss-protection: 0
expires: Thu, 25 Nov 2021 18:33:05 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 131ms
41ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TQRDPDG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 3482
date: Thu, 25 Nov 2021 17:35:03 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 25 Nov 2021 19:35:03 GMT

GET
H2 200 hotjar-2235794.js Show response
static.hotjar.com/c/ 4 KB
2 KB 223ms
79ms Script
application/javascript 18.66.112.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2235794.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TQRDPDG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

414f9dd4146ab98a0d5f9747f14da7db3587c132f5176f19d6e4611355bba6d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P5
x-cache-hit: 1
etag: W/598fcd9b98c9549e98a7a85ba966ca9e
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
content-length: 1901
via: 1.1 7be6cb2d0156b563b6b1c8f2595ddd53.cloudfront.net (CloudFront)
x-amz-cf-id: gZVXdEusn28zOBemJK_Xq7F6QvgEQE1h-T9KZvc5FoMSOr4genkDMQ==

GET
H2 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
792 B 185ms
51ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=karasu-os.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 152ms
52ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=karasu-os.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 41 KB
15 KB 527ms
527ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3778379792744397&correlator=2711091913579208&output=ldjh&impl=fifs&eid=31063810%2C44752541&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211125&iu_parts=1254144%2Ckarasu_os_com-box-3%2Ckarasu_os_com-medrectangle-1&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=728x90%2C320x50%7C250x250%7C300x250%7C320x100%7C970x90%7C180x150%7C970x250%7C125x125%7C234x60%7C728x90%7C320x50%7C468x60%7C120x240%7C200x200&fluid=0%2Cheight&prev_scp=a%3D%257C1%257C%26iid1%3D695070647041468%26eid%3D695070647041468%26t%3D134%26d%3D213290%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26as%3Drevenue%26plat%3D1%26bra%3Dmod11-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D2%26al%3D1002%26compid%3D0%26tap%3Dkarasu_os_com-box-3-695070647041468%26eb_br%3De29f69dd468d31a5514dc9b5587ce757%26eba%3D1%26asau%3D7572582426%26bv%3D0%26bvm%3D1%26bvr%3D6%26shp%3D1%26ftsn%3D3%26br1%3D16%26br2%3D8%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D63%2C14%2C28%2C4%2C51%2C0%2C88%2C0%2C71%2C30%2C0%2C31%26deal1%3D17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C27%2C815%2C817%2C899%2C919%2C1428%2C1794%2C835%7Ca%3D%257C2%257C%26iid1%3D1105317087030495%26eid%3D1105317087030495%26t%3D134%26d%3D213290%26t1%3D134%26pvc%3D0%26ap%3D1122%26sap%3D1122%26as%3Drevenue%26plat%3D1%26bra%3Dmod11-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D4%26al%3D1004%26compid%3D0%26tap%3Dkarasu_os_com-medrectangle-1-1105317087030495%26eb_br%3Da7a863b24978e69c4cdbb5a49be70d5e%26eba%3D1%26asau%3D7572582426%26bv%3D0%26bvm%3D3%26bvr%3D3%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D34%26br2%3D16%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D63%2C14%2C28%2C4%2C51%2C0%2C88%2C0%2C71%2C30%2C0%2C31%26deal1%3D17%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C919%2C1794%2C835&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1637865184&dt=1637865184927&dlt=1637865184424&idt=443&frm=20&biw=1600&bih=1200&oid=2&adxs=436%2C650&adys=159%2C2390&adks=2230409496%2C2122197923&ucis=1%7C2&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fkarasu-os.com%2FSurpriseGuest%3Fcharacter%3DLeviathan&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x90%7C300x266&msz=728x90%7C300x250&ga_vid=1144183816.1637865185&ga_sid=1637865185&ga_hid=416929604&ga_fc=false&fws=0%2C0&ohw=0%2C0&btvi=0%7C1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

00d3bccb4bb38ef428271263694dc9ca73ef7a33f9dcda4a7b2652d931326132

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15673
x-xss-protection: 0
google-lineitem-id: -1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://karasu-os.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 859B 6 KB
4 KB 184ms
52ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 25 Nov 2021 18:33:05 GMT
expires: Fri, 25 Nov 2022 18:33:05 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 rules-p-31iz6hfFutd16.js Show response
rules.quantcount.com/ 3 B
429 B 203ms
62ms Script
application/javascript 2600:9000:223f:e200:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:e200:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 04:41:15 GMT
via: 1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
age: 50108
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 3
last-modified: Sat, 04 Mar 2017 19:50:24 GMT
server: AmazonS3
etag: "8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
x-amz-cf-id: CcbgSPjp0_EviYONmhsmrn4xtxWRU6pTQXy0y81wHqt-kb8Xsc73uQ==

GET
H2 200 Simeon.png
karasu-os.com/images/faces/ 23 KB
10 KB 54ms
52ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/faces/Simeon.png

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

c2c838cb050239d104ad6fa8e9a69b5e60fa5fb55ab53d2cf55702ef80114a7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;cf0927a8e33e37664f35cefd57e65383;2-213290-123;3ab9bdbb-a27c-42ae-65a0-934007e7b262
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"5c2b-1767c39145f-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

GET
H2 200 Solomon.png
karasu-os.com/images/faces/ 23 KB
10 KB 61ms
59ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/faces/Solomon.png

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

4e886f80e44f64033a58cdad5d4d3af3d1436fdf8cd668dfdedd740fe61a03d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;f55c4f8a6d27bc9af14629fc6ec7d4ec;2-213290-123;baeca80e-8c17-435f-556f-db024e388db7
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"5c99-1767c39145f-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

GET
H2 200 battle_star.png
karasu-os.com/images/ 25 KB
11 KB 65ms
64ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/battle_star.png

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

f5dba69add7a8e193a9218eab42b191beab2d3f178b27218ab2984df1ee062f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;889f6ce3ea73587395eed8b6f8eb478e;2-213290-123;11dcd1c2-9ffc-49a9-4834-c5cb5a29b6ff
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"63a2-176814bff82-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

GET
H2 200 pizza.png
karasu-os.com/images/items/ 6 KB
6 KB 109ms
108ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/items/pizza.png

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

86104239bfa124d256ff9a885e620bd9a22c9e69fdefa28909bf28e7d6aa47f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;ms;f1d593c432c5085acd09e4a759783ef5;2-213290-123;767e5a52-7ea2-486e-5ed9-0d1cd498d824
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"171f-1767c39145f-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

GET
H2 200 candy.png
karasu-os.com/images/items/ 4 KB
4 KB 107ms
106ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/items/candy.png

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

9aebc0d9f1d0d1fe1dea59ff6325e0b75c3630492cf72da774a492a038ba1261

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;ms;af25d2fa27f8192bc61bbcf8f95d3d6c;2-213290-123;76567f07-acc3-44dc-6c76-2b1eb4d404c3
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"118d-1767c39145f-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
content-length: 3974
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 94ms
46ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=416929604&t=pageview&_s=1&dl=https%3A%2F%2Fkarasu-os.com%2FSurpriseGuest%3Fcharacter%3DLeviathan&ul=en-us&de=UTF-8&dt=Surprise%20Guest%20%7C%20Obey%20Me!%20Resources%20(fan-made)%20%7C%20Karasu-OS.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAEABAAAAAC~&jid=474433469&gjid=1780836452&cid=1144183816.1637865185&tid=UA-164556626-4&_gid=1289090182.1637865185&_r=1&gtm=2wgba1TQRDPDG&z=1684255069

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 25 Nov 2021 18:33:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://karasu-os.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 70ms
47ms Ping
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-2ZDH6YNWJQ&gtm=2oeba1&_p=416929604&sr=1600x1200&ul=en-us&cid=1144183816.1637865185&_s=1&dl=https%3A%2F%2Fkarasu-os.com%2FSurpriseGuest%3Fcharacter%3DLeviathan&dt=Surprise%20Guest%20%7C%20Obey%20Me!%20Resources%20(fan-made)%20%7C%20Karasu-OS.com&sid=1637865184&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2ZDH6YNWJQ&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 25 Nov 2021 18:33:05 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://karasu-os.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.376dac12c7cbd03331c3.js Show response
script.hotjar.com/ 226 KB
60 KB 151ms
52ms Script
application/javascript 13.32.121.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.376dac12c7cbd03331c3.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2235794.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.116 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-116.fra60.r.cloudfront.net

Software

Resource Hash

762eec26c35697c778960f1348261ead87844a3fb32e847f237cc6fdab697ba5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 12:27:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 194759
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 60634
access-control-allow-origin: *
last-modified: Tue, 23 Nov 2021 12:26:27 GMT
etag: "a104d8caba37d824b6eacd90ef7757da"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 ed4565467c6c9847b6a3fcb6cec799e5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: 0eA0OCaBvRgwg1c0P0f17b-EyBMa--rg-s7gJ8sDiyJMq1dWNIUXwQ==

GET
H2 200 box-ad575b5823df97fc9725e14a57070642.html Show response
vars.hotjar.com/ Frame 9D26 2 KB
1 KB 147ms
44ms Document
text/html 13.32.121.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-ad575b5823df97fc9725e14a57070642.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2235794.js?sv=7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-127.fra60.r.cloudfront.net
Software: /
Resource Hash: f56a1b71444d153f2f81146d9a0cca991518ebc72e0686f917470f8c522ee383

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9

Response headers

content-type: text/html
content-length: 1050
date: Tue, 16 Nov 2021 11:16:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "a123045c9cc95cfe44d6b5d126b9f1a7"
last-modified: Tue, 16 Nov 2021 11:15:47 GMT
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8c08c39035033b8c904aa0e3f734d6c7.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: thDnKZTR659iFTBwhJsecVpqsJS_cKslWx_QjC1CXKCneBcBu3mY9A==
age: 803819

GET
H2 200 ticket.png
karasu-os.com/images/items/ 6 KB
5 KB 50ms
48ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/items/ticket.png

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

cbea82acbe96166431fa972d184fe6db828db5eb349a5322584e60d3730e085f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;2ee931f5ee9147d8ef04399b4852016e;2-213290-123;f967c7db-c663-4dd1-7032-d0050b0497a1
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"1796-1767c39145f-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

GET
H2 200 game.png
karasu-os.com/images/items/ 5 KB
5 KB 100ms
99ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/items/game.png

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

d03a1203d38d01aaacb00bca3452e1077a4afdc997cb6eb575cf5923a0edbc7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;ms;9a8a31bc94ac7d7c1ea9058cbc7adfa5;2-213290-123;09ff86ad-ad9d-4a39-66f5-ccaf1087d1e5
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"156a-1767c39145f-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

GET
H2 200 book.png
karasu-os.com/images/items/ 6 KB
5 KB 51ms
50ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/items/book.png

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

8eb045aad5195a80ef533174358e45ab6a37d9f727f7419d4001d2e78c80ba9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;4d3271c46b53b0ce7efdeb39824e1b90;2-213290-123;1859bb21-c363-4d7e-4f4d-93ed2f23ee7d
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"173e-1767c39145f-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

GET
H2 200 manga.png
karasu-os.com/images/items/ 7 KB
7 KB 52ms
51ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/items/manga.png

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

dff08de664838ef4753a3958b1f4f6b0cba6d9754a1f1dd9e023d206e348193d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;6d3cdc6963f093aed9451f6851b2d7c2;2-213290-123;ece1eb79-8465-48bc-44d7-173227bd7a36
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"1c31-1767c39145f-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

GET
H2 200 tissue.png
karasu-os.com/images/items/ 5 KB
5 KB 143ms
143ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/items/tissue.png

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

dc31ea1185b7f7bf514cb0b56426a0a49c6cfd297a79201fddc4f678e36d2fd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;ms;2321026072687c3138436800d854c4e6;2-213290-123;87383da9-bfed-49ff-71ee-e7051ffee4e6
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"15f9-1767c391463-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

GET
H2 200 pixel;r=1112863475;labels=Domain.karasu_os_com%2CDomainId.213290;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fkarasu-os.com%2FSurpriseGuest%3Fcharacter%3DLeviathan;uht=2;fpan=1;fpa=P0-1034645603-163786...
pixel.quantserve.com/ 35 B
371 B 55ms
45ms Image
image/gif 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1112863475;labels=Domain.karasu_os_com%2CDomainId.213290;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fkarasu-os.com%2FSurpriseGuest%3Fcharacter%3DLeviathan;uht=2;fpan=1;fpa=P0-1034645603-1637865185172;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=karasu-os.com;je=0;sr=1600x1200x24;dst=0;et=1637865185172;tzo=0;ogl=title.Surprise%20Guest%2Cdescription.An%20all-in-one%20guide%20for%20Obey%20Me!%20surprise%20guest%20interactions%252E%20Karasu's%20interacti%2Cimage.https%3A%2F%2Fkarasu-os%252Ecom%2Fimages%2Fkarasu%252Epng%2Curl.https%3A%2F%2Fkarasu-os%252Ecom%2FSurpriseGuest%3Fcharacter%3DLeviathan

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 25 Nov 2021 18:33:05 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 blob.png
karasu-os.com/images/ 24 KB
10 KB 84ms
84ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/blob.png

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

1550594fc130a81c1bca993367a061b5b883ab8926b6a576eacea59dfbb35aec

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;1ab48eda7a06648dbf93191faad3f1dd;2-213290-123;b42f1350-6082-4a27-5d4b-8cc04fdbefc8
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
etag: W/"5f08-1767c39145b-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/2235794/ 146 B
323 B 134ms
45ms XHR
application/json 54.78.108.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/2235794/visit-data?sv=7
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.376dac12c7cbd03331c3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.78.108.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-108-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 43c15c5e339cca85186d462b5951209ac3825b7677341e3d95f5e704b5057c87

Request headers

Referer
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store
access-control-allow-credentials: true

GET
H2 204 2235794 Show response
vc.hotjar.io/sessions/ 0
256 B 176ms
67ms XHR
text/plain 18.66.112.15
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vc.hotjar.io/sessions/2235794?s=0.25&r=0.027033560126065392
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.376dac12c7cbd03331c3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Python/3.7 aiohttp/3.5.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:05 GMT
via: 1.1 08d7dbeb0736051b46014fbaac0a421e.cloudfront.net (CloudFront)
server: Python/3.7 aiohttp/3.5.4
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-store
x-amz-cf-id: 2M7OHvkUAmEn1IuxWVqbJIkmZ6CVSwiOhdKIulq8UF12Jee7a6O8Uw==

GET
H2 200 dark-bottom.css
karasu-os.com/ezoic/styles/ 3 KB
827 B 47ms
47ms Stylesheet
text/css 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://karasu-os.com/ezoic/styles/dark-bottom.css
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/ezoic/cookieconsent.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: br
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
etag: "bd7-5c701b9c2cf40-gzip"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
cache-control: max-age=31536000, public
accept-ranges: bytes
x-robots-tag: noindex
content-length: 725

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 12 KB
9 KB 161ms
55ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021111601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d053effdf62981a7e9430cd9f567c0ca2dbf722344f78dcaf5964b1c80ba8a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 25 Nov 2021 18:33:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9105
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 157ms
48ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 25 Nov 2021 18:33:06 GMT

GET
H3 200 container.html Show response
4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9FCE 6 KB
3 KB 93ms
43ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 25 Nov 2021 18:33:05 GMT
expires: Fri, 25 Nov 2022 18:33:05 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 greenoaks.gif Show response
karasu-os.com/detroitchicago/ 0
134 B 44ms
43ms XHR
text/plain 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://karasu-os.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2NzJiMmRmMy1hODBiLTQ2Y2MtNzgxZi1kNThjMTE4ZjAwODMiLCJkb21haW5faWQiOiIyMTMyOTAiLCJ0X2Vwb2NoIjoxNjM3ODY1MTg0LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNjcyYjJkZjMtYTgwYi00NmNjLTc4MWYtZDU4YzExOGYwMDgzIiwiZG9tYWluX2lkIjoiMjEzMjkwIiwidF9lcG9jaCI6MTYzNzg2NTE4NCwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMTEtMjUifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxOCJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6IjAifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2NzJiMmRmMy1hODBiLTQ2Y2MtNzgxZi1kNThjMTE4ZjAwODMiLCJkb21haW5faWQiOiIyMTMyOTAiLCJ0X2Vwb2NoIjoxNjM3ODY1MTg0LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfdGFnIiwidmFsIjoiZW4tVVMifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2NzJiMmRmMy1hODBiLTQ2Y2MtNzgxZi1kNThjMTE4ZjAwODMiLCJkb21haW5faWQiOiIyMTMyOTAiLCJ0X2Vwb2NoIjoxNjM3ODY1MTg0LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfcHJpbWFyeV9zdWJ0YWciLCJ2YWwiOiJlbiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjY3MmIyZGYzLWE4MGItNDZjYy03ODFmLWQ1OGMxMThmMDA4MyIsImRvbWFpbl9pZCI6IjIxMzI5MCIsInRfZXBvY2giOjE2Mzc4NjUxODQsImRhdGEiOlt7Im5hbWUiOiJuYXZpZ2F0aW9uX3R5cGUiLCJ2YWwiOiIwIn0seyJuYW1lIjoicmVkaXJlY3RfY291bnQiLCJ2YWwiOiIwIn1dfV0=
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1d-5y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1dx1fx51
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:06 GMT
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 24 Nov 2021 18:33:05 GMT

GET
H2 200 greenoaks.gif Show response
karasu-os.com/detroitchicago/ 0
19 B 45ms
44ms XHR
text/plain 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://karasu-os.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2NzJiMmRmMy1hODBiLTQ2Y2MtNzgxZi1kNThjMTE4ZjAwODMiLCJkb21haW5faWQiOiIyMTMyOTAiLCJ0X2Vwb2NoIjoxNjM3ODY1MTg0LCJkYXRhIjpbeyJuYW1lIjoicGVyZl9pc190cmFja2VkIiwidmFsIjoiMSJ9LHsibmFtZSI6InBlcmZfbmF2X3RvX2Nvbm5lY3QiLCJ2YWwiOiIxMTAifSx7Im5hbWUiOiJwZXJmX2Nvbm5lY3RfdG9fcmVzcF9zdGFydCIsInZhbCI6IjQwNSJ9LHsibmFtZSI6InBlcmZfcmVzcF90aW1lIiwidmFsIjoiMjgifSx7Im5hbWUiOiJwZXJmX2ludGVyYWN0aXZlIiwidmFsIjoiMjQ3In0seyJuYW1lIjoicGVyZl9jb250ZW50bG9hZGVkIiwidmFsIjoiMjQ3In0seyJuYW1lIjoicGVyZl9jb21wbGV0ZSIsInZhbCI6Ijg4NSJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjY3MmIyZGYzLWE4MGItNDZjYy03ODFmLWQ1OGMxMThmMDA4MyIsImRvbWFpbl9pZCI6IjIxMzI5MCIsInRfZXBvY2giOjE2Mzc4NjUxODQsImRhdGEiOlt7Im5hbWUiOiJmaXJzdF9wYWludCIsInZhbCI6IjYwOSJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjY3MmIyZGYzLWE4MGItNDZjYy03ODFmLWQ1OGMxMThmMDA4MyIsImRvbWFpbl9pZCI6IjIxMzI5MCIsInRfZXBvY2giOjE2Mzc4NjUxODQsImRhdGEiOlt7Im5hbWUiOiJmaXJzdF9jb250ZW50ZnVsX3BhaW50IiwidmFsIjoiNjA5In1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNjcyYjJkZjMtYTgwYi00NmNjLTc4MWYtZDU4YzExOGYwMDgzIiwiZG9tYWluX2lkIjoiMjEzMjkwIiwidF9lcG9jaCI6MTYzNzg2NTE4NCwiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fZWZmZWN0aXZlX3R5cGUiLCJ2YWwiOiI0ZyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjY3MmIyZGYzLWE4MGItNDZjYy03ODFmLWQ1OGMxMThmMDA4MyIsImRvbWFpbl9pZCI6IjIxMzI5MCIsInRfZXBvY2giOjE2Mzc4NjUxODQsImRhdGEiOlt7Im5hbWUiOiJjb25uZWN0aW9uX2Rvd25saW5rIiwidmFsIjoiMTAifV19XQ==
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1d-5y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1dx1fx51
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:06 GMT
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 24 Nov 2021 18:33:05 GMT

GET
H2 200 greenoaks.gif Show response
karasu-os.com/detroitchicago/ 0
42 B 44ms
43ms XHR
text/plain 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://karasu-os.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2NzJiMmRmMy1hODBiLTQ2Y2MtNzgxZi1kNThjMTE4ZjAwODMiLCJkb21haW5faWQiOiIyMTMyOTAiLCJ0X2Vwb2NoIjoxNjM3ODY1MTg0LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9ydHQiLCJ2YWwiOiIwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNjcyYjJkZjMtYTgwYi00NmNjLTc4MWYtZDU4YzExOGYwMDgzIiwiZG9tYWluX2lkIjoiMjEzMjkwIiwidF9lcG9jaCI6MTYzNzg2NTE4NCwiZGF0YSI6W3sibmFtZSI6InRpbWVyX2ZpcnN0X2FkX3JlcXVlc3QiLCJ2YWwiOiIxMDQxIn1dfV0=
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1d-5y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1dx1fx51
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:06 GMT
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 24 Nov 2021 18:33:08 GMT

GET
H3 200 container.html Show response
4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7835 6 KB
3 KB 81ms
42ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 25 Nov 2021 18:33:05 GMT
expires: Fri, 25 Nov 2022 18:33:05 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 5275 624 B
975 B 149ms
52ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPwBENm9sbICGNqCxroBMAE&v=APEucNXl8J2akf2wqIqTtuFexWKG6oDF7ZjKCWQIuF7KkJhoVQL61I-lSMxl-kjjxCOsHuRqrgX3hp3EDVpQ-27aFcYmNQqpsBog0Qla1K8I2VHMsu8zEVxHIHLACBa3nkwVnujOqXDyNNJ_ccjKPte231vunfkdW5uMV-Z-GGhTs-xudFGtl26Ef_ZpPy2sqIKDazAjQuX2KWyV0GESJgYuZUgGSpd3OA

Requested by

Host: 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
URL: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 25 Nov 2021 18:33:06 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 25 Nov 2021 18:33:06 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7835 25 KB
15 KB 170ms
76ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CO1GV5MXN1BUnUWe2MA0Y2Cx62VKMtKVHGf2rVygoQb7WSLxXzGRn0P29vo5poSlsaJLt2bK6YeyMKAtz0IorPkr_P3WstsbVngZNgUgfiDGoLIb-wUQsBDfZNQ-gwXMATRC05DAoyGeUJ2BvJD4fh7tl4rw&cry=1&dbm_d=AKAmf-BOqqdXoV3zcmea-aXaQxVfQJXa5MaT7ptB1O-HibA7mO5wttSekfaCvZJQVYOGw9IvG75azmMlYkmxw-j386Gkh1owx1gnN4-LiCsvs3vck2CHaQMBgMSrbKFiEjHMeuKSRdX7J3L3gbW2UDZ350QRXfTFkrQ4SIoaxazMivgyDgOCpW2DOsHGSxsYh86Z6kME5iR8pJBjECJsdeLh2xIEzB0pTUUiTBv4KGqibp4jfv6fIXpWpvHCVNnkfFyS954BIz608aTHfAKr7eY15UqfnWMNwnryrrm4FE-c-5Lw4nlxtwVE9M_GvAxfuv4XMt9YkE44WzCnMBf9ocEQjj0fkUf-35MT3AXpIBrKPUg_bD7ZrUrA8i3jwWufIyDS7aJMWd1_zl_iY0xQ9dbf7gJ-myTutU7alfXD_pMOk8pzUHKMosZpATsEDuRFBggnUVFjTa5s5RC1mSLqATOuABC3a2ux4Y-mEmDxHTUlPvJmLpjygV1_C27NMKj3nzOfyYtFL_wx7cn4I-Fi1BFg8ZQekt365XgSKsvU056LEztVzgYjXAZO6wHyej2QATmRVORARK3puPYnl6c5m1nveRCdLJlLH-f0d2z4BP37xKmzzBTklFmbVPlgv8Vht3pWkKUhObkVVcfbykAODLY5Eo94FDjZh0_6usiSb39lzpEcFAKa8Tfa7JuVtnPl1NUScRtA77A972w9aHLW2ZD-MTJ_6CqPdxYR7CfFNs7-5vNke7oJmbvVAif0xJeQNtvn_sRX9-pv9H9_ZFp8cqc0FNFCA9MsTIgy5iqoDMt9a0fsMBvUQVaQGO3EMUP81uihVLBXsfeHkNbqDelQVKb-kRmJ-7RT7jKNkGzG8Nu-XmHDeW0yCUiHgipo_6TbVDYG8P7EXTGWdeADIRsHfUegcnPsBOJAzjKnsCmgZWWvxw00iZ0LyARJ--BoaxnG3pOkFZc0ozbCH437McYXU-NFww-FJPVX2BYyWoQEYfzBDU4in5yWACqyMrJmBzvAvdpDiADqHrGE7fQml-tZWLfCO94uEiW5u7EUqSLM--aKgaJIdxdDIMsT8vuOGJj1jt_eU_cjjddHOWtqczCkLq5XT-DdLGNeWF-xnGRHXMNQkJ_O6MVpfcuyJx_ptW_IGEAr4D4AwgAKUrlJclb6Pb3OT_kXrsuNQkaGgx5oZ5afsulAaPtpF_Bu4eIRTLdEXSX3UrH35mw91dGKHDRaTebGX7VoqDs_bMa2nF6Z_jUoAt5tVLiG1Hs4VUBFjf2n-lmitLNmEZsVNmR962F9MHIsZdp60uxm8ZhRgEqbLL-UuP06D-XLkO7ss7qNwYZxsz4hmvEyEsfBbkm2DGXWOYpwextdkxNPX136ZPIAt7W1CQRk2ixBd6K-Y1zh-JobhulGWxx861ZQ2vRRjwEixkYqJ_7WW6EtZuEw3GotHe__K7Hwr9auVVXBeXz0nFpAMJA5JgvWRaB3jzrkBrkO4GN4SbpD7iYz_2WsREfLyHz6D5D61CMh2ywzj7B63UbQI4_17pBgH8vgAITCkdp3MjXkldLeXCypJAkWVad29ZsIyk8SHJ4XFB5cjngOyfDTEPVqltuDjcPW2nClg0_i5_jJ_85w41r9c8hw5nRfjkXk2Zn_OF26TfQhanEP6lVZiY0Y_EN5T1IzGl48X4T68A-38ZE-wHn_fJ2ScFCWZMmmL8QCiIEqjXRBFFFKGW8C7urdlhJuyuQXX6Q7ezHHAtLaqbTFqYDbMbHp2nwVjBJBuRh8-pP3sQGq-A8b2EtWbaAS0kOZHPwCFYMY41PszQIm1Xz6v7i13la19wSQPl5jWdUlE7CJIdAtMulHue2l9eJCTm9eNV4xX-SU1orq_BgEBcYXu9bE7YDxu2lIDzHhfh2qH9f4g5YcqsvUmvYadz9lMuwS4wZe9-cKmhUtLKOGlihijSKqi6oI_ADM-WEYfwVWGcjqmkV0ybyETsjxNDbOIXlPqg8JQKruNyJIBMUYEonQqa_lerIY-eRPXSsVJB-4qx1ZV9Eb7Zs4PCHUwCgSmdlxtfjOgIh6B_nbj-cey0oH7W91KN1Ezrd5Aa9Q4xBAvE8HcjudBRwiK08KdtJcMKzWOx4G1NDkG5vTqAoIDOcAaJ5UkEm79DfAxjFTTp_KvIDf4o4yBjCiNku9dcF2qXaYk8KhQkakFKtg93zNoFCASvBBZPkT4kq5ohtsoxZcoeUBf6knpWLSzp4JuBglrU2ImXijpY42u2-QLNLaVC9AWCCcnGRpPzCUAVXgLYKmVwoY97cI1VYFGBzxe4os5NjB3w3gULmiBR-dgfyKeifYS6Ld6GFf7NunUWkfgjzxAJ7N9oB6y312GCdWaCh_9HJylEmMPB3OMgqkEStj9owFHQsa-GHCZYW8uDMHZnTQMCyLCtP4SmsgON1Lm9PGUs-2GDPBlY65SAh34UFu6EAjfJsBVaKbAIWDcG6VBt-JZQtkFUsdq4aStCrauNCmH7SCN9C-_KUrTHG4MYgMjFNJKA9mHiqxsaZ8niAoUFHKoUmQSAv1SGjfFZACZ-ohZ7W71-cMQlhPYSgsow6tTgEAEtg55Qn4RPrTaaRuuaI-Brqq1_07NIAoN1CAKzFevnXSThmTeTQEUXGlFAeJP9iFk9Sif3XpKiP2ea_V7am2tXAhiUHYl8d6xVQx2EKBssTudyR5JPE6DdXfl-uTTEJ9HbnaoaVqeJ6nHTA_bHjVeHM93uiZoacPmqMiWI6DOQPkc0FQzd6P1uV8NhA8ZUzUIZShblsRisKjM4Sv-P70O91Z_q0xU6pE-lbBI9aPYsqD5w2iT8xQzRB-UFRw7TtwhGj5rFKwAwmDW6c8n8kDyBMbmwvuLJyfmWCpG5XKP2KAnE085vasWWe4Ofgz6Dvb0T43kNxsfnB-Qn3btfLf1ym9VjTEDQN50_9MkMw9Om-HMpIBOEJRfXIeD7rdB7CLVRmskdr0txLY3d4lrFLRxYtN_CIzifHBl7TS6T-18mVHSVw5GkJwvJcPZPVVTVaXCyd3X39dN2vNfkQg7fqEpuA_3EzvHK4PbB8pFkoKA0a445-ZMebsE4sPggKe1aZk3rsWbeV9hZxzEZWJ8RbVW2B0zxXac5p5V7mbpYr4EEqqj7-3o21VKsZ7oSVhs7QS4GWWi0phg4giaE-BdVA3ciFg6tCnUCgFG5Jp5UASESfj0ggjJSQMWk-d-zATwJvZWr_RT3ngFhLk3OV5_OCzjISEKBZFkXrDwKKJulWObHdNN2S4GDMRTSBYvHe6bQcHqPuM806r2d1a2JNA4WpdM0GY27nXNeVow8Hsdp3nZ8gVlEUH_yICZI0XQLOzjgVFNlAedZYZsAqMFMPgxIusN94TloWfaiAiMxBZgXmp7aE_essG8KE2HEYuipeXkWynNFLP1Q&cid=CAASFeRouzeklGyuG1lcy7_ONjVHKuMzyg&rfl=1%2Chttps%253A%252F%252Fkarasu-os.com%242%2Chttps%253A%252F%252F4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com%252Fsafeframe%252F1-0-38%252Fhtml%252Fcontainer.html%240

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dfb2dc05cdc403cbb2ed471a1f142d277e0eae92d061401fb8972827586b3256

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 25 Nov 2021 18:33:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14975
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7835 42 B
63 B 122ms
73ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B1QtlcXOPnBsiVM5TU_kQK8ilRd7usne27Qo5HwGYi5GgVnrY5oNUQIBelJr1p85lPig1npUBw-UgVRlFaMcviWoWdG1wxP8E6Wgfrp9VnOSibXVg

Requested by

Host: 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
URL: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 25 Nov 2021 18:33:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 7835 2 KB
1 KB 49ms
47ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Host: 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
URL: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:29:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 191
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Dec 2021 18:29:55 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 7835 15 KB
7 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
URL: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:29:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 211
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 16810888504096353422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Dec 2021 18:29:35 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 7835 0
0 151ms
50ms Image
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRWYk-bG4Xgw4NEgT3iverOrg7qOb5d9yn4kpXvMdRPTeLCWcjq4flTKpbh3a7irMw2puIjxN5bZNitsl6re_aM0WLoow
Requested by: Host: 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
URL: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7835 119 KB
37 KB 169ms
54ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
URL: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 25 Nov 2021 18:33:06 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9E8E 624 B
558 B 138ms
53ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDryqX-Ahj15va5ATAB&v=APEucNVT5DRcFtbGlGgG2F4fgaoymC6DqvBzxZoXdzp7UMWlnrUrzgq7-lyi5mG4ZSF-uywZo3q4m2GS6-cgYDtOPkAul_D6FrdvFZNMqByGlkSuel73bt_MFv0QGw-tNFOHy8JkebaoPt3yP-JLtfNgvO-wyK4ZXlYNHQci4rxw_CJKI301iVrZu8AUKCoonIMSijL5pcRB_sVqu6up6J_4YxElWwpQGA

Requested by

Host: 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
URL: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 25 Nov 2021 18:33:06 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 25 Nov 2021 18:33:06 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9FCE 13 KB
10 KB 154ms
70ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AZ8HRZIQ_g1XtaVDQ7aO1C25FhAL4Sd6B4ZfZEcQtJ3q9fdAjKUIjALX7eXuRwS5BhPzVyCqBMRc3m-8BWOXMf8AMlg0DaJon-ZH0EQJ7u5PfEb5C6tPLZJ-aOymsBr9_R_W2t7BnMCKF7NCdBrNItrYawLA&dbm_d=AKAmf-A_--VBHuANcg_RqVveX_btXquTerTIYavVNRk2uXK4ZwAszAPW405pWsbJT0fCO_VN8G2iI_jXRyRdwdh7v5n1MhjOjgsgp7ipXM1WSd9XgvKDB9yBcUK3WIfWn67JzzE1aG8NEKyqbUDp8io_monm4wZEX-Wh1QnEEBTJoOBFkNFJClQPTZM7WIUMVZOMREkzPVBuNEc0kpBvMrGSTAJBhLz6g6UdS_WI5AUOjor_kevtDic-XT573DylhJP6V4aQPOXYys2-YUg-covyk_sGHzzNIYwyHhu2wPZ0mmM2Q_Q7JjcTOUsl17gNxrtpDzsJ-kamyH2ukHxdjGGR-G0Kc7qemkiE7T19Xras7xrPEyMchykqq_ZuN2aSagvBUufSJReLheE5qPelUKmeW6xgwH6pG0YG8OX9MW3yb0w33J_JYzDNu7CiEaDRgxiECf_ElGl1BDzzz4g3Qd2FsCRc8mcSkrNWurtedBc8WTBW4vGgeMPp4Hg2KJVaLyr89cLj1BvwtIYPxtATilWrHIyEH8wxc9Rnh1Xe_OtjQC4CBpvGpEqpL5zBmhqrSF371EQ1oHPNy-u-bkj04S056O-g7TmkuEB1--DZdCDdjB0ChmoPhitBk7oL0_XGy7PV9KSx-01vpYnDICh_-3JMjLjovQ5UEgVJzrcR_fUV-zI_qnWkFUWX_xDKITPmCx2TDuvaDbax60asRAg89HB1WkwSaVnmKbhKr3w0-EW7LB18LwQYPRxXvLuOHLBt279xhS9X7q04WFH70_w5r10JkEdT3fLY5ECJD32iCTydjRAYNWzr0Mq3OTwVw4fQHMKtTEVdhNeZlKaEbLRCSxbb5pfpDr2Bf9CPgIhph6P2UsKA7A37kPgqKr4xBWza-f2zzZ2oaPEbHpeGEyaOpK0o6HpCKcSGmy_yXH6rZErSMACgm0ZihhunuRNf5v5QDVYosX9dy-bJoga3Q7yofRXDaRY8liQ0UN_nWfSLSGhP8lYcX_XkojvqMKCaUp7fVtbtqbmjeTY1by9AHxGCSCADxqSwyxyvduol1Pr8krf1eLRB1BUTU9fTfN2mgRPxt_KDNTUxRqOcAjxzc0XItCmZVo3FFnqRE_kUdVCTE7aQPHIoRl_O_VeJxe8JlllRnyCYOEW-i1QxgqkUz8PYNNf13bvnSTEFVJdmO7VodF4iL0PQaclRr_p_B-H3jwoz70qaBSj6txkYtUKHuXvsfn_CtIxzaiNOJMvPG2AbmCIbQmSngzJOcaImWg3gaOPM3QNIIfbh9W-t7qiN3rGPyTV-Oy-VaA9wXs1jOrdHjPLEER3CdQnbonNgu48lLn96TMq1dacWmmTjUz06iLQhwhr7nlH1jP665WrFNGYote6BvPpVVDIPw24KK-m60eGXBH-xuKrii8mGUsBp0gx7UVr4dnadKxNFtqlKfBd3agOXaFXEVDN5peEK3f_kVCSixTkxrY_7jRbeE9MNSa3hOn5IalO7bkpaCKV-tNFpX30dZodHWak7Xp1qlG_lWBvPNMnPUg6MJ-Ks2_T-qT7i5hpJJYtSVhUeES6YQgar1FxiktAjYelrkr2-kfMeo0vKh2xOH24gCH-5Jf2NihoAsP-yw-bC7cPCNu7yx5RF_8THyZrrTLyAK0yrIUOqQ9oymezp55h1z4x0wN0Sx2zRycNSxcC8S-XQX9SYPxD3R3nzkNRCIaClPVzYpPkNptXLcY3uasbkeECTTV4EvfhCcptoCnm41-zwoWjnMIGmVVPj2Z5ys_tDi4rfejbUrkXn27dpFVQ8rrQxB0w1ysrNGYpsD1ziil99bCBvPufPiUE6Yih8D7DWZCUNnsILucplqJHIOzahgexCqWMVPFV2cYDPobdjWtsbca8dTKxXx9ldKjjXqkeRW_IcMV--tI5f_KJdSY71vAykju9LZUuKux8EqlHlVJrkTbMCS_6Lc5ZAiOYOMARr2ctiHggiTo-HrfsvZCyWCOHCvG3Qg-d_BXKzJUy4baeSiCwEVUQl32EBNtAX0ZaSR1iiyQ3ndD-iVU6lYv4jt05qarMvPA5xLGk2Vu4Z0kbtQLXxk9sDYfUQiKiu70Sc75gXykGWyV7IYmf7tK5_hHZbqaZba8IlnqUVhcH91-dFZzPixWCGCDy1p1A29d2EJwzzaeP6SVvSq_SfLoSiADnBhXCSf5w2nY1FsyIN-eBOUrCJz6Avlj-WshGunJ0eHoauikrE3Y7zrRhCqZdJqD-HtkiVrLzLkq16wkTu9w66Db3U_xbyyfol-1ow1l-Qfm5Fp9OoDa_28_i1o5bSxVtKST-ZUmXPfg0CUBQuSaP0buIiKU-olcp7F7nWCfPN74ilzfRu-Gs8oOXsyITyX0PyTO419hEWrfG6k-ZqGEFIbWRLIsEsUGbtSvcPM9o-OLXdVHLrET47v5vffBqTu95jf-VdA3gl5aGCeyOgvwfGDgYyHzovplXnXgIYO0MpTY9vIs-JPrhtWm7_PjlE0kbyqVUUlPf1kUsGX_xoDppElB_KiS0OOjieMRq_9tchPUycOMEYBfE_QsTXAyaBLmLAlE8N3BqluFvGCRIPSrnuUxtvElOktpJP-1iuIWJejaPmc9Z0mnkLNr4sr1OLPI95RGpkL3NLfovgP-EDjg00uqqFAn5NZ78m6Y99V8u5I6M3LRdxg0Hkf-gG0Or80eiJieMe9m_94qf7V9YrWrBuoj5TJMD2Pfi8MvBgw_I8wPI&cid=CAASFeRofjnH_rpJs07j2RO1ycDk9TS0jA&rfl=1%2Chttps%253A%252F%252Fkarasu-os.com%242%2Chttps%253A%252F%252F4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com%252Fsafeframe%252F1-0-38%252Fhtml%252Fcontainer.html%240

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/SurpriseGuest?character=Leviathan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

24d5a35f5321ae3e2eac805751766c950c7359863cbe730418f3cc05a9ec901c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 25 Nov 2021 18:33:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9639
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9FCE 42 B
63 B 111ms
73ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AyoT7gKjNUft3411HjygFRaSNWDFJ3-wMOyC6v0bF7BfvsOv6noiARP-5zpkzNn2ynU5b7O3M755MrKLZw7ZEjIJbNQajHv1sYWroLc7g0seU_hnU

Requested by

Host: 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
URL: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 25 Nov 2021 18:33:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame 9FCE 41 KB
18 KB 179ms
59ms Script
text/javascript 74.125.133.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNVBEHVz-vmBjZ3xRP2t4kOTkBQ15yeZQwlEYgTZzq1eb_3BGEg&d=CnkAoCZ_4Boc0jU5OrfpuyGDb9TE38taoHDJFmPG5OoOJx8iifyuS8wE4QqhoDnwKt8TPpgeO50ErL-PtjNYPso67VNn-N8tt9S2cQZY02luarW-W1V_CYCXj2TWvfKfyAw-dp0Nye6oBtyFUZc1YyDFgncxzQ4M6684EokTAKAmf-DF1mUgjh7Qhpq_42HOm6R5yempIg8I_HxmZyHXxnZCnPaCqv_c15CsOTOGvqo2JO0_ITZ4172IAir2C6bluIZ2VxCM-mKN7-qgn49Glgygm7nPFGCheiR1eYTBdnQSUr_gskRlYIM1AFL_f7HX-a6aRMXQLzLSn2krDC4T_5jkO5MWKtYl7pEhKdfnMKamDRc6qnuo_qT6bqOOnet0oiaY6qNAsoVvGJSi6RA4st6vrlDYCv0vZrj5sryNI2veug-dJUH0qm-Lw8ZgzL2rZJgLzaZIWwvEG-DTCs1fTMYn_79iqP4OZcuRN-pIcwTDZcKe67-e2YR-04mVMBvatf4n38aRh-fVcSrSnmhjvckZD_8M_gNRkFxZDnBHUBvoIZ-0gCKwNvyYd51S84gcVuSvBsd_IGCxeEXNcDAIJdfWXxwyo2sEcG7cdfCmks7hwD2NpJSlkQ_SS2bvwjpEWenhOLmGtIflc1_aNzw8f7ll2IXrqx_7Cn_Uy1E0FOQhFbY--aeBEqJDuZb-4OCwNUyz5fSeyhdOgHZqFshMnVo8viNOE-aycJoJeXpsiNkucVM6V0I0dabDEiWcCG1MjHFO7TiXGIonwpCCK1akzGovHK4tzQyoA23Q1V9bBCCQRxNdPAvK3dUKTIBz3uEY34CQ950wOFIe0SQWV6ucLTbwh5T2dlJKAC06xsY_nCe-McHyrvIsl-ZaaY8xiJ4XqBfVq-aUtnqZTGmlfxIgrlbtNsQv_WNFyEd6gQ58XojBcBIPzsHItTVGqqL8usvZ9dnQnmCsat1wo0T2tlrYBvHi-GtI5H4RZ6Pdp5uq8341Jxz_-bl7OIPkRPaOT5MKNlJas-Tn9qLwinKWGV2kiokdM2BHV-IxTyj6KjC2mA4uwWZOQ5xy9wyolvYIwBVudX-0yBD7997odAZ4iFNx8AXRnXMs6QZ1P2Y1MwJ78WmAbOIgbLDz_mtdi6F69ult2KoNGy2S0pkd-xBLc8CP362T9gA-OHeh3qr_L6Sl97BbzmBZv2qgW2vPDTPjcV642i-IYu_p9amXan3hwTr7nGGvaXdpIM1VQzTXmoRyQasITlOHDRqYMvY1hMnOxAYuaVYKy_X_NauQ_-Mvts6NSNImI51ebAXWqC42Z4CpIF-JiHy1qAOwHa2tfBTpAPdNu4MzVkYWldkOfKLd4KD7B2r0EGpU9ZvB5FPzTcibRe4_K-c8NNgrQ_ZE1tfKzDaqAc5ObXZUQByNpxqtDwlifLLmJhcP-0nWC2WdrU-_AZfTbYtTbmBj4QizWOHlp2kIVWcquq71-HqPuf7LoHjt5x2Z24MCcHEJfHrAMttILTe_EgAaUtU9N_1J9cHYJwjmf2rMi05_gt8KXLddPfG3hkv1AvSJ6BHNx4PDAj7Vilr5w76yN_KMHJ83-na6wXwVneXsumnngb_-0JbVRWohEWodkJq2TjQBFEFRH30FBC2fZL2m1FN7X1tJJLF4JEiBGEFJAMSnSGUDKu_uQoMclIngynYd9sya3Js0iuinJAJY9BfM6pj4bTafxv0aBOWLWCiR2TSf36DN9gV1zTqZ3mMRY0MKKm1tQ2z9Tg3-qAXW4JmPPI1P6-z0-vx4VMF9AS5Td8_zXSBngwf9NUwwQxBGpqrJj6RIGiBZYlfDhxHXjzyM5PPGTGnIi9OSB8E-vfyEnncGrv7G0QUvcSC5wrDb1KtQZkGUuLnAkoynyuElkgOCRKg5i8QB-OV2dEO90cZaxUWRRsdeiKpj-cUWvzgERqK1-kE13Iljotd-5dPQX2f7I-NvpMI301595B9lEDIEEydqKyZB4unRHW7vJ9Z6xzT5RoXt_wBC0YXadjy1Ead2MjoY0C1fsJ-TbmrGj-9TubCX5QwPp3uMHZ8Xvf7snXhKacM_0LpHQtBOfinMQ4URaN6VPw9Y1n7B4gi_qRs2IgKSh6vZQHObxfcR_YGh0lznQZjbREW5TvSrmkzmznERypPaEOu0qkEiB5KqbQ7JMQ2jAIQmi2R00FEakMh4UTTW5sciHOL7MPLga5HG2lrdaGB_INum17Y2I4YfVHzvFHmEua6ASXbbYie9InFfNrPvorhIaJsT0kAunYWMhs_xuYgsZ0-OGJn-TqQoorqAJU69uxTw6jxSqJmwq2gSZiNSs1z4fNVAFmF6A549zC-iMMEps8TDa-HbPYSckRkzz3sTFBX9vuLJPA2KLRmyABYz1bM2HmNYpDLI8qILpaOU-J6IMX-i-A7wCWoZO6FwS41vxocXWt_Gfh4TDyOepUCTpiqcjJmnJExtEB9_R78BZNTLEOeG3i55nifPfnVJSkmBm9g90CuF-nlpSijE6nap-ISXNH-0YoiTtjYbwbn6iKJhVgbvQKa9Bw0WsJ4ydxImiUL5eZ6rqjRb88Cp7MgbrYMLnCj3Tnov85VovUQ4Px1cDeEFR9kqrUrsPy6iYFKXHvjaCOBdoYi_N9ah7hl-QDSIzo0aNHjL-AfC7r7EdaHGCh8_VGiQlpn6kvacrxLCvVA9jQ09yQNDQQYz8XAWDAIveAnv5McCx8BgDfgXA-6Q8SWxEb-X-gu2JC63RuPUHqld0fZjDdvnogdk1KyJ-vNToVPpzO9IXmUwAvtOHDDOury1-VwM0l-VbTxDnvqTnQzpnRmMR83YA-EVXmL2ENpwm6FbokKWeK9aTnPgHUsm3aBvofsq6Io3t1It6ouJjc2ZpGPzMJf2LfZShUz29ZbCnnUgzG9nz76N9MJ4wvWaCo-LIVEPyAPxcE6-HaJAJpo6Ja9s_QT2XGKawZ1ks5YAijLUlbssgX7NmnSxJbOR3dEuFAKdZX1my9pCmHU8I93udmZYIXX5Eu8mzz82Whc7-cZlQzMFzA6tfJH05-NXbrYqjk3BLbkvn1QAzP1jsIYGPnSryYivfhGDPsSesxdt5_VzSKzRx2UDtpuUE_8ONmaV3V3oflAou3G9dF8MctMJxMWo6VJbLv7L-oF39__0IomRpczGJFdYAc13S9y3dYtPh_h3q8xe_TMVrprfveXUgJgwhec9P97SIGQsZReaAyignyFPT8AdjMtp7GPD7vueLdDP-vm_FTL3gtVmUEYMYk3f0HU1Og69uG-k1O6ghKSdrGHO7ODmG9YANbXEvx916aRgcGkoGCcAJeQKF_3ibktD6lby4x_wqxkhp7DJJoK-u7-d7ZKuANAti3BDPRYIsDPL1Gmx97youHj1Kxih2OSasizCofoubwG2LzIaGQgAEhXkaH45x_66SbNO49kTtcnA5PU0tIxgAQ

Requested by

Host: 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
URL: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f156.1e100.net

Software

cafe /

Resource Hash

c2e5e8b53e9c8104e1afde386c0e4d1323d52a054e12bfcba546bf4ca0b0d906

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 25 Nov 2021 18:33:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17566
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ca Show response
choices.truste.com/ Frame 9FCE 27 KB
10 KB 155ms
48ms Script
text/javascript 13.32.121.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.truste.com/ca?pid=digitas01&aid=hpeus01&js=pmw0&cid=1&c=digitas01cont8&w=728&h=90
Requested by: Host: 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
URL: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-5.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 5ccd1be45bb41e4312c02f0934d69bf950bfb709710cd7a6320ba988f523fbf3

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 25 Nov 2021 09:50:38 GMT
content-encoding: gzip
server: nginx
age: 31348
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 c60125e7f3465aceafb0abd071a41a36.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: e_ESWSz5fKTLqwABT-6Lj0ZOVaTsIPLp3XOWh1HbxcvQqVWUB_Ph8g==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 9FCE 2 KB
1 KB 105ms
50ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Host: 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
URL: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:28:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 272
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Dec 2021 18:28:34 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 9FCE 15 KB
6 KB 97ms
43ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
URL: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:29:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 211
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 16810888504096353422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Dec 2021 18:29:35 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 9FCE 0
0 139ms
50ms Image
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQFfwPkP6ygzyoysUH5KUBaIBFBoGWlNgpiVvEmlQ8M7gfaDbAQBdZGtFaobjhrT6ZMOCGG_zEOwF7XVabk3VxsY8dtOg
Requested by: Host: 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
URL: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9FCE 119 KB
36 KB 190ms
86ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
URL: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 25 Nov 2021 18:33:06 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 232E 12 KB
5 KB 72ms
41ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Thu, 25 Nov 2021 16:25:53 GMT
expires: Fri, 25 Nov 2022 16:25:53 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 7633
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B354 783 B
1001 B 120ms
53ms Document
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f4417f7e2f748b767131e493290386b398f3d01eb139e27bdfd1aeb464877b47

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-AGZbf3jq8rAaNLOzTSD08g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 25 Nov 2021 18:33:06 GMT
date: Thu, 25 Nov 2021 18:33:06 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-AGZbf3jq8rAaNLOzTSD08g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js Show response
pagead2.googlesyndication.com/bg/ Frame 232E 35 KB
13 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 10:57:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27317
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13332
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 25 Nov 2022 10:57:49 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9FCE 41 KB
15 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AZ8HRZIQ_g1XtaVDQ7aO1C25FhAL4Sd6B4ZfZEcQtJ3q9fdAjKUIjALX7eXuRwS5BhPzVyCqBMRc3m-8BWOXMf8AMlg0DaJon-ZH0EQJ7u5PfEb5C6tPLZJ-aOymsBr9_R_W2t7BnMCKF7NCdBrNItrYawLA&dbm_d=AKAmf-A_--VBHuANcg_RqVveX_btXquTerTIYavVNRk2uXK4ZwAszAPW405pWsbJT0fCO_VN8G2iI_jXRyRdwdh7v5n1MhjOjgsgp7ipXM1WSd9XgvKDB9yBcUK3WIfWn67JzzE1aG8NEKyqbUDp8io_monm4wZEX-Wh1QnEEBTJoOBFkNFJClQPTZM7WIUMVZOMREkzPVBuNEc0kpBvMrGSTAJBhLz6g6UdS_WI5AUOjor_kevtDic-XT573DylhJP6V4aQPOXYys2-YUg-covyk_sGHzzNIYwyHhu2wPZ0mmM2Q_Q7JjcTOUsl17gNxrtpDzsJ-kamyH2ukHxdjGGR-G0Kc7qemkiE7T19Xras7xrPEyMchykqq_ZuN2aSagvBUufSJReLheE5qPelUKmeW6xgwH6pG0YG8OX9MW3yb0w33J_JYzDNu7CiEaDRgxiECf_ElGl1BDzzz4g3Qd2FsCRc8mcSkrNWurtedBc8WTBW4vGgeMPp4Hg2KJVaLyr89cLj1BvwtIYPxtATilWrHIyEH8wxc9Rnh1Xe_OtjQC4CBpvGpEqpL5zBmhqrSF371EQ1oHPNy-u-bkj04S056O-g7TmkuEB1--DZdCDdjB0ChmoPhitBk7oL0_XGy7PV9KSx-01vpYnDICh_-3JMjLjovQ5UEgVJzrcR_fUV-zI_qnWkFUWX_xDKITPmCx2TDuvaDbax60asRAg89HB1WkwSaVnmKbhKr3w0-EW7LB18LwQYPRxXvLuOHLBt279xhS9X7q04WFH70_w5r10JkEdT3fLY5ECJD32iCTydjRAYNWzr0Mq3OTwVw4fQHMKtTEVdhNeZlKaEbLRCSxbb5pfpDr2Bf9CPgIhph6P2UsKA7A37kPgqKr4xBWza-f2zzZ2oaPEbHpeGEyaOpK0o6HpCKcSGmy_yXH6rZErSMACgm0ZihhunuRNf5v5QDVYosX9dy-bJoga3Q7yofRXDaRY8liQ0UN_nWfSLSGhP8lYcX_XkojvqMKCaUp7fVtbtqbmjeTY1by9AHxGCSCADxqSwyxyvduol1Pr8krf1eLRB1BUTU9fTfN2mgRPxt_KDNTUxRqOcAjxzc0XItCmZVo3FFnqRE_kUdVCTE7aQPHIoRl_O_VeJxe8JlllRnyCYOEW-i1QxgqkUz8PYNNf13bvnSTEFVJdmO7VodF4iL0PQaclRr_p_B-H3jwoz70qaBSj6txkYtUKHuXvsfn_CtIxzaiNOJMvPG2AbmCIbQmSngzJOcaImWg3gaOPM3QNIIfbh9W-t7qiN3rGPyTV-Oy-VaA9wXs1jOrdHjPLEER3CdQnbonNgu48lLn96TMq1dacWmmTjUz06iLQhwhr7nlH1jP665WrFNGYote6BvPpVVDIPw24KK-m60eGXBH-xuKrii8mGUsBp0gx7UVr4dnadKxNFtqlKfBd3agOXaFXEVDN5peEK3f_kVCSixTkxrY_7jRbeE9MNSa3hOn5IalO7bkpaCKV-tNFpX30dZodHWak7Xp1qlG_lWBvPNMnPUg6MJ-Ks2_T-qT7i5hpJJYtSVhUeES6YQgar1FxiktAjYelrkr2-kfMeo0vKh2xOH24gCH-5Jf2NihoAsP-yw-bC7cPCNu7yx5RF_8THyZrrTLyAK0yrIUOqQ9oymezp55h1z4x0wN0Sx2zRycNSxcC8S-XQX9SYPxD3R3nzkNRCIaClPVzYpPkNptXLcY3uasbkeECTTV4EvfhCcptoCnm41-zwoWjnMIGmVVPj2Z5ys_tDi4rfejbUrkXn27dpFVQ8rrQxB0w1ysrNGYpsD1ziil99bCBvPufPiUE6Yih8D7DWZCUNnsILucplqJHIOzahgexCqWMVPFV2cYDPobdjWtsbca8dTKxXx9ldKjjXqkeRW_IcMV--tI5f_KJdSY71vAykju9LZUuKux8EqlHlVJrkTbMCS_6Lc5ZAiOYOMARr2ctiHggiTo-HrfsvZCyWCOHCvG3Qg-d_BXKzJUy4baeSiCwEVUQl32EBNtAX0ZaSR1iiyQ3ndD-iVU6lYv4jt05qarMvPA5xLGk2Vu4Z0kbtQLXxk9sDYfUQiKiu70Sc75gXykGWyV7IYmf7tK5_hHZbqaZba8IlnqUVhcH91-dFZzPixWCGCDy1p1A29d2EJwzzaeP6SVvSq_SfLoSiADnBhXCSf5w2nY1FsyIN-eBOUrCJz6Avlj-WshGunJ0eHoauikrE3Y7zrRhCqZdJqD-HtkiVrLzLkq16wkTu9w66Db3U_xbyyfol-1ow1l-Qfm5Fp9OoDa_28_i1o5bSxVtKST-ZUmXPfg0CUBQuSaP0buIiKU-olcp7F7nWCfPN74ilzfRu-Gs8oOXsyITyX0PyTO419hEWrfG6k-ZqGEFIbWRLIsEsUGbtSvcPM9o-OLXdVHLrET47v5vffBqTu95jf-VdA3gl5aGCeyOgvwfGDgYyHzovplXnXgIYO0MpTY9vIs-JPrhtWm7_PjlE0kbyqVUUlPf1kUsGX_xoDppElB_KiS0OOjieMRq_9tchPUycOMEYBfE_QsTXAyaBLmLAlE8N3BqluFvGCRIPSrnuUxtvElOktpJP-1iuIWJejaPmc9Z0mnkLNr4sr1OLPI95RGpkL3NLfovgP-EDjg00uqqFAn5NZ78m6Y99V8u5I6M3LRdxg0Hkf-gG0Or80eiJieMe9m_94qf7V9YrWrBuoj5TJMD2Pfi8MvBgw_I8wPI&cid=CAASFeRofjnH_rpJs07j2RO1ycDk9TS0jA&rfl=1%2Chttps%253A%252F%252Fkarasu-os.com%242%2Chttps%253A%252F%252F4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com%252Fsafeframe%252F1-0-38%252Fhtml%252Fcontainer.html%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 02:01:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59477
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Fri, 25 Nov 2022 02:01:49 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5275
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVKQlh8FsnBO1cZ-MZt5pE&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVKQlh8FsnBO1cZ-MZt5pE&google_cver=1&C=1

43 B
1012 B

94ms
77ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVKQlh8FsnBO1cZ-MZt5pE&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPwBENm9sbICGNqCxroBMAE&v=APEucNXl8J2akf2wqIqTtuFexWKG6oDF7ZjKCWQIuF7KkJhoVQL61I-lSMxl-kjjxCOsHuRqrgX3hp3EDVpQ-27aFcYmNQqpsBog0Qla1K8I2VHMsu8zEVxHIHLACBa3nkwVnujOqXDyNNJ_ccjKPte231vunfkdW5uMV-Z-GGhTs-xudFGtl26Ef_ZpPy2sqIKDazAjQuX2KWyV0GESJgYuZUgGSpd3OA
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 25 Nov 2021 18:33:06 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 25 Nov 2021 18:33:06 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 25 Nov 2021 18:33:06 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVKQlh8FsnBO1cZ-MZt5pE&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Thu, 25 Nov 2021 18:33:06 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5275
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YZ-W4qO4dV4VSk160euHkwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVKQlh8FsnBO1cZ-MZt5pE&google_cver=1

43 B
892 B

65ms
65ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVKQlh8FsnBO1cZ-MZt5pE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPwBENm9sbICGNqCxroBMAE&v=APEucNXl8J2akf2wqIqTtuFexWKG6oDF7ZjKCWQIuF7KkJhoVQL61I-lSMxl-kjjxCOsHuRqrgX3hp3EDVpQ-27aFcYmNQqpsBog0Qla1K8I2VHMsu8zEVxHIHLACBa3nkwVnujOqXDyNNJ_ccjKPte231vunfkdW5uMV-Z-GGhTs-xudFGtl26Ef_ZpPy2sqIKDazAjQuX2KWyV0GESJgYuZUgGSpd3OA
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 25 Nov 2021 18:33:06 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 25 Nov 2021 18:33:06 GMT

Redirect headers

pragma: no-cache
date: Thu, 25 Nov 2021 18:33:06 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVKQlh8FsnBO1cZ-MZt5pE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 5275
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESED83WagK0ZGdkfW24SQXbtk&google_cver=1

43 B
1006 B

86ms
42ms

Image
image/gif

37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESED83WagK0ZGdkfW24SQXbtk&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPwBENm9sbICGNqCxroBMAE&v=APEucNXl8J2akf2wqIqTtuFexWKG6oDF7ZjKCWQIuF7KkJhoVQL61I-lSMxl-kjjxCOsHuRqrgX3hp3EDVpQ-27aFcYmNQqpsBog0Qla1K8I2VHMsu8zEVxHIHLACBa3nkwVnujOqXDyNNJ_ccjKPte231vunfkdW5uMV-Z-GGhTs-xudFGtl26Ef_ZpPy2sqIKDazAjQuX2KWyV0GESJgYuZUgGSpd3OA

Protocol

HTTP/1.1

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 25 Nov 2021 18:33:06 GMT
X-Proxy-Origin: 89.238.142.213; 89.238.142.213; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: eb7b7b79-ba9b-4d4c-b576-a94f1a4cf73d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 25 Nov 2021 18:33:06 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESED83WagK0ZGdkfW24SQXbtk&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5275
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM3ODEyMjY4OTE1NDE0NDk2OQ%3D%3D

170 B
188 B

50ms
50ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM3ODEyMjY4OTE1NDE0NDk2OQ%3D%3D

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 25 Nov 2021 18:33:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 25 Nov 2021 18:33:06 GMT
X-Proxy-Origin: 89.238.142.213; 89.238.142.213; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 09cf6337-e38a-4807-8d30-4ecb325cdbaf
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM3ODEyMjY4OTE1NDE0NDk2OQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame 7835 24 KB
9 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CO1GV5MXN1BUnUWe2MA0Y2Cx62VKMtKVHGf2rVygoQb7WSLxXzGRn0P29vo5poSlsaJLt2bK6YeyMKAtz0IorPkr_P3WstsbVngZNgUgfiDGoLIb-wUQsBDfZNQ-gwXMATRC05DAoyGeUJ2BvJD4fh7tl4rw&cry=1&dbm_d=AKAmf-BOqqdXoV3zcmea-aXaQxVfQJXa5MaT7ptB1O-HibA7mO5wttSekfaCvZJQVYOGw9IvG75azmMlYkmxw-j386Gkh1owx1gnN4-LiCsvs3vck2CHaQMBgMSrbKFiEjHMeuKSRdX7J3L3gbW2UDZ350QRXfTFkrQ4SIoaxazMivgyDgOCpW2DOsHGSxsYh86Z6kME5iR8pJBjECJsdeLh2xIEzB0pTUUiTBv4KGqibp4jfv6fIXpWpvHCVNnkfFyS954BIz608aTHfAKr7eY15UqfnWMNwnryrrm4FE-c-5Lw4nlxtwVE9M_GvAxfuv4XMt9YkE44WzCnMBf9ocEQjj0fkUf-35MT3AXpIBrKPUg_bD7ZrUrA8i3jwWufIyDS7aJMWd1_zl_iY0xQ9dbf7gJ-myTutU7alfXD_pMOk8pzUHKMosZpATsEDuRFBggnUVFjTa5s5RC1mSLqATOuABC3a2ux4Y-mEmDxHTUlPvJmLpjygV1_C27NMKj3nzOfyYtFL_wx7cn4I-Fi1BFg8ZQekt365XgSKsvU056LEztVzgYjXAZO6wHyej2QATmRVORARK3puPYnl6c5m1nveRCdLJlLH-f0d2z4BP37xKmzzBTklFmbVPlgv8Vht3pWkKUhObkVVcfbykAODLY5Eo94FDjZh0_6usiSb39lzpEcFAKa8Tfa7JuVtnPl1NUScRtA77A972w9aHLW2ZD-MTJ_6CqPdxYR7CfFNs7-5vNke7oJmbvVAif0xJeQNtvn_sRX9-pv9H9_ZFp8cqc0FNFCA9MsTIgy5iqoDMt9a0fsMBvUQVaQGO3EMUP81uihVLBXsfeHkNbqDelQVKb-kRmJ-7RT7jKNkGzG8Nu-XmHDeW0yCUiHgipo_6TbVDYG8P7EXTGWdeADIRsHfUegcnPsBOJAzjKnsCmgZWWvxw00iZ0LyARJ--BoaxnG3pOkFZc0ozbCH437McYXU-NFww-FJPVX2BYyWoQEYfzBDU4in5yWACqyMrJmBzvAvdpDiADqHrGE7fQml-tZWLfCO94uEiW5u7EUqSLM--aKgaJIdxdDIMsT8vuOGJj1jt_eU_cjjddHOWtqczCkLq5XT-DdLGNeWF-xnGRHXMNQkJ_O6MVpfcuyJx_ptW_IGEAr4D4AwgAKUrlJclb6Pb3OT_kXrsuNQkaGgx5oZ5afsulAaPtpF_Bu4eIRTLdEXSX3UrH35mw91dGKHDRaTebGX7VoqDs_bMa2nF6Z_jUoAt5tVLiG1Hs4VUBFjf2n-lmitLNmEZsVNmR962F9MHIsZdp60uxm8ZhRgEqbLL-UuP06D-XLkO7ss7qNwYZxsz4hmvEyEsfBbkm2DGXWOYpwextdkxNPX136ZPIAt7W1CQRk2ixBd6K-Y1zh-JobhulGWxx861ZQ2vRRjwEixkYqJ_7WW6EtZuEw3GotHe__K7Hwr9auVVXBeXz0nFpAMJA5JgvWRaB3jzrkBrkO4GN4SbpD7iYz_2WsREfLyHz6D5D61CMh2ywzj7B63UbQI4_17pBgH8vgAITCkdp3MjXkldLeXCypJAkWVad29ZsIyk8SHJ4XFB5cjngOyfDTEPVqltuDjcPW2nClg0_i5_jJ_85w41r9c8hw5nRfjkXk2Zn_OF26TfQhanEP6lVZiY0Y_EN5T1IzGl48X4T68A-38ZE-wHn_fJ2ScFCWZMmmL8QCiIEqjXRBFFFKGW8C7urdlhJuyuQXX6Q7ezHHAtLaqbTFqYDbMbHp2nwVjBJBuRh8-pP3sQGq-A8b2EtWbaAS0kOZHPwCFYMY41PszQIm1Xz6v7i13la19wSQPl5jWdUlE7CJIdAtMulHue2l9eJCTm9eNV4xX-SU1orq_BgEBcYXu9bE7YDxu2lIDzHhfh2qH9f4g5YcqsvUmvYadz9lMuwS4wZe9-cKmhUtLKOGlihijSKqi6oI_ADM-WEYfwVWGcjqmkV0ybyETsjxNDbOIXlPqg8JQKruNyJIBMUYEonQqa_lerIY-eRPXSsVJB-4qx1ZV9Eb7Zs4PCHUwCgSmdlxtfjOgIh6B_nbj-cey0oH7W91KN1Ezrd5Aa9Q4xBAvE8HcjudBRwiK08KdtJcMKzWOx4G1NDkG5vTqAoIDOcAaJ5UkEm79DfAxjFTTp_KvIDf4o4yBjCiNku9dcF2qXaYk8KhQkakFKtg93zNoFCASvBBZPkT4kq5ohtsoxZcoeUBf6knpWLSzp4JuBglrU2ImXijpY42u2-QLNLaVC9AWCCcnGRpPzCUAVXgLYKmVwoY97cI1VYFGBzxe4os5NjB3w3gULmiBR-dgfyKeifYS6Ld6GFf7NunUWkfgjzxAJ7N9oB6y312GCdWaCh_9HJylEmMPB3OMgqkEStj9owFHQsa-GHCZYW8uDMHZnTQMCyLCtP4SmsgON1Lm9PGUs-2GDPBlY65SAh34UFu6EAjfJsBVaKbAIWDcG6VBt-JZQtkFUsdq4aStCrauNCmH7SCN9C-_KUrTHG4MYgMjFNJKA9mHiqxsaZ8niAoUFHKoUmQSAv1SGjfFZACZ-ohZ7W71-cMQlhPYSgsow6tTgEAEtg55Qn4RPrTaaRuuaI-Brqq1_07NIAoN1CAKzFevnXSThmTeTQEUXGlFAeJP9iFk9Sif3XpKiP2ea_V7am2tXAhiUHYl8d6xVQx2EKBssTudyR5JPE6DdXfl-uTTEJ9HbnaoaVqeJ6nHTA_bHjVeHM93uiZoacPmqMiWI6DOQPkc0FQzd6P1uV8NhA8ZUzUIZShblsRisKjM4Sv-P70O91Z_q0xU6pE-lbBI9aPYsqD5w2iT8xQzRB-UFRw7TtwhGj5rFKwAwmDW6c8n8kDyBMbmwvuLJyfmWCpG5XKP2KAnE085vasWWe4Ofgz6Dvb0T43kNxsfnB-Qn3btfLf1ym9VjTEDQN50_9MkMw9Om-HMpIBOEJRfXIeD7rdB7CLVRmskdr0txLY3d4lrFLRxYtN_CIzifHBl7TS6T-18mVHSVw5GkJwvJcPZPVVTVaXCyd3X39dN2vNfkQg7fqEpuA_3EzvHK4PbB8pFkoKA0a445-ZMebsE4sPggKe1aZk3rsWbeV9hZxzEZWJ8RbVW2B0zxXac5p5V7mbpYr4EEqqj7-3o21VKsZ7oSVhs7QS4GWWi0phg4giaE-BdVA3ciFg6tCnUCgFG5Jp5UASESfj0ggjJSQMWk-d-zATwJvZWr_RT3ngFhLk3OV5_OCzjISEKBZFkXrDwKKJulWObHdNN2S4GDMRTSBYvHe6bQcHqPuM806r2d1a2JNA4WpdM0GY27nXNeVow8Hsdp3nZ8gVlEUH_yICZI0XQLOzjgVFNlAedZYZsAqMFMPgxIusN94TloWfaiAiMxBZgXmp7aE_essG8KE2HEYuipeXkWynNFLP1Q&cid=CAASFeRouzeklGyuG1lcy7_ONjVHKuMzyg&rfl=1%2Chttps%253A%252F%252Fkarasu-os.com%242%2Chttps%253A%252F%252F4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com%252Fsafeframe%252F1-0-38%252Fhtml%252Fcontainer.html%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:32:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 65
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9475
x-xss-protection: 0
server: cafe
etag: 15988442915344899701
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Dec 2021 18:32:01 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7835 41 KB
15 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 02:01:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59477
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Fri, 25 Nov 2022 02:01:49 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9E8E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVKQlh8FsnBO1cZ-MZt5pE&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVKQlh8FsnBO1cZ-MZt5pE&google_cver=1&C=1

43 B
1012 B

74ms
74ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVKQlh8FsnBO1cZ-MZt5pE&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDryqX-Ahj15va5ATAB&v=APEucNVT5DRcFtbGlGgG2F4fgaoymC6DqvBzxZoXdzp7UMWlnrUrzgq7-lyi5mG4ZSF-uywZo3q4m2GS6-cgYDtOPkAul_D6FrdvFZNMqByGlkSuel73bt_MFv0QGw-tNFOHy8JkebaoPt3yP-JLtfNgvO-wyK4ZXlYNHQci4rxw_CJKI301iVrZu8AUKCoonIMSijL5pcRB_sVqu6up6J_4YxElWwpQGA
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 25 Nov 2021 18:33:06 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 25 Nov 2021 18:33:06 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 25 Nov 2021 18:33:06 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVKQlh8FsnBO1cZ-MZt5pE&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Thu, 25 Nov 2021 18:33:06 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9E8E
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YZ-W4pXeFBPRixs2gyDW3AAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVKQlh8FsnBO1cZ-MZt5pE&google_cver=1

43 B
892 B

61ms
60ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVKQlh8FsnBO1cZ-MZt5pE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDryqX-Ahj15va5ATAB&v=APEucNVT5DRcFtbGlGgG2F4fgaoymC6DqvBzxZoXdzp7UMWlnrUrzgq7-lyi5mG4ZSF-uywZo3q4m2GS6-cgYDtOPkAul_D6FrdvFZNMqByGlkSuel73bt_MFv0QGw-tNFOHy8JkebaoPt3yP-JLtfNgvO-wyK4ZXlYNHQci4rxw_CJKI301iVrZu8AUKCoonIMSijL5pcRB_sVqu6up6J_4YxElWwpQGA
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 25 Nov 2021 18:33:06 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 25 Nov 2021 18:33:06 GMT

Redirect headers

pragma: no-cache
date: Thu, 25 Nov 2021 18:33:06 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVKQlh8FsnBO1cZ-MZt5pE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 9E8E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESED83WagK0ZGdkfW24SQXbtk&google_cver=1

43 B
1006 B

175ms
91ms

Image
image/gif

37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESED83WagK0ZGdkfW24SQXbtk&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDryqX-Ahj15va5ATAB&v=APEucNVT5DRcFtbGlGgG2F4fgaoymC6DqvBzxZoXdzp7UMWlnrUrzgq7-lyi5mG4ZSF-uywZo3q4m2GS6-cgYDtOPkAul_D6FrdvFZNMqByGlkSuel73bt_MFv0QGw-tNFOHy8JkebaoPt3yP-JLtfNgvO-wyK4ZXlYNHQci4rxw_CJKI301iVrZu8AUKCoonIMSijL5pcRB_sVqu6up6J_4YxElWwpQGA

Protocol

HTTP/1.1

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 25 Nov 2021 18:33:06 GMT
X-Proxy-Origin: 89.238.142.213; 89.238.142.213; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 914d0cf8-cbb6-4cbc-8cd5-d7aa1e39ed8d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 25 Nov 2021 18:33:06 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESED83WagK0ZGdkfW24SQXbtk&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9E8E
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM3ODEyMjY4OTE1NDE0NDk2OQ%3D%3D

170 B
188 B

99ms
50ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM3ODEyMjY4OTE1NDE0NDk2OQ%3D%3D

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 25 Nov 2021 18:33:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 25 Nov 2021 18:33:06 GMT
X-Proxy-Origin: 89.238.142.213; 89.238.142.213; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 4c2dd58f-87f2-4545-b502-7defa83eef47
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM3ODEyMjY4OTE1NDE0NDk2OQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame 9FCE 24 KB
9 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite.js

Requested by

Host: bid.g.doubleclick.net
URL: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNVBEHVz-vmBjZ3xRP2t4kOTkBQ15yeZQwlEYgTZzq1eb_3BGEg&d=CnkAoCZ_4Boc0jU5OrfpuyGDb9TE38taoHDJFmPG5OoOJx8iifyuS8wE4QqhoDnwKt8TPpgeO50ErL-PtjNYPso67VNn-N8tt9S2cQZY02luarW-W1V_CYCXj2TWvfKfyAw-dp0Nye6oBtyFUZc1YyDFgncxzQ4M6684EokTAKAmf-DF1mUgjh7Qhpq_42HOm6R5yempIg8I_HxmZyHXxnZCnPaCqv_c15CsOTOGvqo2JO0_ITZ4172IAir2C6bluIZ2VxCM-mKN7-qgn49Glgygm7nPFGCheiR1eYTBdnQSUr_gskRlYIM1AFL_f7HX-a6aRMXQLzLSn2krDC4T_5jkO5MWKtYl7pEhKdfnMKamDRc6qnuo_qT6bqOOnet0oiaY6qNAsoVvGJSi6RA4st6vrlDYCv0vZrj5sryNI2veug-dJUH0qm-Lw8ZgzL2rZJgLzaZIWwvEG-DTCs1fTMYn_79iqP4OZcuRN-pIcwTDZcKe67-e2YR-04mVMBvatf4n38aRh-fVcSrSnmhjvckZD_8M_gNRkFxZDnBHUBvoIZ-0gCKwNvyYd51S84gcVuSvBsd_IGCxeEXNcDAIJdfWXxwyo2sEcG7cdfCmks7hwD2NpJSlkQ_SS2bvwjpEWenhOLmGtIflc1_aNzw8f7ll2IXrqx_7Cn_Uy1E0FOQhFbY--aeBEqJDuZb-4OCwNUyz5fSeyhdOgHZqFshMnVo8viNOE-aycJoJeXpsiNkucVM6V0I0dabDEiWcCG1MjHFO7TiXGIonwpCCK1akzGovHK4tzQyoA23Q1V9bBCCQRxNdPAvK3dUKTIBz3uEY34CQ950wOFIe0SQWV6ucLTbwh5T2dlJKAC06xsY_nCe-McHyrvIsl-ZaaY8xiJ4XqBfVq-aUtnqZTGmlfxIgrlbtNsQv_WNFyEd6gQ58XojBcBIPzsHItTVGqqL8usvZ9dnQnmCsat1wo0T2tlrYBvHi-GtI5H4RZ6Pdp5uq8341Jxz_-bl7OIPkRPaOT5MKNlJas-Tn9qLwinKWGV2kiokdM2BHV-IxTyj6KjC2mA4uwWZOQ5xy9wyolvYIwBVudX-0yBD7997odAZ4iFNx8AXRnXMs6QZ1P2Y1MwJ78WmAbOIgbLDz_mtdi6F69ult2KoNGy2S0pkd-xBLc8CP362T9gA-OHeh3qr_L6Sl97BbzmBZv2qgW2vPDTPjcV642i-IYu_p9amXan3hwTr7nGGvaXdpIM1VQzTXmoRyQasITlOHDRqYMvY1hMnOxAYuaVYKy_X_NauQ_-Mvts6NSNImI51ebAXWqC42Z4CpIF-JiHy1qAOwHa2tfBTpAPdNu4MzVkYWldkOfKLd4KD7B2r0EGpU9ZvB5FPzTcibRe4_K-c8NNgrQ_ZE1tfKzDaqAc5ObXZUQByNpxqtDwlifLLmJhcP-0nWC2WdrU-_AZfTbYtTbmBj4QizWOHlp2kIVWcquq71-HqPuf7LoHjt5x2Z24MCcHEJfHrAMttILTe_EgAaUtU9N_1J9cHYJwjmf2rMi05_gt8KXLddPfG3hkv1AvSJ6BHNx4PDAj7Vilr5w76yN_KMHJ83-na6wXwVneXsumnngb_-0JbVRWohEWodkJq2TjQBFEFRH30FBC2fZL2m1FN7X1tJJLF4JEiBGEFJAMSnSGUDKu_uQoMclIngynYd9sya3Js0iuinJAJY9BfM6pj4bTafxv0aBOWLWCiR2TSf36DN9gV1zTqZ3mMRY0MKKm1tQ2z9Tg3-qAXW4JmPPI1P6-z0-vx4VMF9AS5Td8_zXSBngwf9NUwwQxBGpqrJj6RIGiBZYlfDhxHXjzyM5PPGTGnIi9OSB8E-vfyEnncGrv7G0QUvcSC5wrDb1KtQZkGUuLnAkoynyuElkgOCRKg5i8QB-OV2dEO90cZaxUWRRsdeiKpj-cUWvzgERqK1-kE13Iljotd-5dPQX2f7I-NvpMI301595B9lEDIEEydqKyZB4unRHW7vJ9Z6xzT5RoXt_wBC0YXadjy1Ead2MjoY0C1fsJ-TbmrGj-9TubCX5QwPp3uMHZ8Xvf7snXhKacM_0LpHQtBOfinMQ4URaN6VPw9Y1n7B4gi_qRs2IgKSh6vZQHObxfcR_YGh0lznQZjbREW5TvSrmkzmznERypPaEOu0qkEiB5KqbQ7JMQ2jAIQmi2R00FEakMh4UTTW5sciHOL7MPLga5HG2lrdaGB_INum17Y2I4YfVHzvFHmEua6ASXbbYie9InFfNrPvorhIaJsT0kAunYWMhs_xuYgsZ0-OGJn-TqQoorqAJU69uxTw6jxSqJmwq2gSZiNSs1z4fNVAFmF6A549zC-iMMEps8TDa-HbPYSckRkzz3sTFBX9vuLJPA2KLRmyABYz1bM2HmNYpDLI8qILpaOU-J6IMX-i-A7wCWoZO6FwS41vxocXWt_Gfh4TDyOepUCTpiqcjJmnJExtEB9_R78BZNTLEOeG3i55nifPfnVJSkmBm9g90CuF-nlpSijE6nap-ISXNH-0YoiTtjYbwbn6iKJhVgbvQKa9Bw0WsJ4ydxImiUL5eZ6rqjRb88Cp7MgbrYMLnCj3Tnov85VovUQ4Px1cDeEFR9kqrUrsPy6iYFKXHvjaCOBdoYi_N9ah7hl-QDSIzo0aNHjL-AfC7r7EdaHGCh8_VGiQlpn6kvacrxLCvVA9jQ09yQNDQQYz8XAWDAIveAnv5McCx8BgDfgXA-6Q8SWxEb-X-gu2JC63RuPUHqld0fZjDdvnogdk1KyJ-vNToVPpzO9IXmUwAvtOHDDOury1-VwM0l-VbTxDnvqTnQzpnRmMR83YA-EVXmL2ENpwm6FbokKWeK9aTnPgHUsm3aBvofsq6Io3t1It6ouJjc2ZpGPzMJf2LfZShUz29ZbCnnUgzG9nz76N9MJ4wvWaCo-LIVEPyAPxcE6-HaJAJpo6Ja9s_QT2XGKawZ1ks5YAijLUlbssgX7NmnSxJbOR3dEuFAKdZX1my9pCmHU8I93udmZYIXX5Eu8mzz82Whc7-cZlQzMFzA6tfJH05-NXbrYqjk3BLbkvn1QAzP1jsIYGPnSryYivfhGDPsSesxdt5_VzSKzRx2UDtpuUE_8ONmaV3V3oflAou3G9dF8MctMJxMWo6VJbLv7L-oF39__0IomRpczGJFdYAc13S9y3dYtPh_h3q8xe_TMVrprfveXUgJgwhec9P97SIGQsZReaAyignyFPT8AdjMtp7GPD7vueLdDP-vm_FTL3gtVmUEYMYk3f0HU1Og69uG-k1O6ghKSdrGHO7ODmG9YANbXEvx916aRgcGkoGCcAJeQKF_3ibktD6lby4x_wqxkhp7DJJoK-u7-d7ZKuANAti3BDPRYIsDPL1Gmx97youHj1Kxih2OSasizCofoubwG2LzIaGQgAEhXkaH45x_66SbNO49kTtcnA5PU0tIxgAQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:32:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 65
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9475
x-xss-protection: 0
server: cafe
etag: 15988442915344899701
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Dec 2021 18:32:01 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/ Frame 9FCE 8 KB
3 KB 46ms
46ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:31:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Dec 2021 18:31:55 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9FCE 0
524 B 181ms
76ms Ping
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu7I9mSeq5T9dnOoNzja2yeFq1Bz1DY1CBV7HQCMcVb9lhJ2NsAZ16JSJNFbvY9Kcr1qLZatiCnmNy-5kkfzHTwnGBUFnP5yQO5lc3G80uxThdV9dMYzK1JoMklJIwrRrk&sai=AMfl-YQGOmEztcWKtqAws5-QhpGiLHb4pGbleylPgXj_SQDlk7BJHlTGHebhrXnwO8sqsXBte2HXaZkxvqsLdOIUEh49w9PuyWRjGRNdAMk&sig=Cg0ArKJSzNLlbjqVqpU_EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20211111.54454&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 25 Nov 2021 18:33:06 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 11022021-142452723-620000111_Q421_AI_zerodefectsV1_static_728x90_NVIDIA_x_EN-US.jpg
s0.2mdn.net/10774078/ Frame 9FCE 16 KB
17 KB 166ms
41ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/11022021-142452723-620000111_Q421_AI_zerodefectsV1_static_728x90_NVIDIA_x_EN-US.jpg

Requested by

Host: 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
URL: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e60e27ca156efe1f8aec4954ba8dfd1bf66312db0bb0754c91fcb3b74b4845b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 11:15:12 GMT
x-content-type-options: nosniff
age: 26274
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16536
x-xss-protection: 0
last-modified: Tue, 02 Nov 2021 21:24:52 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 26 Nov 2021 11:15:12 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B354 0
0 104ms
104ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021111601&jk=3778379792744397&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H2 200 greenoaks.gif Show response
karasu-os.com/detroitchicago/ 0
42 B 43ms
43ms XHR
text/plain 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://karasu-os.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2NzJiMmRmMy1hODBiLTQ2Y2MtNzgxZi1kNThjMTE4ZjAwODMiLCJkb21haW5faWQiOiIyMTMyOTAiLCJ0X2Vwb2NoIjoxNjM3ODY1MTg0LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6IjE0NjMifV19XQ==
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1d-5y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1dx1fx51
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:06 GMT
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 24 Nov 2021 18:33:07 GMT

GET
H2 200 army.gif Show response
karasu-os.com/porpoiseant/ 0
19 B 43ms
43ms XHR
text/plain 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://karasu-os.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk1MDcwNjQ3MDQxNDY4IiwiZG9tYWluX2lkIjoiMjEzMjkwIiwidW5pdCI6ImRpdi1ncHQtYWQta2FyYXN1X29zX2NvbS1ib3gtMy0wIiwidF9lcG9jaCI6MTYzNzg2NTE4NCwiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiNjcyYjJkZjMtYTgwYi00NmNjLTc4MWYtZDU4YzExOGYwMDgzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2OTUwNzA2NDcwNDE0NjgiLCJkb21haW5faWQiOiIyMTMyOTAiLCJ1bml0IjoiZGl2LWdwdC1hZC1rYXJhc3Vfb3NfY29tLWJveC0zLTAiLCJ0X2Vwb2NoIjoxNjM3ODY1MTg0LCJhZF9wb3NpdGlvbiI6MTEwOSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkdCIiwicGFnZXZpZXdfaWQiOiI2NzJiMmRmMy1hODBiLTQ2Y2MtNzgxZi1kNThjMTE4ZjAwODMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiZTI5ZjY5ZGQ0NjhkMzFhNTUxNGRjOWI1NTg3Y2U3NTcifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY5NTA3MDY0NzA0MTQ2OCIsImRvbWFpbl9pZCI6IjIxMzI5MCIsInVuaXQiOiJkaXYtZ3B0LWFkLWthcmFzdV9vc19jb20tYm94LTMtMCIsInRfZXBvY2giOjE2Mzc4NjUxODQsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDE2LCJhZF9wb3NpdGlvbiI6MTEwOSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMTYsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkdCIiwicGFnZXZpZXdfaWQiOiI2NzJiMmRmMy1hODBiLTQ2Y2MtNzgxZi1kNThjMTE4ZjAwODMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk1MDcwNjQ3MDQxNDY4IiwiZG9tYWluX2lkIjoiMjEzMjkwIiwidW5pdCI6ImRpdi1ncHQtYWQta2FyYXN1X29zX2NvbS1ib3gtMy0wIiwidF9lcG9jaCI6MTYzNzg2NTE4NCwiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiNjcyYjJkZjMtYTgwYi00NmNjLTc4MWYtZDU4YzExOGYwMDgzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0NTA3In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2OTUwNzA2NDcwNDE0NjgiLCJkb21haW5faWQiOiIyMTMyOTAiLCJ1bml0IjoiZGl2LWdwdC1hZC1rYXJhc3Vfb3NfY29tLWJveC0zLTAiLCJ0X2Vwb2NoIjoxNjM3ODY1MTg0LCJhZF9wb3NpdGlvbiI6MTEwOSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkdCIiwicGFnZXZpZXdfaWQiOiI2NzJiMmRmMy1hODBiLTQ2Y2MtNzgxZi1kNThjMTE4ZjAwODMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiIyODY4NzI3NCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1d-5y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1dx1fx51
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:06 GMT
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 24 Nov 2021 18:33:07 GMT

GET
H2 200 army.gif Show response
karasu-os.com/porpoiseant/ 0
19 B 42ms
42ms XHR
text/plain 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://karasu-os.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk1MDcwNjQ3MDQxNDY4IiwiZG9tYWluX2lkIjoiMjEzMjkwIiwidW5pdCI6ImRpdi1ncHQtYWQta2FyYXN1X29zX2NvbS1ib3gtMy0wIiwidF9lcG9jaCI6MTYzNzg2NTE4NCwiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiNjcyYjJkZjMtYTgwYi00NmNjLTc4MWYtZDU4YzExOGYwMDgzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMTEtMjUifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxOCJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6IjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1d-5y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1dx1fx51
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:06 GMT
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 24 Nov 2021 18:33:05 GMT

GET
H2 200 army.gif Show response
karasu-os.com/porpoiseant/ 0
19 B 43ms
42ms XHR
text/plain 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://karasu-os.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjk1MDcwNjQ3MDQxNDY4IiwiZG9tYWluX2lkIjoiMjEzMjkwIiwidW5pdCI6ImRpdi1ncHQtYWQta2FyYXN1X29zX2NvbS1ib3gtMy0wIiwidF9lcG9jaCI6MTYzNzg2NTE4NCwiYXVjdGlvbl9lcG9jaCI6MTYzNzg2NTE4NiwiYWRfcG9zaXRpb24iOjExMDksImNvdW50cnlfY29kZSI6IkdCIiwicGFnZXZpZXdfaWQiOiI2NzJiMmRmMy1hODBiLTQ2Y2MtNzgxZi1kNThjMTE4ZjAwODMiLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTYsImJpZF9mbG9vcl9wcmV2IjpudWxsLCJiaWRfZmxvb3JfZmlsbGVkIjoxNiwiYXVjdGlvbl9jb3VudCI6MSwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6MTAwMCwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsIm5ldHdvcmtfY29kZSI6MTI1NDE0NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjoyODY4NzI3NH1d
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1d-5y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1dx1fx51
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:06 GMT
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 24 Nov 2021 18:33:08 GMT

GET
H2 200 army.gif Show response
karasu-os.com/porpoiseant/ 0
19 B 45ms
45ms XHR
text/plain 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://karasu-os.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTEwNTMxNzA4NzAzMDQ5NSIsImRvbWFpbl9pZCI6IjIxMzI5MCIsInVuaXQiOiJkaXYtZ3B0LWFkLWthcmFzdV9vc19jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2Mzc4NjUxODQsImFkX3Bvc2l0aW9uIjoxMTIyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiR0IiLCJwYWdldmlld19pZCI6IjY3MmIyZGYzLWE4MGItNDZjYy03ODFmLWQ1OGMxMThmMDA4MyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTEwNTMxNzA4NzAzMDQ5NSIsImRvbWFpbl9pZCI6IjIxMzI5MCIsInVuaXQiOiJkaXYtZ3B0LWFkLWthcmFzdV9vc19jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2Mzc4NjUxODQsImFkX3Bvc2l0aW9uIjoxMTIyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiR0IiLCJwYWdldmlld19pZCI6IjY3MmIyZGYzLWE4MGItNDZjYy03ODFmLWQ1OGMxMThmMDA4MyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiJhN2E4NjNiMjQ5NzhlNjljNGNkYmI1YTQ5YmU3MGQ1ZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTEwNTMxNzA4NzAzMDQ5NSIsImRvbWFpbl9pZCI6IjIxMzI5MCIsInVuaXQiOiJkaXYtZ3B0LWFkLWthcmFzdV9vc19jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2Mzc4NjUxODQsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDM0LCJhZF9wb3NpdGlvbiI6MTEyMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMzQsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkdCIiwicGFnZXZpZXdfaWQiOiI2NzJiMmRmMy1hODBiLTQ2Y2MtNzgxZi1kNThjMTE4ZjAwODMiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTEwNTMxNzA4NzAzMDQ5NSIsImRvbWFpbl9pZCI6IjIxMzI5MCIsInVuaXQiOiJkaXYtZ3B0LWFkLWthcmFzdV9vc19jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2Mzc4NjUxODQsImFkX3Bvc2l0aW9uIjoxMTIyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiR0IiLCJwYWdldmlld19pZCI6IjY3MmIyZGYzLWE4MGItNDZjYy03ODFmLWQ1OGMxMThmMDA4MyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODMxMDAzNDUwNyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTEwNTMxNzA4NzAzMDQ5NSIsImRvbWFpbl9pZCI6IjIxMzI5MCIsInVuaXQiOiJkaXYtZ3B0LWFkLWthcmFzdV9vc19jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2Mzc4NjUxODQsImFkX3Bvc2l0aW9uIjoxMTIyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiR0IiLCJwYWdldmlld19pZCI6IjY3MmIyZGYzLWE4MGItNDZjYy03ODFmLWQ1OGMxMThmMDA4MyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjI4Njg3Mjc0In1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1d-5y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1dx1fx51
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:06 GMT
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 24 Nov 2021 18:33:04 GMT

GET
H2 200 army.gif Show response
karasu-os.com/porpoiseant/ 0
19 B 44ms
44ms XHR
text/plain 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://karasu-os.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTEwNTMxNzA4NzAzMDQ5NSIsImRvbWFpbl9pZCI6IjIxMzI5MCIsInVuaXQiOiJkaXYtZ3B0LWFkLWthcmFzdV9vc19jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2Mzc4NjUxODQsImFkX3Bvc2l0aW9uIjoxMTIyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiR0IiLCJwYWdldmlld19pZCI6IjY3MmIyZGYzLWE4MGItNDZjYy03ODFmLWQ1OGMxMThmMDA4MyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTExLTI1In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTgifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNCJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1d-5y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1dx1fx51
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:06 GMT
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 24 Nov 2021 18:33:05 GMT

GET
H2 200 army.gif Show response
karasu-os.com/porpoiseant/ 0
54 B 44ms
44ms XHR
text/plain 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://karasu-os.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTEwNTMxNzA4NzAzMDQ5NSIsImRvbWFpbl9pZCI6IjIxMzI5MCIsInVuaXQiOiJkaXYtZ3B0LWFkLWthcmFzdV9vc19jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2Mzc4NjUxODQsImF1Y3Rpb25fZXBvY2giOjE2Mzc4NjUxODYsImFkX3Bvc2l0aW9uIjoxMTIyLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiNjcyYjJkZjMtYTgwYi00NmNjLTc4MWYtZDU4YzExOGYwMDgzIiwiYmlkX2Zsb29yX2luaXRpYWwiOjM0LCJiaWRfZmxvb3JfcHJldiI6bnVsbCwiYmlkX2Zsb29yX2ZpbGxlZCI6MzQsImF1Y3Rpb25fY291bnQiOjEsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjEwMDEsIm11bHRpX2FkX3VuaXQiOjAsIm11bHRpX2FkX2NvdW50IjowLCJuZXR3b3JrX2NvZGUiOjEyNTQxNDQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV0sImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzR9XQ==
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1d-5y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1dx1fx51
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:06 GMT
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 24 Nov 2021 18:33:04 GMT

GET
H2 200 army.gif Show response
karasu-os.com/porpoiseant/ 0
42 B 43ms
43ms XHR
text/plain 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://karasu-os.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk1MDcwNjQ3MDQxNDY4IiwiZG9tYWluX2lkIjoiMjEzMjkwIiwidW5pdCI6ImRpdi1ncHQtYWQta2FyYXN1X29zX2NvbS1ib3gtMy0wIiwidF9lcG9jaCI6MTYzNzg2NTE4NCwiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiNjcyYjJkZjMtYTgwYi00NmNjLTc4MWYtZDU4YzExOGYwMDgzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiNDM2In0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIxNTkifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxMTA1MzE3MDg3MDMwNDk1IiwiZG9tYWluX2lkIjoiMjEzMjkwIiwidW5pdCI6ImRpdi1ncHQtYWQta2FyYXN1X29zX2NvbS1tZWRyZWN0YW5nbGUtMS0wIiwidF9lcG9jaCI6MTYzNzg2NTE4NCwiYWRfcG9zaXRpb24iOjExMjIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiNjcyYjJkZjMtYTgwYi00NmNjLTc4MWYtZDU4YzExOGYwMDgzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMzE1In0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIyNDEwIn0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1d-5y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1dx1fx51
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:06 GMT
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 24 Nov 2021 18:33:03 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C421 22 KB
8 KB 41ms
40ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Thu, 25 Nov 2021 02:21:26 GMT
expires: Fri, 25 Nov 2022 02:21:26 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 58300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 7982 22 KB
8 KB 40ms
40ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Thu, 25 Nov 2021 02:21:26 GMT
expires: Fri, 25 Nov 2022 02:21:26 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 58300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK / Show response
servedby.flashtalking.com/imp/1/164603;6059308;201;js;DV360;DemandCreation2021Q4CreativeCloudStudentsEMEAUKCONSDisplayDV360970x250BannerGeneric/ Frame 7835 1 KB
2 KB 154ms
41ms Script
text/javascript 209.197.3.19
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://servedby.flashtalking.com/imp/1/164603;6059308;201;js;DV360;DemandCreation2021Q4CreativeCloudStudentsEMEAUKCONSDisplayDV360970x250BannerGeneric/?ftx=&fty=&ftadz=&ftscw=&ft_custom=&ftOBA=1&ft_agentEnv=0&ft_referrer=&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&cachebuster=659585.6921478724
Requested by: Host: 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
URL: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.197.3.19 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: vip0x013.map2.ssl.hwcdn.net
Software: prod-xre-app29.lhr11 /
Resource Hash: 8920b192a2a5acd1a116e175804e9718eeb1cc222004ab7dc671d256d8c2d3a5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 25 Nov 2021 18:33:06 GMT
Server: prod-xre-app29.lhr11
X-HW: 1637865186.dop010.lo4.t,1637865186.cds101.lo4.shn,1637865186.dop010.lo4.t,1637865186.cds069.lo4.sc,1637865186.cds069.lo4.p
Content-Type: text/javascript
Cache-Control: no-cache, no-store
Connection: Keep-Alive
Content-Length: 1402
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 9FCE 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: be91c71299397ff797499895e8a2647054d97d51dd30d69f055c9b847956234a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js Show response
pagead2.googlesyndication.com/bg/ Frame C421 35 KB
13 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 10:57:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27317
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13332
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 25 Nov 2022 10:57:49 GMT

GET
H3 200 CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js Show response
pagead2.googlesyndication.com/bg/ Frame 7982 35 KB
13 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 10:57:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27317
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13332
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 25 Nov 2022 10:57:49 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9FCE 0
23 B 127ms
78ms Ping
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 25 Nov 2021 18:33:06 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK j-6059308-3593440.js Show response
cdn.flashtalking.com/xre/605/6059308/3593440/js/ Frame 7835 44 KB
13 KB 175ms
55ms Script
text/javascript 2.18.232.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.flashtalking.com/xre/605/6059308/3593440/js/j-6059308-3593440.js
Requested by: Host: servedby.flashtalking.com
URL: https://servedby.flashtalking.com/imp/1/164603;6059308;201;js;DV360;DemandCreation2021Q4CreativeCloudStudentsEMEAUKCONSDisplayDV360970x250BannerGeneric/?ftx=&fty=&ftadz=&ftscw=&ft_custom=&ftOBA=1&ft_agentEnv=0&ft_referrer=&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&cachebuster=659585.6921478724
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.99 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-99.deploy.static.akamaitechnologies.com
Software: Flashtalking (AKA) /
Resource Hash: 2f24152bc40c8a08c0e0e1403d79e11f4ef84bda0ea9d9a11fa5c8b2d469454d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Thu, 25 Nov 2021 18:33:06 GMT
Content-Encoding: gzip
Last-Modified: Tue, 09 Nov 2021 21:25:01 GMT
Server: Flashtalking (AKA)
ETag: W/"a8e6c2ab5168ddd6d7e53fa02139f072"
Vary: Accept-Encoding
X-Varnish: 87684680
Cache-Control: max-age=1039
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript; charset=utf-8
Content-Length: 12437
Expires: Thu, 25 Nov 2021 18:50:25 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 75ms
75ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021111601&jk=3778379792744397&bg=!2tml2Z3NAAZQLpa_UC47ACkAdvg8WjrXdL7edn_odBdIAV9ykMY5Jx6w0LJ4gojgpTwE894CLByu6QIAAADWUgAAAApoAQcKAHjJXbn-dkQ8gOBzbsgvJu577fPIE0wcIOnlfbJDPOfOQkXPrwG3gxfM2rgrR5Qi5KGkl9KWo9zDbNDOsD1bdeqRx8upWtbd4ZU8GpYPAFxdcmEpTco-5ak5ZmzrO338anGIm9ASdWxFbxNWjErNH1V0gy0EZmb020aZAotlLOHpHCG-iqrc9TzVIriax8HBbyYnaoYnZIMgKmSy-Cn5AOkj7aGnTdYejxPyl1rIwLgsdbiz5YMYNtc167LSfVZtPRV99Ww28jm8SW3QuDqlKqjwk5hb7SCNPv_S287d_S8qxpHEnAXbVFLj_ntuhbtH6G07M9QkMWgyP0u4s16dXVR_uIr0mVfnZXxUaNINk8TBtXd3lk073ssjoPO7n7JIv0tvVXGUNqs-zYQYt6tP0V798PHScixopdq-XoHuGYUrEv7ql8IBUi_le9R0d0I23wqcEs63guQbQoyTJcXHr1A00cHcoe4xHLji7fJU3AQGUPjQE1I53UR0afmKzsYuaA0H2QCsK9TqqlNAYXoLAgKReuKibxlWopeMq8rxbdIbVcJ2ryolsq5aNGlb-F6-fNDzSnHhQjlF3llcF0N17L1ImA4vnEZmJmhkPbxvB2C_9ulXuPHXjduET6osI0VqjdOw9QOjdIvKRPsSHodY98WBuH5dD3pC-JrH_L_Dg5yXhoVsnq5As2hNUAg4SOm9nai4hzEB_NNeO__I_nkeoicgh95TvZ-l_B14S83NFadOdSWyFymz59tS2CZra1o1rfu4IcBPGcw1ZSIn4Vtmqa9AWqY2bfnBuVP256Z_r8mQd_Vfw_RTXIqituumPbU5_XPkQjYvby78NUx5goFJ-66_Td6GWrBynOtxpQLW2zb6mnJs4qTSbqjszO7bnRUvwMfXx4QJEF16W1Febpj1IVUrgrIdpluvwpcgKU11juUf_2okadbUK-nS3kNxM3ajU2rkbfgUvG7TSB5vc9GBFaOgVSYN9hrAarVhErVNput8EHt9NCLpWufOfcBukjwQiPsEkM7TQUw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 25 Nov 2021 18:33:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C421 0
20 B 75ms
75ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B2aRy4tafYceHEov87_UP1LehiAgAAAAAOAHgBAI&bg=!LC-lL2vNAAZQLpa_UC47ACkAdvg8WiAkxdbGyZxg6TgzMLO4sPgqHlDkNykA41lhCHfqv3OAaEN7SAIAAACkUgAAAAtoAQcKAMhoYqU3ZRawQDSHl8XQw009WMenpeGcV6JbjTkwj10ApIfg1A_vrAq9QoWEmVViYGOMj-rNxWaV1QlaNZGMEfxUe8NgNvHWm3O8qns75Y_oHrNWAT2pXYlo0X3BhoCEGKhu1tm5F-QqFwKV6soZPxxKKN1XUiYOJimBMtZekK7sX6FSoLJfGoYCHtxuTolp_WzUP71Qg5NkCOP8QAUgVHgeWL1cStSeqM9S9Ijjvpxs-b4JViHgL_1-TpYzGpm1hRaOGRC9jbDxuJkCyu6Ki7jEj07BR5gAcppGR1j7F18WOM_BfEc6cJElE3-mx9RzzrWDHxSBGYf-_rb_f-d4td0D5onAH3Zo8ifXlPxjRhr8PvSMpMCrIqK0-nKyxIP_rPWTQrHf99tmrX7pvJOQaa78QkxlkzOAdzWZhiiHt0PEldd5ksQfAd_hrI-__08FM2Wpg-GL-KY_JUkOUnnW8Xipxqvy-6wj983haf6QFOPqTZ5ec67m8iOOepnBFjNyO3z0C7nLu3msEoMBCYjyOiPbApChz5L9bAF4JwCeTLwBDrJb_ZzWvtq3vrTeDgVnlISCgUXCNe_kbA3yNg9EVHBcfx-UGFAUy476FH8XQcubKZPxFcIQ2yicKOCZUBssNjyYpf_QaWhH4gZyG6Y_hbvYvdTzY_9R5O0sTO9ozCb6xfOS_00h3LU8MLC9O-9qX1CSnHdeHd-9KN0SwJn7lANdPlT_SNffErdLZusll82xcF2XDDoXgkdAhtmd4JpxMu8GWCYLNJC30Z5LGoQ-qNgHuYAT6tr2FVw8jdR2hTfG-6RPr1Xk2vgJYhyWLl9Qz6H3JlX58EZyqR0RcPvMA5sVXEYBKk7R731bdGX6dQSmGZI6IVMz3xl6RFvZzjXI5E0uzrYZ45RcfHNAa2rAjVGTt4HP59cqIncsKBX2qrTM5nUVc1xM9C1lNrvobj-rg8KBm48azb7rwuFXECRlosEFnnzJYJuiFLy2NWONkxayMNLzvX71aDuuZObZyGP9Jf5LdagapL4T6cZn0Crz5oo-jsAngQ5niYNg6m85BY8sHCpLfTUS9vGViu5NB1CRnF8YFzWgFoDugiXJA7lX5nnMSyCbs8MULJgtPhh-hRx0YK3fuCozxfdjoluNTGzFbWh7HfdAtQzM2qP4uqrY12R1ngbwAQMyPZdECH6Gt1Z3rBfSGNrXRCu2oQyebH7lsCy87lIauA

Requested by

Host: 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
URL: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 25 Nov 2021 18:33:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7982 0
20 B 77ms
77ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B9BNX4tafYdKAEo6x7gPpxJGoCwAAAAA4AeAEAg&bg=!iomlic3NAAZQLpa_UC47ACkAdvg8Ws3-WPm7xGKsqLQOehpW-dYpwKDHkpe0Vl9FuLCPqSmWnNnyqQIAAACQUgAAAAtoAQeZAssIYeSlmbyHaWaLzhylAs7B51BuTcTQbgh_Dg-xQuYxTEU2ztntNDW1azBO9527QWIaLhgOdD8UyUIpqLsBrj3ky1bKTXJSZTLq-tBlapKD6Rlh_TSl5EOzcjlP47pugVb2bY5AUoIe9TK6NoAVTrK9aesdtngbYG2QYEtiyX3nLRFn5C4hQQDKd87j9jInMdzxGxKbBKebEWIET1equX_q3L57aT-5r93rJ7NUKvHue9BYKft-xQkEkFfSF5NdYw6W2KPnY3Ebzp4NTLnxPmDcI3qW5AbUFvsSAHH3wR4kkREqWpvclu8-LlmtpWRZFgbItFO1tCnXOpXJtrjG43tOXwIxZ9Ph8XOTS9WxO1YZTJVSH79c9Q3yt8NMEkYUV7bETrgpuFpd7TBCD_28NIBqYrr5imDp2evaYPAqI9MeMej3V5TjICJh87NI8VG8YZl-Y1uryp20Dn_sItAuToPplBy3ikSWYnMOARm_nAE3txl5WElnlsSY39qhIGq5jR5jwCIBDPJQnaKpHXC8aJS4wwsHdzPTqbDb53THk__VZcXY8YU--FeBPiIokhwGouOHTDTYR6rt9ulwWgWYZv-lC0KgTR6et2GmVtC0xlbnh9FIiYCBszPnHRsxSZcFoefmfSnYaAXoUStM4XwDre5B6RpkZ9moZZQMxsF-b1kdHLjpyyeHIdVEwIpwz8pT9tvOwNQurnJonfI3yzIKtnAl69EEvEnkuYc1jUTL16aSCToVjrQ06DpdcuwZX8_ZTam1fxCHjihnGsjeC_Cn_c09BhAZFfdJ8XG_PBFgYyKtwwWjr_wNjnTV0xBzFyVHjWXvJOhgK3YI22NyfkfSEAHpaCew3HGp04FbAzxrTXiMvCaNLLCam2gmVlXiSdG6cTyw8MIDhcsOsrM8HogDlXJnA9EOEH2BqrHRaHjfIk4h9sDkhmQPbY1V0nEP

Requested by

Host: 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
URL: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 25 Nov 2021 18:33:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/allresponsemediaglobalftdisplay739160694092/ Frame 7835 299 KB
101 KB 152ms
45ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/allresponsemediaglobalftdisplay739160694092/moatad.js
Requested by: Host: cdn.flashtalking.com
URL: https://cdn.flashtalking.com/xre/605/6059308/3593440/js/j-6059308-3593440.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: bc6ba9b52e6d5fef0fc01210bb3b676e7c80362f52b0fcbb4b09f7568759dee7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:06 GMT
content-encoding: gzip
last-modified: Tue, 02 Nov 2021 14:25:15 GMT
server: AmazonS3
x-amz-request-id: CWCXG7HXK5J6AD5T
etag: "3b63139768da158f874f788d7f043cd6"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=57566
accept-ranges: bytes
content-length: 103380
x-amz-id-2: 89nPKH/qvMVijld5unOY2kP0jtPnJPSy/Yzd1N36FbqAVWMsyTl5dgcm4ugTB/maXgOlE0LoVYk=

GET
H/1.1 200
OK 3593440.gif
cdn.flashtalking.com/xre/605/6059308/3593440/image/ Frame 7835 38 KB
38 KB 52ms
52ms Image
image/gif 2.18.232.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.flashtalking.com/xre/605/6059308/3593440/image/3593440.gif?223156719
Requested by: Host: 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
URL: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.99 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-99.deploy.static.akamaitechnologies.com
Software: Flashtalking (AKA) /
Resource Hash: 343e7c8a4123f041d1e7aa5a33dc8285eacc0c1771690f5ff50fa1b9af1dda74

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Thu, 25 Nov 2021 18:33:06 GMT
Last-Modified: Tue, 09 Nov 2021 21:25:02 GMT
Server: Flashtalking (AKA)
ETag: W/"611834965091fb936b309de9da6fd7ac"
X-Varnish: 1055839371
Cache-Control: max-age=1039
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 38458
Expires: Thu, 25 Nov 2021 18:50:25 GMT

GET
DATA 200
OK truncated
/ Frame 7835 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b7b9e9401531756450f4aa4684d250af15d43a252a13f902f101eb64d03daab9

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pizza.png
karasu-os.com/images/items/ 6 KB
5 KB 54ms
52ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/items/pizza.png

Requested by

Host: karasu-os.com
URL: https://karasu-os.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1d-5y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1dx1fx51

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

86104239bfa124d256ff9a885e620bd9a22c9e69fdefa28909bf28e7d6aa47f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;f1d593c432c5085acd09e4a759783ef5;2-213290-123;767e5a52-7ea2-486e-5ed9-0d1cd498d824
date: Thu, 25 Nov 2021 18:33:06 GMT
content-encoding: br
etag: W/"171f-1767c39145f-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

GET
H2 200 candy.png
karasu-os.com/images/items/ 4 KB
4 KB 62ms
61ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/items/candy.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

9aebc0d9f1d0d1fe1dea59ff6325e0b75c3630492cf72da774a492a038ba1261

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;af25d2fa27f8192bc61bbcf8f95d3d6c;2-213290-123;76567f07-acc3-44dc-6c76-2b1eb4d404c3
date: Thu, 25 Nov 2021 18:33:06 GMT
content-encoding: br
etag: W/"118d-1767c39145f-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
content-length: 3974
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

GET
H2 200 ticket.png
karasu-os.com/images/items/ 6 KB
5 KB 59ms
58ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/items/ticket.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

cbea82acbe96166431fa972d184fe6db828db5eb349a5322584e60d3730e085f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;2ee931f5ee9147d8ef04399b4852016e;2-213290-123;f967c7db-c663-4dd1-7032-d0050b0497a1
date: Thu, 25 Nov 2021 18:33:06 GMT
content-encoding: br
etag: W/"1796-1767c39145f-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

GET
H2 200 game.png
karasu-os.com/images/items/ 5 KB
5 KB 63ms
62ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/items/game.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

d03a1203d38d01aaacb00bca3452e1077a4afdc997cb6eb575cf5923a0edbc7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;mm;9a8a31bc94ac7d7c1ea9058cbc7adfa5;2-213290-123;09ff86ad-ad9d-4a39-66f5-ccaf1087d1e5
date: Thu, 25 Nov 2021 18:33:06 GMT
content-encoding: br
etag: W/"156a-1767c39145f-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

GET
H2 200 medicine.png
karasu-os.com/images/items/ 5 KB
5 KB 121ms
120ms Image
image/png 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karasu-os.com/images/items/medicine.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-80-129.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

6be1b2d7d2c7307e0bf7188badca1dce6cb006d0cbe075b26415963249e6e4fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ezoic-cdn: Hit ds;ms;5f6535b4d3ebdc94f30c4603afefcbe7;2-213290-123;faa27ec6-5a09-43d4-68eb-7d57cebd6572
date: Thu, 25 Nov 2021 18:33:06 GMT
content-encoding: br
etag: W/"14d1-1767c39145f-gzip"
x-permitted-cross-domain-policies: none
display: staticcontent_sol, staticcontent_sol
x-dns-prefetch-control: off
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
x-xss-protection: 0
referrer-policy: no-referrer
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
content-language: en
x-frame-options: SAMEORIGIN
x-origin-cache-control: public, max-age=0
expect-ct: max-age=0
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
cache-control: public, max-age=2592000
content-type: image/png
x-content-type-options: nosniff

GET
H/1.1 200
OK consumer-privacy-logo.png
secure.flashtalking.com/oba/icon/ Frame 7835 6 KB
6 KB 155ms
47ms Image
image/png 2.18.232.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.flashtalking.com/oba/icon/consumer-privacy-logo.png
Requested by: Host: 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
URL: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.99 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-99.deploy.static.akamaitechnologies.com
Software: Flashtalking (AKA) /
Resource Hash: 49b19f7f2d3d0fc9d2270cd1ebd79d468ca86cf308f33b063595863e3f392e98

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Thu, 25 Nov 2021 18:33:07 GMT
Last-Modified: Thu, 11 Feb 2021 15:39:51 GMT
Server: Flashtalking (AKA)
ETag: W/"d675694ab4d4d2eb56cca854c25d9c36"
X-Varnish: 341936028
Cache-Control: max-age=992
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 5953
Expires: Thu, 25 Nov 2021 18:49:39 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 7835 43 B
260 B 54ms
46ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=ALLRESPONSEMEDIA_GLOBAL_FT_DISPLAY1&dMoatBDS=0&hp=1&ra=1&pxm=&sgs=3&vb=-1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=1&nh=1&j=&lp=https%3A%2F%2Fkarasu-os.com&t=1637865186556&de=754850491341&m=0&ar=553ffc12ef5-clean&iw=d82b727&q=2&cb=0&ym=0&cu=1637865186556&ll=2&lm=1&ln=1&em=0&en=0&d=18966%3A164603%3A6059308%3A3593440&zGSRC=1&gu=https%3A%2F%2Fkarasu-os.com&id=0&ii=2&bo=18330&bd=karasu-os.com&zMoatOrigSlicer1=18330&zMoatOrigSlicer2=N%2FA&gw=allresponsemediaglobalftdisplay739160694092&fd=1&ac=1&it=500&ti=0&ih=1&pe=0%3A-%3A-%3A0%3A808&fs=195402&na=1707333717&cs=0
Requested by: Host: 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
URL: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 25 Nov 2021 18:33:07 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 25 Nov 2021 18:33:07 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 7835 43 B
260 B 44ms
44ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&dMoatBDS=0&hp=1&ra=1&pxm=&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=https%3A%2F%2Fcdn.flashtalking.com%2Fxre%2F605%2F6059308%2F3593440%2Fimage%2F3593440.gif%3F223156719&i=ALLRESPONSEMEDIA_GLOBAL_FT_DISPLAY1&ol=814687598&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-zka3hkIJ33QxUrdGk7NYu%2BFfHV3eib89DkRB2436S0SxzRtAIyeo1MnKlpdMQlJdIBr9&rs=1-odKx0GC5X%2FcYUw%3D%3D&sc=1&os=1-gw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=970&qe=250&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=0&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=250&w=970&zGSRC=1&gu=https%3A%2F%2Fkarasu-os.com&id=0&ii=2&f=1&j=&lp=https%3A%2F%2Fkarasu-os.com&t=1637865186556&de=754850491341&cu=1637865186556&m=79&ar=553ffc12ef5-clean&iw=d82b727&cb=0&ym=0&ll=2&lm=1&ln=1&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=254&le=1&gm=1&io=1&vv=3&vw=0%3A3%3A0&vp=-&vx=-%3A-%3A-&pe=0%3A-%3A-%3A0%3A808&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&ic=0&im=0&in=0&pd=0&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=58&cd=0&ah=58&am=0&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=18966%3A164603%3A6059308%3A3593440&bo=18330&bd=karasu-os.com&gw=allresponsemediaglobalftdisplay739160694092&zMoatOrigSlicer1=18330&zMoatOrigSlicer2=N%2FA&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=sframe&it=500&fz=1&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=195402&na=1914200774&cs=0
Requested by: Host: 4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
URL: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 25 Nov 2021 18:33:07 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 25 Nov 2021 18:33:07 GMT

GET
H2 200 army.gif Show response
karasu-os.com/porpoiseant/ 0
42 B 44ms
42ms XHR
text/plain 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://karasu-os.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk1MDcwNjQ3MDQxNDY4IiwiZG9tYWluX2lkIjoiMjEzMjkwIiwidW5pdCI6ImRpdi1ncHQtYWQta2FyYXN1X29zX2NvbS1ib3gtMy0wIiwidF9lcG9jaCI6MTYzNzg2NTE4NCwiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiNjcyYjJkZjMtYTgwYi00NmNjLTc4MWYtZDU4YzExOGYwMDgzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzcyOCw5MF0ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY5NTA3MDY0NzA0MTQ2OCIsImRvbWFpbl9pZCI6IjIxMzI5MCIsInVuaXQiOiJkaXYtZ3B0LWFkLWthcmFzdV9vc19jb20tYm94LTMtMCIsInRfZXBvY2giOjE2Mzc4NjUxODQsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiR0IiLCJwYWdldmlld19pZCI6IjY3MmIyZGYzLWE4MGItNDZjYy03ODFmLWQ1OGMxMThmMDA4MyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk1MDcwNjQ3MDQxNDY4IiwiZG9tYWluX2lkIjoiMjEzMjkwIiwidW5pdCI6ImRpdi1ncHQtYWQta2FyYXN1X29zX2NvbS1ib3gtMy0wIiwidF9lcG9jaCI6MTYzNzg2NTE4NCwiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiNjcyYjJkZjMtYTgwYi00NmNjLTc4MWYtZDU4YzExOGYwMDgzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIxNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1d-5y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1dx1fx51
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:07 GMT
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 24 Nov 2021 18:33:08 GMT

GET
H2 200 army.gif Show response
karasu-os.com/porpoiseant/ 0
42 B 45ms
44ms XHR
text/plain 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://karasu-os.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTEwNTMxNzA4NzAzMDQ5NSIsImRvbWFpbl9pZCI6IjIxMzI5MCIsInVuaXQiOiJkaXYtZ3B0LWFkLWthcmFzdV9vc19jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2Mzc4NjUxODQsImFkX3Bvc2l0aW9uIjoxMTIyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiR0IiLCJwYWdldmlld19pZCI6IjY3MmIyZGYzLWE4MGItNDZjYy03ODFmLWQ1OGMxMThmMDA4MyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6Ils5NzAsMjUwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTEwNTMxNzA4NzAzMDQ5NSIsImRvbWFpbl9pZCI6IjIxMzI5MCIsInVuaXQiOiJkaXYtZ3B0LWFkLWthcmFzdV9vc19jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2Mzc4NjUxODQsImFkX3Bvc2l0aW9uIjoxMTIyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiR0IiLCJwYWdldmlld19pZCI6IjY3MmIyZGYzLWE4MGItNDZjYy03ODFmLWQ1OGMxMThmMDA4MyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTEwNTMxNzA4NzAzMDQ5NSIsImRvbWFpbl9pZCI6IjIxMzI5MCIsInVuaXQiOiJkaXYtZ3B0LWFkLWthcmFzdV9vc19jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2Mzc4NjUxODQsImFkX3Bvc2l0aW9uIjoxMTIyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiR0IiLCJwYWdldmlld19pZCI6IjY3MmIyZGYzLWE4MGItNDZjYy03ODFmLWQ1OGMxMThmMDA4MyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1d-5y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1dx1fx51
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:07 GMT
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 24 Nov 2021 18:33:09 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame 9FCE 7 KB
3 KB 165ms
45ms Script
text/javascript 13.32.121.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=hpeus01&pid=digitas01&cid=1&w=728&h=90&c=digitas01cont8&js=pmw1&base=te-clr1-26f8fa7b-377c-419a-a300-5470e2f8049c
Requested by: Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=digitas01&aid=hpeus01&js=pmw0&cid=1&c=digitas01cont8&w=728&h=90
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-29.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: d342a464c78eb878ac316e37083e1f9bbb242c20ecc76c43d30380308b7f30f6

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 25 Nov 2021 08:20:34 GMT
content-encoding: gzip
server: nginx
age: 36753
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA60-P1
content-length: 2412
x-amz-cf-id: 5ZZnBD0Z8VOTP3AwUcA_tZwo0rZw-rXOvAaBylBcBfY6GHeW4rXb0Q==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame 9FCE 38 KB
11 KB 171ms
51ms Script
text/javascript 13.32.121.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=hpeus01&pid=digitas01&cid=1&w=728&h=90&c=digitas01cont8&js=pmw2
Requested by: Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=digitas01&aid=hpeus01&js=pmw0&cid=1&c=digitas01cont8&w=728&h=90
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-29.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: e15a095adc9899b592ceccdd4885a3be3674a6bf6ec4be762566360424deb1f3

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 25 Nov 2021 10:07:15 GMT
content-encoding: gzip
server: nginx
age: 30352
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: HUFP1rlkgRn6uIoy6tlUQJRURMGnx9rDxeQPh0rqRyDtUXPOg5cffQ==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cap
choices.trustarc.com/ Frame 9FCE 43 B
395 B 273ms
154ms Image
image/gif 13.32.121.29
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/cap?aid=hpeus01&pid=digitas01&cid=1&w=728&h=90&c=b2e3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-29.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 25 Nov 2021 18:33:07 GMT
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P1
vary: Origin
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
x-amz-cf-id: BR30wcB_nUA13qmOe86bIaV9F3TfgOwkAUXpLocw6gzNZdzMgKSOdQ==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9FCE 42 B
64 B 127ms
76ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstaqeh8rQ7hQPU097VbwsmrTUY2h_NJ6UOgOTfbIUuaKWmhTYFizzM4CsZ3EhvZn5AGzmVcutUixxU0Dqx08VzfeT9JJ4tvhExGtGLJCdJNJ2Bw7mPHaQ&sai=AMfl-YQnP8ge9ATRh3CM20cX1X-SxQ1kGF0H6muX4FumNdkPxORJUhgMcUa5wHpqYaLUxLScIaX_J_3UnAx_9i_lAV9wWN1TguIJXOYXHSlfc39dk-yL98E2L_Xsysn5Egs&sig=Cg0ArKJSzGZ-SO-VJlznEAE&cid=CAASFeRofjnH_rpJs07j2RO1ycDk9TS0jA&id=lidar2&mcvt=1000&p=159,436,249,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211110&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2230409496&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1637865185516&rpt=578&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 25 Nov 2021 18:33:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
karasu-os.com/porpoiseant/ 0
42 B 44ms
43ms XHR
text/plain 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://karasu-os.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk1MDcwNjQ3MDQxNDY4IiwiZG9tYWluX2lkIjoiMjEzMjkwIiwidW5pdCI6ImRpdi1ncHQtYWQta2FyYXN1X29zX2NvbS1ib3gtMy0wIiwidF9lcG9jaCI6MTYzNzg2NTE4NCwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiNjcyYjJkZjMtYTgwYi00NmNjLTc4MWYtZDU4YzExOGYwMDgzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1d-5y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1dx1fx51
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:07 GMT
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 24 Nov 2021 18:33:21 GMT

GET
H2 200 army.gif Show response
karasu-os.com/porpoiseant/ 0
65 B 43ms
43ms XHR
text/plain 18.159.80.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://karasu-os.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk1MDcwNjQ3MDQxNDY4IiwiZG9tYWluX2lkIjoiMjEzMjkwIiwidW5pdCI6ImRpdi1ncHQtYWQta2FyYXN1X29zX2NvbS1ib3gtMy0wIiwidF9lcG9jaCI6MTYzNzg2NTE4NCwiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiNjcyYjJkZjMtYTgwYi00NmNjLTc4MWYtZDU4YzExOGYwMDgzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjEwIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxMTA1MzE3MDg3MDMwNDk1IiwiZG9tYWluX2lkIjoiMjEzMjkwIiwidW5pdCI6ImRpdi1ncHQtYWQta2FyYXN1X29zX2NvbS1tZWRyZWN0YW5nbGUtMS0wIiwidF9lcG9jaCI6MTYzNzg2NTE4NCwiYWRfcG9zaXRpb24iOjExMjIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJHQiIsInBhZ2V2aWV3X2lkIjoiNjcyYjJkZjMtYTgwYi00NmNjLTc4MWYtZDU4YzExOGYwMDgzIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjMxNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: karasu-os.com
URL: https://karasu-os.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1d-5y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1dx1fx51
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 25 Nov 2021 18:33:10 GMT
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 24 Nov 2021 18:33:12 GMT

Verdicts & Comments Add Verdict or Comment

228 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

37 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.karasu-os.com/	1970-01-19 22:57:46	Name: ezoadgid_213290 Value: -1
.karasu-os.com/	1970-01-19 22:57:52	Name: ezoref_213290 Value:
.karasu-os.com/	1970-01-20 07:43:21	Name: ezosuigeneris-0 Value: 02396f59d2635b9c8af742344b520a83
.karasu-os.com/	1970-01-19 22:57:52	Name: ezoab_213290 Value: mod11-c
.karasu-os.com/	1970-01-19 22:57:46	Name: ezopvc_213290 Value: 1
.karasu-os.com/	1970-01-19 22:59:11	Name: ezepvv Value: 4
.karasu-os.com/	1970-01-19 22:57:46	Name: ezovid_213290 Value: 964376687
.karasu-os.com/	1970-01-19 22:57:46	Name: lp_213290 Value: https://karasu-os.com/SurpriseGuest?character=Leviathan
.karasu-os.com/	1970-01-19 23:00:37	Name: ezovuuidtime_213290 Value: 1637865184
.karasu-os.com/	1970-01-19 22:57:46	Name: ezovuuid_213290 Value: a6bd3951-d15c-4efe-7199-c84ebd048a16
karasu-os.com/	1970-01-22 12:16:57	Name: ezds Value: ffid%3D1%2Cw%3D1600%2Ch%3D1200
karasu-os.com/	1970-01-22 12:16:57	Name: ezohw Value: w%3D1600%2Ch%3D1200
.karasu-os.com/	1970-01-19 23:00:37	Name: active_template::213290 Value: pub_site.1637865185
.karasu-os.com/	1970-01-19 22:59:11	Name: _gid Value: GA1.2.1289090182.1637865185
.karasu-os.com/	1970-01-19 22:57:45	Name: _gat_UA-164556626-4 Value: 1
.karasu-os.com/	1970-01-20 16:28:57	Name: _ga_2ZDH6YNWJQ Value: GS1.1.1637865184.1.0.1637865184.0
.karasu-os.com/	1970-01-20 16:28:57	Name: _ga Value: GA1.1.1144183816.1637865185
.quantserve.com/	1970-01-20 08:27:59	Name: mc Value: 619fd6e1-afec1-539d0-6e66f
.karasu-os.com/	1970-01-20 08:22:13	Name: __qca Value: P0-1034645603-1637865185172
.karasu-os.com/	1970-01-20 07:43:21	Name: _hjSessionUser_2235794 Value: eyJpZCI6ImE2YjI0YTYyLTBjMDQtNWQ0Yy05MDZmLTA5MmVhYjY2NDU4OCIsImNyZWF0ZWQiOjE2Mzc4NjUxODUyNjYsImV4aXN0aW5nIjpmYWxzZX0=
.karasu-os.com/	1970-01-19 22:57:46	Name: _hjFirstSeen Value: 1
.karasu-os.com/	1970-01-19 22:57:46	Name: _hjSession_2235794 Value: eyJpZCI6ImQ0ODRlM2IxLWU0YjQtNDU2NC1iMDJjLTc0ODQyODA1MmUwNiIsImNyZWF0ZWQiOjE2Mzc4NjUxODUyODh9
karasu-os.com/	1970-01-19 22:57:45	Name: _hjIncludedInPageviewSample Value: 1
.karasu-os.com/	1970-01-19 22:57:46	Name: _hjAbsoluteSessionInProgress Value: 1
karasu-os.com/	1970-01-20 07:43:21	Name: ezux_lpl_213290 Value: 1637865185330\|672b2df3-a80b-46cc-781f-d58c118f0083\|false
.karasu-os.com/	1970-01-20 08:19:21	Name: __gads Value: ID=42892f581f3e33ec-223de1f0facb0060:T=1637865185:S=ALNI_MZcoCwdB2r8ayTwnBVXP_8CinvqBA
.doubleclick.net/	1970-01-20 08:19:21	Name: IDE Value: AHWqTUkLNSmD7EdWF-1KDhyo5CKt2n2PQnWhBwcvnMWu7A30i-ijFTMOQych13YbWE4
karasu-os.com/	1969-12-31 23:59:59	Name: ezouspvv Value: 50
karasu-os.com/	1969-12-31 23:59:59	Name: ezouspva Value: 2
karasu-os.com/	1969-12-31 23:59:59	Name: ezouspvh Value: 34
.adnxs.com/	1970-01-20 01:07:21	Name: uuid2 Value: 2378122689154144969
.casalemedia.com/	1970-01-20 01:07:21	Name: CMPS Value: 698
.adnxs.com/	1970-01-20 01:07:21	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?au>r#]!]tbPl1M>e)ZlrFUfJ+tGXxoyOqQCLb!oynLZ2Lga@3D'Currf`dW_Kx-RFHbpRzqF1`b`[S?3aN
.casalemedia.com/	1970-01-19 22:59:11	Name: CMST Value: YZ-W4mGf1uIA
.casalemedia.com/	1970-01-20 07:43:21	Name: CMRUM3 Value: 2d619fd6e22760CAESEGVKQlh8FsnBO1cZ-MZt5pE
.casalemedia.com/	1970-01-20 07:43:21	Name: CMID Value: YZ-W4pXeFBPRixs2gyDW5AAA
.casalemedia.com/	1970-01-20 01:07:21	Name: CMPRO Value: 329

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://z.moatads.com/allresponsemediaglobalftdisplay739160694092/moatad.js(Line 131) Message: The deviceorientation events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
javascript	warning	URL: https://karasu-os.com/SurpriseGuest?character=Leviathan Message: The resource https://go.ezodn.com/hb/dall.js?b=adyoulike,criteo,oftmedia,onemobile,onetag,sharethrough,smilewanted,yahoossp,yieldmo&cb=195-0-31 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4f2d47ef574f1b0ce040cb0201399be2.safeframe.googlesyndication.com
adservice.google.co.uk
adservice.google.com
bid.g.doubleclick.net
cdn.flashtalking.com
choices.trustarc.com
choices.truste.com
cm.g.doubleclick.net
dsum-sec.casalemedia.com
go.ezodn.com
go.ezoic.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
in.hotjar.com
karasu-os.com
pagead2.googlesyndication.com
pixel.quantserve.com
px.moatads.com
rules.quantcount.com
s0.2mdn.net
script.hotjar.com
secure.flashtalking.com
secure.quantserve.com
securepubads.g.doubleclick.net
servedby.flashtalking.com
static.hotjar.com
tpc.googlesyndication.com
vars.hotjar.com
vc.hotjar.io
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
z.moatads.com
13.32.121.116
13.32.121.127
13.32.121.29
13.32.121.5
142.250.185.130
142.250.185.194
142.250.185.98
18.159.80.129
18.66.112.15
18.66.112.53
2.18.232.99
2.18.234.21
2.18.235.40
209.197.3.19
2600:9000:223f:e200:6:44e3:f8c0:93a1
2600:9000:2250:ea00:2:cb38:840:93a1
2606:4700:3036::ac43:a1d1
2620:116:800d:21:51e4:db4b:4436:b305
2a00:1450:4001:808::2004
2a00:1450:4001:80e::2002
2a00:1450:4001:811::200e
2a00:1450:4001:812::2002
2a00:1450:4001:829::2002
2a00:1450:4001:829::2008
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2006
2a00:1450:4001:830::2001
2a00:1450:4001:830::2002
37.252.172.45
54.78.108.238
74.125.133.156
00d3bccb4bb38ef428271263694dc9ca73ef7a33f9dcda4a7b2652d931326132
01b21e7b538ca070ec1619551b93425b2295a4116bafbb8a3f568d71e7fbb877
05587675f2a11c33a30439283781b2cc70cea980807c759b314b9b1b4e42703c
091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0b8d430fb281c111a2e9a8842ec12376e7a214f36d1d3fd8f9d7f18e1ae08c69
0c5ed985fdbddc027124d4e6879ce1a1860832cda85e2b517c18d8fbd2fffc06
10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1550594fc130a81c1bca993367a061b5b883ab8926b6a576eacea59dfbb35aec
161d7ac3ff2ce474be423e9805121d9ebe5d837c71c313bc992d2066714187c9
161f60d8b9844e5107a17a00f6f4e2a17c2eb853987525004a3552610ad96ebe
182cbf643e6f9288daf45ee98cefba9f20152d66e528ed012c56917aaedc6497
1c5ad2fd42dffdf04a0f1d757c1cccb4d840218d7ecada79d6cc9db33ca40319
1e60e27ca156efe1f8aec4954ba8dfd1bf66312db0bb0754c91fcb3b74b4845b
22f181a715673cb0c19a426d1b0f8d05950ebf34b6c224a0c0cfc4092bcd0fc9
24d5a35f5321ae3e2eac805751766c950c7359863cbe730418f3cc05a9ec901c
2f24152bc40c8a08c0e0e1403d79e11f4ef84bda0ea9d9a11fa5c8b2d469454d
343e7c8a4123f041d1e7aa5a33dc8285eacc0c1771690f5ff50fa1b9af1dda74
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
3a533687f94ef278c8ff3d8a1ce06e715ddc35ae22c99acf08e3b2ef00bae638
3bc1ccf2e07729b8504bb436649897e6e4a67eb184505f455652414b74dabd2a
3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc
414f9dd4146ab98a0d5f9747f14da7db3587c132f5176f19d6e4611355bba6d7
43c15c5e339cca85186d462b5951209ac3825b7677341e3d95f5e704b5057c87
457bb5d23d7a3589819b4e450ace2c09798a5ca70645866bef887aff462fd1d7
487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94
49b19f7f2d3d0fc9d2270cd1ebd79d468ca86cf308f33b063595863e3f392e98
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e886f80e44f64033a58cdad5d4d3af3d1436fdf8cd668dfdedd740fe61a03d1
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5ccd1be45bb41e4312c02f0934d69bf950bfb709710cd7a6320ba988f523fbf3
6155f483e669cac2ea164fb576d75fbc96ac6f2f3c854d8d32857abb0f675c64
632893d6d9d049c0767de0bc8b6a1d8a70dae1b80096b0beaf9c8e3d9f55c032
63872e8829a1e6e3ffb6bc93e24a9bdec0c2033e8559f6e5dcc76a3d5bb75a1f
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6be1b2d7d2c7307e0bf7188badca1dce6cb006d0cbe075b26415963249e6e4fd
6d053effdf62981a7e9430cd9f567c0ca2dbf722344f78dcaf5964b1c80ba8a0
6d7385451b13d96bd984368e23b81e138c24d6fb1014f7602ac09577b9dc10f7
7012ef4488d486afbb1635d839cca3fcec9ad7c85c89fb3d63ed17e036fc8cc0
71c6ea85dba250b22bc1baaa084572f76dcbb99cb2779e5a603aa867717889a6
7482b6eaa9a50729dc26bd9c4f1b37063f6f2706e340f9f7cce9e98dd68231eb
762eec26c35697c778960f1348261ead87844a3fb32e847f237cc6fdab697ba5
7d1c62db72640e9a75188363d762ffee84ea49027f533ce5d8ef96c1e1f68438
7e02c082fedfc821a8a51fe004dab6896dd928876a21ccac8675142c2e2f7b1f
86104239bfa124d256ff9a885e620bd9a22c9e69fdefa28909bf28e7d6aa47f7
86b9e05e81cb69d85f0097f7dd695ad5b70ca11af4f90b326529f6c9116cf89b
874e22be5cec83f9e295c0b4ba49e78183a4368022b41eb0ebbbe45b8c8a9aee
8920b192a2a5acd1a116e175804e9718eeb1cc222004ab7dc671d256d8c2d3a5
8a85fbef256a60b92234a630aefea901884f785a996833fb5ea9711832845c04
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
8cc4f27f499efc784c71d850f178782c1bc56201fffd07946310059a8aa1b950
8eb045aad5195a80ef533174358e45ab6a37d9f727f7419d4001d2e78c80ba9e
93ee19994358156fbbe3bcbb748f51b8d5bd6199ff589f8955eaacfa59d5cb2c
94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9aebc0d9f1d0d1fe1dea59ff6325e0b75c3630492cf72da774a492a038ba1261
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
9e2747806c4a30f0d4f39596a13dd97dc5484b96845d945d90b300e1bbdebc72
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5bf767bcfa8f33e1e1c35556b7b84c02424fa522e6dd4d7dccc1d71e1bd5d20
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a89057208861e739c4ea6ea2e1126afd5b41c89f22548e5afeb74b7c71614777
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b7b9e9401531756450f4aa4684d250af15d43a252a13f902f101eb64d03daab9
b87fbf1b2b78214eeaaafbaee7521c2c8c5c221082f0535394aa60e020cdc4f7
bbd3e5220e9eda0e6982e9b3e3c1c3168e9c26e43a3b6662ace2f03dde6e217d
bc6ba9b52e6d5fef0fc01210bb3b676e7c80362f52b0fcbb4b09f7568759dee7
be91c71299397ff797499895e8a2647054d97d51dd30d69f055c9b847956234a
c2c838cb050239d104ad6fa8e9a69b5e60fa5fb55ab53d2cf55702ef80114a7a
c2cbd9a562b178f361680d07aa8a444e0a5a2d7e660723f4662ae707e832eb62
c2e5e8b53e9c8104e1afde386c0e4d1323d52a054e12bfcba546bf4ca0b0d906
c5edfcadeedf8858bed4553c9ae71b05469fd8d526db5d2f3798bf8d0e2c16bd
c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cbea82acbe96166431fa972d184fe6db828db5eb349a5322584e60d3730e085f
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d03a1203d38d01aaacb00bca3452e1077a4afdc997cb6eb575cf5923a0edbc7c
d2ad65934316905fefc98007a689f3fc16f55efaa06d0dda6909e8717be7805e
d342a464c78eb878ac316e37083e1f9bbb242c20ecc76c43d30380308b7f30f6
d42e40233ab335376bdd0259b667d2393077d1d51e8d75c2a1519caae50abe87
d86923070cdd3b26c384dfb89877b54c56cc30ebcaca4b9ef0fefeb935d5c7ef
da7d4078e0beeebbc945883b951a821f6df0cb84b56531eef2c2cdec4bc0a2e6
dc31ea1185b7f7bf514cb0b56426a0a49c6cfd297a79201fddc4f678e36d2fd6
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dfb2dc05cdc403cbb2ed471a1f142d277e0eae92d061401fb8972827586b3256
dff08de664838ef4753a3958b1f4f6b0cba6d9754a1f1dd9e023d206e348193d
e15a095adc9899b592ceccdd4885a3be3674a6bf6ec4be762566360424deb1f3
e1a156c3daa4ae0c41f21ef266131ca5a34d56695e3d860b232da142ef031234
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e63df77239dbe9656857991236cc1e8dd5f889e6b5660b106a31d47abcb4bd88
e649d66d5268b408dec7fc74fd4e10043d5be5b1a2abf00ebb12a084ea7344e0
e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00
e9d138498972b3c74e912822a6965c07052fe81473e347f523760b35ff58576c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4417f7e2f748b767131e493290386b398f3d01eb139e27bdfd1aeb464877b47
f56a1b71444d153f2f81146d9a0cca991518ebc72e0686f917470f8c522ee383
f5dba69add7a8e193a9218eab42b191beab2d3f178b27218ab2984df1ee062f0
f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

karasu-os.com Open in urlscan Pro 18.159.80.129 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

143 Requests

94 %HTTPS

47 %IPv6

21 Domains

35 Subdomains

33 IPs

3 Countries

1462 kBTransfer

4241 kBSize

37 Cookies

10 Outgoing links

Redirected requests

143 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

karasu-os.com Open in urlscan Pro
18.159.80.129 Public Scan

Screenshot
Live screenshot

Full Image

143
Requests

94 %
HTTPS

47 %
IPv6

21
Domains

35
Subdomains

33
IPs

3
Countries

1462 kB
Transfer

4241 kB
Size

37
Cookies

143 HTTP transactions
11 data transactions