shrinke.me Open in urlscan Pro
2a06:98c1:3120::3 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://shrinke.me/HannahOwoLeaked
Submission: On March 16 via manual (March 16th 2023, 4:51:26 pm UTC) from HN — Scanned from NL

Summary HTTP 233 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 78 IPs in 12 countries across 74 domains to perform 233 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is shrinke.me. The Cisco Umbrella rank of the primary domain is 455736.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 11th 2022. Valid for: a year.

This is the only time shrinke.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
4	13.32.118.110 13.32.118.110	16509 (AMAZON-02) (AMAZON-02)
1	23.109.87.77 23.109.87.77	7979 (SERVERS-COM) (SERVERS-COM)
2	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700:e6:... 2606:4700:e6::ac40:c914	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	172.64.172.27 172.64.172.27	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	13.225.78.97 13.225.78.97	16509 (AMAZON-02) (AMAZON-02)
4	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
4 6	2a00:1450:400... 2a00:1450:4001:80e::200d	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
4	2600:9000:249... 2600:9000:2491:a200:2:e529:700:93a1	16509 (AMAZON-02) (AMAZON-02)
1 9	2606:4700:10:... 2606:4700:10::ac43:15e3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2a	20446 (STACKPATH...) (STACKPATH-CDN)
3	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:48:1... 2620:1ec:48:1::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	139.45.197.239 139.45.197.239	9002 (RETN-AS) (RETN-AS)
2	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	192.0.78.146 192.0.78.146	2635 (AUTOMATTIC) (AUTOMATTIC)
7	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
4	23.35.236.201 23.35.236.201	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	185.89.211.116 185.89.211.116	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:2638:3::7 2a02:2638:3::7	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
4 8	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
7	178.250.1.11 178.250.1.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:9000:225... 2600:9000:2250:ca00:a:e047:752:b361	16509 (AMAZON-02) (AMAZON-02)
1	18.66.97.109 18.66.97.109	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:10:... 2606:4700:10::6816:3456	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
6	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	35.190.39.111 35.190.39.111	15169 (GOOGLE) (GOOGLE)
1 2	34.120.107.143 34.120.107.143	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	54.228.6.120 54.228.6.120	16509 (AMAZON-02) (AMAZON-02)
9	2606:4700::68... 2606:4700::6812:b14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	162.19.138.120 162.19.138.120	16276 (OVH) (OVH)
15	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
3	20.85.30.134 20.85.30.134	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
3	108.138.4.10 108.138.4.10	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:225... 2600:9000:225e:b400:3:a4cd:8380:93a1	16509 (AMAZON-02) (AMAZON-02)
1	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2600:9000:211... 2600:9000:211e:ac00:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
6	2606:4700:303... 2606:4700:3037::ac43:9e3b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:ff0:1234... 2a00:ff0:1234:3::10	41494 (INTERLAN) (INTERLAN)
4	13.32.106.197 13.32.106.197	16509 (AMAZON-02) (AMAZON-02)
1	3.66.33.201 3.66.33.201	16509 (AMAZON-02) (AMAZON-02)
2	52.30.48.43 52.30.48.43	16509 (AMAZON-02) (AMAZON-02)
2	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1	151.101.65.108 151.101.65.108	54113 (FASTLY) (FASTLY)
1	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	185.29.132.241 185.29.132.241	30419 (MEDIAMATH...) (MEDIAMATH-INC)
19	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	213.155.156.166 213.155.156.166	1299 (TWELVE99 ...) (TWELVE99 Arelion)
1 1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	2620:116:800d... 2620:116:800d:21:de2e:c7b3:55c0:d5a0	16509 (AMAZON-02) (AMAZON-02)
1 2	67.220.226.233 67.220.226.233	16509 (AMAZON-02) (AMAZON-02)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 1	3.216.1.77 3.216.1.77	14618 (AMAZON-AES) (AMAZON-AES)
5 5	52.49.125.96 52.49.125.96	16509 (AMAZON-02) (AMAZON-02)
5 5	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
1 1	198.148.27.139 198.148.27.139	19189 (PULSEPOINT) (PULSEPOINT)
1 1	185.86.139.101 185.86.139.101	201081 (SMARTADSE...) (SMARTADSERVER)
2 2	151.101.194.49 151.101.194.49	54113 (FASTLY) (FASTLY)
1	173.231.180.197 173.231.180.197	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1 1	52.220.229.2 52.220.229.2	16509 (AMAZON-02) (AMAZON-02)
1 1	35.214.223.115 35.214.223.115	15169 (GOOGLE) (GOOGLE)
1	195.5.165.20 195.5.165.20	44968 (IPROM-AS) (IPROM-AS)
1 2	2606:4700::68... 2606:4700::6812:19ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
4 4	213.19.147.44 213.19.147.44	3356 (LEVEL3) (LEVEL3)
2 2	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1 2	34.111.129.221 34.111.129.221	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 4	52.0.191.77 52.0.191.77	14618 (AMAZON-AES) (AMAZON-AES)
3 3	37.157.4.24 37.157.4.24	198622 (ADFORM) (ADFORM)
1	35.204.158.49 35.204.158.49	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a05:d018:d29... 2a05:d018:d29:3605:a9d9:70ca:81a8:3df3	16509 (AMAZON-02) (AMAZON-02)
2 2	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
2	198.47.127.20 198.47.127.20	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
3 3	3.122.123.120 3.122.123.120	16509 (AMAZON-02) (AMAZON-02)
2 2	35.156.143.9 35.156.143.9	16509 (AMAZON-02) (AMAZON-02)
1	2a02:fa8:8806... 2a02:fa8:8806:20::2040	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1	98.98.134.241 98.98.134.241	21859 (ZEN-ECN) (ZEN-ECN)
1 1	34.102.253.54 34.102.253.54	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	185.89.210.244 185.89.210.244	29990 (ASN-APPNEX) (ASN-APPNEX)
1 1	134.122.57.34 134.122.57.34	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
233	78

8 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

shrinke.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.32.118.110 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-118-110.fra60.r.cloudfront.net

d1r90st78epsag.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.109.87.77 (Netherlands)

ASN7979 (SERVERS-COM, US)

akazginhapping.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

shrinkme.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:e6::ac40:c914 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.adtrue.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
exchange.adtrue.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.adtrue.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.64.172.27 (United States)

ASN13335 (CLOUDFLARENET, US)

pogothere.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 13.225.78.97 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-97.fra2.r.cloudfront.net

ydenknowled.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

denansgdfierc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80e::200d (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.recaptcha.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2491:a200:2:e529:700:93a1 (United States)

ASN16509 (AMAZON-02, US)

tags.orquideassp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700:10::ac43:15e3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

services.vlitag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.vlitag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
media.vlitag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:48:1::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.197.239 (United Kingdom)

ASN9002 (RETN-AS, GB)

gloaphoo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.146 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

supertruco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.35.236.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-201.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.89.211.116 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::7 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:2638::1c (France) 4 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 178.250.1.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:ca00:a:e047:752:b361 (United States)

ASN16509 (AMAZON-02, US)

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.109 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-109.fra56.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:3456 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

49666cd046e264d1214d49f4f50baeb2.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.39.111 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 111.39.190.35.bc.googleusercontent.com

esp.rtbhouse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.107.143 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 143.107.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.228.6.120 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-228-6-120.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6812:b14 (United States)

ASN13335 (CLOUDFLARENET, US)

jsc.adskeeper.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.adskeeper.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.adskeeper.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
servicer.adskeeper.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s-img.adskeeper.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.adskeeper.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.19.138.120 (France)

ASN16276 (OVH, FR)
PTR: ns31533571.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 20.85.30.134 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

j.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.138.4.10 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-4-10.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225e:b400:3:a4cd:8380:93a1 (United States)

ASN16509 (AMAZON-02, US)

test.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:211e:ac00:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3037::ac43:9e3b (United States)

ASN13335 (CLOUDFLARENET, US)

px.vliplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

redirector.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:ff0:1234:3::10 (Romania)

ASN41494 (INTERLAN, RO)

r5---sn-pouxga5o-vu2s.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.32.106.197 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-106-197.fra60.r.cloudfront.net

aax-dtb-cf.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.66.33.201 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-66-33-201.eu-central-1.compute.amazonaws.com

audit-tcfv2.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.30.48.43 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-48-43.eu-west-1.compute.amazonaws.com

id.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.108 (United States)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.241 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.166 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)
PTR: 213-155-156-166.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:de2e:c7b3:55c0:d5a0 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.220.226.233 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Bad Durrheim, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.216.1.77 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-216-1-77.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.49.125.96 (Dublin, Ireland) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-125-96.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.217.18.2 (United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.139 (New York, United States) 1 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.101 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.194.49 (United States) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.231.180.197 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: ams-delivery-4.sys.adgear.com

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.220.229.2 (Singapore) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-220-229-2.ap-southeast-1.compute.amazonaws.com

cm-supply-web.gammaplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.214.223.115 (Groningen, Netherlands) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 115.223.214.35.bc.googleusercontent.com

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.5.165.20 (Slovenia)

ASN44968 (IPROM-AS, SI)

core.iprom.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:19ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

ipac.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 213.19.147.44 (Castricum, Netherlands) 4 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:678:cb4:bbbb::11 (United Kingdom) 2 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.129.221 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 221.129.111.34.bc.googleusercontent.com

cr.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.0.191.77 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-0-191-77.compute-1.amazonaws.com

a.audrte.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.4.24 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

dmp.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.158.49 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.158.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3605:a9d9:70ca:81a8:3df3 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.75.62.37 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.20 (United States)

ASN3257 (GTT-BACKBONE GTT, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.122.123.120 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-123-120.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.156.143.9 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-143-9.eu-central-1.compute.amazonaws.com

ads.creative-serving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:20::2040 (Singapore)

ASN41041 (VCLK-EU-SE, US)

pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 98.98.134.241 (United States)

ASN21859 (ZEN-ECN, US)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.253.54 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 54.253.102.34.bc.googleusercontent.com

ads.playground.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.210.244 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 134.122.57.34 (Amsterdam, Netherlands) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	pubmatic.com ads.pubmatic.com — Cisco Umbrella Rank: 457 hbopenbid.pubmatic.com — Cisco Umbrella Rank: 452 image6.pubmatic.com — Cisco Umbrella Rank: 717 simage2.pubmatic.com — Cisco Umbrella Rank: 676 image2.pubmatic.com — Cisco Umbrella Rank: 852 image4.pubmatic.com — Cisco Umbrella Rank: 921 simage4.pubmatic.com	170 KB
22	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 104 49666cd046e264d1214d49f4f50baeb2.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 134	935 KB
21	doubleclick.net 5 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 188 stats.g.doubleclick.net — Cisco Umbrella Rank: 76 cm.g.doubleclick.net — Cisco Umbrella Rank: 210	237 KB
17	criteo.com 5 redirects bidder.criteo.com — Cisco Umbrella Rank: 713 gum.criteo.com — Cisco Umbrella Rank: 386 mug.criteo.com — Cisco Umbrella Rank: 2753 dis.criteo.com — Cisco Umbrella Rank: 688	12 KB
9	amazon-adsystem.com 1 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 283 aax-dtb-cf.amazon-adsystem.com — Cisco Umbrella Rank: 471 aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 959	62 KB
9	adskeeper.co.uk jsc.adskeeper.co.uk — Cisco Umbrella Rank: 73723 c.adskeeper.co.uk — Cisco Umbrella Rank: 46957 cdn.adskeeper.co.uk — Cisco Umbrella Rank: 33836 servicer.adskeeper.co.uk — Cisco Umbrella Rank: 73216 s-img.adskeeper.co.uk — Cisco Umbrella Rank: 45810 cm.adskeeper.co.uk — Cisco Umbrella Rank: 83099	104 KB
9	vlitag.com 1 redirects services.vlitag.com — Cisco Umbrella Rank: 24985 assets.vlitag.com — Cisco Umbrella Rank: 36022 media.vlitag.com — Cisco Umbrella Rank: 51089	597 KB
9	gstatic.com fonts.gstatic.com www.gstatic.com	610 KB
9	google.com 4 redirects accounts.google.com — Cisco Umbrella Rank: 73 adservice.google.com — Cisco Umbrella Rank: 68 www.google.com — Cisco Umbrella Rank: 2	5 KB
8	shrinke.me shrinke.me — Cisco Umbrella Rank: 455736	204 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1002 c.clarity.ms — Cisco Umbrella Rank: 1518 j.clarity.ms — Cisco Umbrella Rank: 9304	22 KB
6	vliplatform.com px.vliplatform.com — Cisco Umbrella Rank: 27140	2 KB
6	ydenknowled.com ydenknowled.com	8 KB
6	adtrue.com cdn.adtrue.com — Cisco Umbrella Rank: 151154 exchange.adtrue.com — Cisco Umbrella Rank: 120721 track.adtrue.com — Cisco Umbrella Rank: 124896	105 KB
5	bidr.io 5 redirects match.prod.bidr.io — Cisco Umbrella Rank: 516	2 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 185	221 KB
5	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 1250 bcp.crwdcntrl.net — Cisco Umbrella Rank: 910 id.crwdcntrl.net — Cisco Umbrella Rank: 1424 sync.crwdcntrl.net — Cisco Umbrella Rank: 785	13 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 214 acdn.adnxs.com — Cisco Umbrella Rank: 527 secure.adnxs.com — Cisco Umbrella Rank: 381	21 KB
4	audrte.com 3 redirects a.audrte.com — Cisco Umbrella Rank: 2544	3 KB
4	consensu.org test.quantcast.mgr.consensu.org — Cisco Umbrella Rank: 17537 quantcast.mgr.consensu.org — Cisco Umbrella Rank: 3205 audit-tcfv2.quantcast.mgr.consensu.org — Cisco Umbrella Rank: 44831	181 KB
4	orquideassp.com tags.orquideassp.com — Cisco Umbrella Rank: 125771	5 KB
4	recaptcha.net www.recaptcha.net — Cisco Umbrella Rank: 1932	29 KB
4	denansgdfierc.com denansgdfierc.com	1 KB
4	pogothere.xyz pogothere.xyz — Cisco Umbrella Rank: 27761	202 KB
4	cloudfront.net d1r90st78epsag.cloudfront.net	96 KB
3	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 285	1 KB
3	yahoo.com 2 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 439 ups.analytics.yahoo.com — Cisco Umbrella Rank: 271	1 KB
3	adform.net 3 redirects dmp.adform.net — Cisco Umbrella Rank: 3607 c1.adform.net — Cisco Umbrella Rank: 590	2 KB
3	1rx.io 3 redirects sync.1rx.io — Cisco Umbrella Rank: 497	2 KB
3	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 2470 google-bidout-d.openx.net — Cisco Umbrella Rank: 2424	677 B
3	criteo.net static.criteo.net — Cisco Umbrella Rank: 629	71 KB
3	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 896 id5-sync.com — Cisco Umbrella Rank: 408	18 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 25 region1.google-analytics.com — Cisco Umbrella Rank: 2388	20 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 42	139 KB
2	creative-serving.com 2 redirects ads.creative-serving.com — Cisco Umbrella Rank: 4067	1 KB
2	weborama.fr 1 redirects cr.frontend.weborama.fr — Cisco Umbrella Rank: 22457	498 B
2	turn.com 2 redirects ad.turn.com — Cisco Umbrella Rank: 770	952 B
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 752 s.tribalfusion.com — Cisco Umbrella Rank: 1848	1 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 595	733 B
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 4624	562 B
2	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 295	650 B
2	googlevideo.com 1 redirects redirector.googlevideo.com — Cisco Umbrella Rank: 927 r5---sn-pouxga5o-vu2s.googlevideo.com	922 B
2	rtbhouse.com esp.rtbhouse.com — Cisco Umbrella Rank: 3803	315 B
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 337	3 KB
2	google.nl adservice.google.nl — Cisco Umbrella Rank: 14570 www.google.nl — Cisco Umbrella Rank: 9281	939 B
2	shrinkme.io shrinkme.io — Cisco Umbrella Rank: 643616	159 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 34 imasdk.googleapis.com — Cisco Umbrella Rank: 444	122 KB
1	bidtheatre.com 1 redirects match.adsby.bidtheatre.com — Cisco Umbrella Rank: 2121	555 B
1	playground.xyz 1 redirects ads.playground.xyz — Cisco Umbrella Rank: 3530	464 B
1	sitescout.com pixel-sync.sitescout.com — Cisco Umbrella Rank: 608	191 B
1	dotomi.com pubmatic-match.dotomi.com — Cisco Umbrella Rank: 2902	104 B
1	simpli.fi um.simpli.fi — Cisco Umbrella Rank: 736	611 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1068	527 B
1	ctnsnet.com ipac.ctnsnet.com — Cisco Umbrella Rank: 5090	368 B
1	iprom.net core.iprom.net — Cisco Umbrella Rank: 5409	279 B
1	loopme.me 1 redirects csync.loopme.me — Cisco Umbrella Rank: 857	225 B
1	gammaplatform.com 1 redirects cm-supply-web.gammaplatform.com — Cisco Umbrella Rank: 2535	643 B
1	adgrx.com cm.adgrx.com — Cisco Umbrella Rank: 1321	282 B
1	smartadserver.com 1 redirects rtb-csync.smartadserver.com — Cisco Umbrella Rank: 582	698 B
1	contextweb.com 1 redirects bh.contextweb.com — Cisco Umbrella Rank: 547	672 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 635	928 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1444	524 B
1	quantserve.com 1 redirects cms.quantserve.com — Cisco Umbrella Rank: 649	588 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 460	725 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 240	740 B
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 2604	8 KB
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 2765	2 KB
1	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 3432	2 KB
1	supertruco.com supertruco.com — Cisco Umbrella Rank: 321297	2 KB
1	gloaphoo.net gloaphoo.net — Cisco Umbrella Rank: 202314
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 686	29 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 108
1	akazginhapping.com akazginhapping.com — Cisco Umbrella Rank: 871534
0	rlcdn.com Failed api.rlcdn.com Failed
233	74

	Domain	Requested by
15	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
15	securepubads.g.doubleclick.net	shrinke.me securepubads.g.doubleclick.net www.googletagservices.com
13	simage2.pubmatic.com	ads.pubmatic.com
8	gum.criteo.com	4 redirects static.criteo.net
8	shrinke.me	shrinke.me
7	mug.criteo.com
6	image2.pubmatic.com	ads.pubmatic.com
6	px.vliplatform.com
6	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
6	www.gstatic.com	www.recaptcha.net www.gstatic.com
6	accounts.google.com	4 redirects shrinke.me
6	ydenknowled.com	d1r90st78epsag.cloudfront.net
5	cm.g.doubleclick.net	5 redirects
5	match.prod.bidr.io	5 redirects
5	www.googletagservices.com	services.vlitag.com securepubads.g.doubleclick.net
4	a.audrte.com	3 redirects
4	aax-dtb-cf.amazon-adsystem.com	c.amazon-adsystem.com
4	assets.vlitag.com	services.vlitag.com
4	ads.pubmatic.com	shrinke.me jsc.adskeeper.co.uk cdn.adtrue.com
4	services.vlitag.com	shrinke.me services.vlitag.com
4	tags.orquideassp.com	shrinke.me
4	www.recaptcha.net	shrinke.me www.gstatic.com www.recaptcha.net
4	denansgdfierc.com	shrinke.me
4	pogothere.xyz	d1r90st78epsag.cloudfront.net
4	d1r90st78epsag.cloudfront.net	shrinke.me ydenknowled.com
3	x.bidswitch.net	3 redirects
3	sync.1rx.io	3 redirects
3	c.amazon-adsystem.com	services.vlitag.com c.amazon-adsystem.com
3	j.clarity.ms	www.clarity.ms
3	static.criteo.net	securepubads.g.doubleclick.net cdn.adtrue.com static.criteo.net
3	ib.adnxs.com	2 redirects cdn.adtrue.com
3	www.googletagmanager.com	shrinke.me www.googletagmanager.com track.adtrue.com
3	fonts.gstatic.com	fonts.googleapis.com www.recaptcha.net
3	cdn.adtrue.com	shrinke.me exchange.adtrue.com
2	ads.creative-serving.com	2 redirects
2	ups.analytics.yahoo.com	2 redirects
2	c1.adform.net	2 redirects
2	cr.frontend.weborama.fr	1 redirects
2	ad.turn.com	2 redirects
2	sync-tm.everesttech.net	2 redirects
2	aax-eu.amazon-adsystem.com	1 redirects ads.pubmatic.com
2	d5p.de17a.com	2 redirects
2	match.adsrvr.org	ads.pubmatic.com
2	id.crwdcntrl.net	ads.pubmatic.com
2	cm.adskeeper.co.uk	jsc.adskeeper.co.uk
2	cdn.adskeeper.co.uk	jsc.adskeeper.co.uk
2	quantcast.mgr.consensu.org	assets.vlitag.com
2	id5-sync.com	cdn.id5-sync.com ads.pubmatic.com
2	jsc.adskeeper.co.uk	exchange.adtrue.com jsc.adskeeper.co.uk
2	oajs.openx.net	1 redirects
2	esp.rtbhouse.com	invstatic101.creativecdn.com
2	c.clarity.ms	1 redirects
2	www.google.com	tpc.googlesyndication.com
2	cdn.jsdelivr.net	securepubads.g.doubleclick.net assets.vlitag.com
2	exchange.adtrue.com	shrinke.me cdn.adtrue.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.clarity.ms	shrinke.me www.clarity.ms
2	shrinkme.io	shrinke.me
1	simage4.pubmatic.com	ads.pubmatic.com
1	match.adsby.bidtheatre.com	1 redirects
1	secure.adnxs.com	1 redirects
1	ads.playground.xyz	1 redirects
1	pixel-sync.sitescout.com
1	pubmatic-match.dotomi.com
1	image4.pubmatic.com
1	pr-bh.ybp.yahoo.com
1	um.simpli.fi
1	dmp.adform.net	1 redirects
1	sync.crwdcntrl.net
1	sync.targeting.unrulymedia.com	1 redirects
1	ipac.ctnsnet.com	ads.pubmatic.com
1	s.tribalfusion.com	ads.pubmatic.com
1	a.tribalfusion.com	1 redirects
1	core.iprom.net	ads.pubmatic.com
1	csync.loopme.me	1 redirects
1	cm-supply-web.gammaplatform.com	1 redirects
1	cm.adgrx.com	ads.pubmatic.com
1	rtb-csync.smartadserver.com	1 redirects
1	bh.contextweb.com	1 redirects
1	sync.srv.stackadapt.com	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	cms.quantserve.com	1 redirects
1	dis.criteo.com	1 redirects
1	sync.mathtag.com	1 redirects
1	image6.pubmatic.com	ads.pubmatic.com
1	acdn.adnxs.com	cdn.adtrue.com
1	s-img.adskeeper.co.uk
1	servicer.adskeeper.co.uk	jsc.adskeeper.co.uk
1	c.adskeeper.co.uk	jsc.adskeeper.co.uk
1	audit-tcfv2.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org
1	r5---sn-pouxga5o-vu2s.googlevideo.com
1	redirector.googlevideo.com	1 redirects
1	media.vlitag.com	1 redirects
1	google-bidout-d.openx.net	oa.openxcdn.net
1	test.quantcast.mgr.consensu.org	assets.vlitag.com
1	imasdk.googleapis.com	services.vlitag.com
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	c.bing.com	1 redirects
1	www.google.nl
1	49666cd046e264d1214d49f4f50baeb2.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.nl	securepubads.g.doubleclick.net
1	stats.g.doubleclick.net	www.google-analytics.com
1	hbopenbid.pubmatic.com	cdn.adtrue.com
1	bidder.criteo.com	cdn.adtrue.com
1	track.adtrue.com	exchange.adtrue.com
1	region1.google-analytics.com	www.googletagmanager.com
1	supertruco.com
1	gloaphoo.net	shrinke.me
1	code.jquery.com	shrinke.me
1	www.facebook.com	shrinke.me
1	akazginhapping.com	shrinke.me
1	fonts.googleapis.com	shrinke.me
0	api.rlcdn.com Failed	ads.pubmatic.com
233	119

This site contains links to these domains. Also see Links.

Domain
shrinkme.io
blog.shrinkme.io
orquidea.ai
forms.gle
www.facebook.com
www.instagram.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-07-11` - `2023-07-10`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
akazginhapping.com R3	`2023-01-10` - `2023-04-10`	3 months	crt.sh
ydenknowled.com Amazon RSA 2048 M02	`2023-03-09` - `2024-04-06`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-01-10` - `2023-03-24`	2 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
misc.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
tags.orquideassp.com Amazon RSA 2048 M02	`2023-02-28` - `2023-06-28`	4 months	crt.sh
*.vlitag.com GTS CA 1P5	`2023-02-04` - `2023-05-05`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-12-01` - `2023-12-01`	a year	crt.sh
gloaphoo.net R3	`2023-02-16` - `2023-05-17`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
tls.automattic.com R3	`2023-03-16` - `2023-06-14`	3 months	crt.sh
*.pubmatic.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-25` - `2024-01-24`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-09` - `2023-06-03`	3 months	crt.sh
*.google.nl GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
invstatic101.creativecdn.com GTS CA 1D4	`2023-02-28` - `2023-05-29`	3 months	crt.sh
cdn.prod.uidapi.com R3	`2023-02-25` - `2023-05-26`	3 months	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2022-05-01` - `2023-06-02`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-13` - `2023-04-15`	3 months	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-01-29` - `2023-04-29`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
esp.rtbhouse.com GTS CA 1D4	`2023-01-21` - `2023-04-21`	3 months	crt.sh
*.id5-sync.com R3	`2023-01-25` - `2023-04-25`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 02	`2022-06-07` - `2023-06-02`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-18`	a year	crt.sh
cmp.quantcast.com R3	`2023-02-13` - `2023-05-14`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon	`2022-06-15` - `2023-06-15`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
cdn.adnxs.com GeoTrust TLS RSA CA G1	`2022-03-11` - `2023-04-11`	a year	crt.sh
aax-eu.amazon-adsystem.com Amazon RSA 2048 M01	`2023-01-27` - `2024-01-27`	a year	crt.sh
public1.adgear.com Sectigo RSA Domain Validation Secure Server CA	`2022-03-01` - `2023-03-28`	a year	crt.sh
*.iprom.net R3	`2023-03-01` - `2023-05-30`	3 months	crt.sh
*.ctnsnet.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-04` - `2023-11-06`	10 months	crt.sh
*.simpli.fi DigiCert TLS RSA SHA256 2020 CA1	`2022-11-07` - `2023-12-08`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-11-08` - `2023-05-03`	6 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
*.sitescout.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2023-01-09` - `2024-02-02`	a year	crt.sh

This page contains 38 frames:

Primary Page: https://shrinke.me/HannahOwoLeaked
Frame ID: C5A334ABD2A111BCC2F36F2CC17AA04D
Requests: 105 HTTP requests in this frame

Frame: https://ydenknowled.com/Q1NLWUIiMSg0fSJuKX83MT92fHAFdnkfJnIhcmkxN2RzPDIwMix3IS88Pj0kMTwlLWwtNj98cAVjGms6EwccaSUCKg4rFykwDRJxATIuNXd6Nw0pLgE5PDADOR0ZGnFyMAgIcio2GhgDEDk4agEbZig4EQYeBwg2OjI8PjYHYAFhEToaAhUaAQkRCyVmYQ0QJRl2eRsAKWMlGzggHxsNMQgfDjZ0DxUKLAM5BiAYEXsdKjd6MTcgE2dxFSofezkBDz4pAiooHQ0HZgI6FDQ7BAwqOwsDbHsSYAUTJAJqAjoUNGcBGAxyBAwpZ3ERB2sYJjUxDyAnYx0oJHJjIhEGbmsjGgYSGQcKGwYdezV7AGIjLhVxFW5rABRhETwkcQYMEjokOgIMKjsfeSlncRUTCnoFGQgxCyAFPDYJAmckGHAZPBNqDxMZMWEBDzQnKCQ6JzIBGnY5Ew5zGTYlLSchBTtuIwVqMRE7dyEPHQcFMiVhMCc/cm0bcmZ6CigzJBMYZCkgJDcyfhd7aAgiPn80AQ
Frame ID: 00B510C0D36A1607154E6208450FD8D4
Requests: 2 HTTP requests in this frame

Frame: https://ydenknowled.com/emRZdlMbBjobbBtZO1AmCAhkU2E8QWswN0sWYEYgDlNhEyMJBT5YMBYLLBI1CAs3An0UAS1TYTwPCkUBNzIROzw9HRAPBz5cPT0UFiE6HQlfVhsUBg4QERxrTSwNAhk2Nws+FzsqbDs7HRQdPiAXMg1OHDEjNTIxKAMtOTsoVgwfOEwhESwVGw4MLhgvCG0VNCMVCiUWTScKPwozIA8hNi4ubBM4NBELGCtCJho/MjEgKjMcPCJ8RBEgJmlTYTwxAUM4KwotFzUyIhg1BTxBazQJOzUwMT0KAw8YNEgFDiwXN1QTQjUsPmwkEEoPGA8wKCsjMwEzJmlCMC8hFycLV10zLgsSJzghCT49IU44MyZtGAYiUAEgPRYhEDJjIyg1MHZIJgM0Ag8iIBVkLQlsMTU+Bzs5AQkMFCAJTyk3Rz8rCQ8zChciHhAGHg0AHTcPNjcBPT8NaSADEFUOEwcwUQNGARY2agYqOAoDMHUQFzYYI0cFKUIUDVE/HTECUys
Frame ID: 9AF11D7F89E8F9498620897F2AF4DF27
Requests: 2 HTTP requests in this frame

Frame: https://ydenknowled.com/Y29Zd1ICDToabQJSO1EnEQNkUmAlSmsxNlIdYEchF1hhEiIQDj5ZMQ8ALBM0EQA3A3wNCi1SYCUiDyAcKgoRMmAnLAASBgoqEjsXNSUDRiJaOwwhKCA7Ki8aGjk8PgYqSms1GhkqHzE4MQUeEDEpLCMmMAEILjsfNVptLzpTXx0kayU5IzYcKF8PNjEUJiowORsHCyMlKiczQjcqCDYVAhsMLzQ1ABYdMGYtKh4QHSkYEC4dMlcpLwcuOw8aCCo5HhMGOi5hLh0UDDczJSkYDC81NC0BNQAGKjU1N1IhLSQoLRgMLzUzKB0DBAUpaDQUUzVvJBMPBQ9FfyULCEUHICAYEDYuLQgDFQsAYTFgUiQXRRAyCWgtETpfA0EBJQR8RRAgFS4hGjstCzRjUisDJmoLKiElJTY3PhEUJzYQPWMlOgNGHxEqGDpkJwZoEwMbIQoSBw8JAyJjWjsMEz83N2w6BCQLDTgqCDcXNRcLNww6BjUBLScKUTUPFTVSIgM2dAkcNhkiXgYTOBgxIjcyZBogKA0zGw
Frame ID: 55D231D4634BDAA74CD9550B81229DF9
Requests: 2 HTTP requests in this frame

Frame: https://exchange.adtrue.com/delivery/impress?pzoneid=20034&ref=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&cb=2466136573&timeZone=0&adWidth=300&adHeight=250&loc=https://shrinke.me/HannahOwoLeaked
Frame ID: C4DF48F80C700954BEFC95E2BFD1D948
Requests: 14 HTTP requests in this frame

Frame: https://track.adtrue.com/track/request?pzoneid=20034&domain=shrinke.me&ref=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&loc=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked
Frame ID: 928DD0DF1AA550AF57253FDBDEC34759
Requests: 2 HTTP requests in this frame

Frame: https://49666cd046e264d1214d49f4f50baeb2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 974B22F06AD7D4542B8CEBC2D96E4CB8
Requests: 1 HTTP requests in this frame

Frame: https://cdn.adtrue.com/rtb/passback.js
Frame ID: 1D812D05891B0BA48FA14CCE71754393
Requests: 16 HTTP requests in this frame

Frame: https://www.recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LdE2L0jAAAAAE5NpOAD7HvYjNHnROo_ENbqdz2g&co=aHR0cHM6Ly9zaHJpbmtlLm1lOjQ0Mw..&hl=nl&v=MuIyr8Ej74CrXhJDQy37RPBe&size=normal&cb=9160uvt328wl
Frame ID: 73E21303A0D0FA3E0F943848D2F153F6
Requests: 8 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=shrinke.me
Frame ID: 4C9E2FA59BC3D69A9C73D6106ACA593A
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstJvo2jaOWkIicaV7OVYQn5grx5NERQNB1g9fMYyEjzei2ZZggZ15_fH8yl_jhXJYRJgB_C-jstKV-BF8uvd6w7CGksoTnTPs4IeRoG0OqpCvE1e1snQ_3oTQNdEyou9IEvojXGAi6_uyV4wSUmfOJ1Si11FvRTJsg37J1fpoNQvC3mHGARcM5UWQJQKTi-Bz1F7Jqchg06cRXbtfBitqsVS9ajsK7IM7TFHeIBD5POo3iMes4joHcKGd6wqHGvM0X0wJYWusyKgzW02hRKoEnBU-t-R0kmuiwKYOUXw38n6bmcC_ldWylDRAqKk65Mz8GXKZ_lrAUNInGc0xeG&sai=AMfl-YRRutCA0si-oF6pHkx6ZZxIly623xlEFcM_W2P0V56NP8ZXHv3yBFM1neu-Y_aAFx5fRsnlJ0htkr_Lftb8yidsy5uQqxfh3xlP7asGpAFKkbGLjj-bAJYP4ZKvprhdyDLTwOqIw6spgaoJkGNz&sig=Cg0ArKJSzKjuE-HlhUahEAE&uach_m=[UACH]&adurl=
Frame ID: DA12095EB415D7799AC5D4462B738A0A
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 2AAF4C8C943C91A1CB1FCD8302E56D0A
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F9FB90305CF3622DC44EF2E6939E9932
Requests: 2 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 1F72C18D081CA470EE96A4A9F5F53E04
Requests: 1 HTTP requests in this frame

Frame: https://www.recaptcha.net/recaptcha/api2/bframe?hl=nl&v=MuIyr8Ej74CrXhJDQy37RPBe&k=6LdE2L0jAAAAAE5NpOAD7HvYjNHnROo_ENbqdz2g
Frame ID: 14E4C5CE5AFDC1A4072AC7C695B65EF7
Requests: 3 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvOzZ7ExNYp56W2dArIy8xYBBQkjtaiLBXuUiSuLaLUzl3DxKLKxmJjFNQ2lab3kfLiiYNjVUhNgbRbMgoz3bIbfhPmrtdHzsUFZsUA9KIYWLbcXFuhHnYLeIezMAchsNvL_pSSwI2yL7trHcbB0PWiK8EDcbAuDknoaCx1eeDq3CkBRNZFWdNo3uhfN8-7bejiypG1EzKIxQRS-Aqi9knwhc6cOzyuY04i6iEsFLT7YbYezN6dDRIuFbhGv7lz4PQyBezPgbuPv5g3tgfTLrAkhiXFl_KFHno4dBZXU0hzeLlB27zkwkh0D2VOtp8dkoG9nEfMEi5hS-vwOzPK&sai=AMfl-YSqaHUqpFQQUeCTnrPLBy5GtISFZTfmQ1LUkoy0E5UyFaLn6QmmXJf2X9gGSkQVwCWu4F4fMXIt8w8ZgspgXa_otX_VT3aZDw7mkavvDQxegAy6osre8rsbuqN1LZ56xBQJQ3bYOsZD1YPnu6W4&sig=Cg0ArKJSzJLK7337hXJgEAE&uach_m=[UACH]&adurl=
Frame ID: 410F0595BD0D6A891CFC4892DF9ABC3B
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv-55FLRTNyhdIU-RI530Hv73atznF7TTJrhYvTGf26vFL4AcGxrXlg20jl2-G1Vd01lbpTU1x0ic981-jrzJJVZ3xL7dVAvpHEOYZN4H6I_2xvA0tJ8EWfR7nJjCldUkfUCUxP-UPxLdomY6At-QUoqQiTtQLRXBpfE-nzsGfZBmRKD-zW8xj6fGrXv6ZwRMTtII1Xo0o_aOpXdQ72bNDbV8LPlPuRWZuJypzz-qOUMSCTOgDQqnAgPTqM9imkyaOs5H_8TpAjkMSqrD8mmsAyg6c2E53LEvGoENITOQlj5RDttNnxJxcouuddOyRf4a31LaMaDXvp_EQ9nv7K&sai=AMfl-YQnscEHF96vB61w2q3I-1i9gqZzguM79HQTJQyzqze4Z249ol6VId8RVsr9pzysrgl5-2X53E4bEPW67h2k0z84A9gx5et5gmrFUvnn-HEK9TW6px4-anljkGPL7J5HVZ8-lZq0x4TKETsgm825&sig=Cg0ArKJSzDmoDwbkzDkVEAE&uach_m=[UACH]&adurl=
Frame ID: 034D3F2C5AF097CA2F41F1F646288D11
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvHZQRTDB9dER_sWEPAjMxHFy1gMeLXatxfEEc-ZnFkn9fsJiPnAUXcvp-uv1EGK02EoV-ARW3SG3BUWSjvKNd--Y54lVuEaPlwxkPovy4uRR3B2h-z5IzNeQk9F50p3-ckllAYogC9770KkAJA8b8aXWUfeB1n94R4-ZC7q3TkTWPkdWnSX1CqjQcOKAiCaAnNkzuOIBo6b_CGBv4fe4cf70rgr29UQXcY7mwVRRVroKpu_eZP8Y89_g4djVhh09zQfAfpXAdRg5p5juutAUMc7wyS7pTV7Gvxgw030XQbLvQGEBXdZiIQpwsbFJoGBb0Xd5Wzto_Bac3EkHQ_&sai=AMfl-YTTR6TWsBRGhMIntKGiQpCx_C32z1yGs7Ldvqn6dfUs7yXI-JrLQsqhSYLzI_0wd60RyTkXjlsXpGCZDINbwZOAzImi15eUoF75iPbECxagt1u5c2FZ6J3nK0b4x91P0vHelDEQ1iOuA08dWyY&sig=Cg0ArKJSzPNS9xQwalRFEAE&uach_m=[UACH]&adurl=
Frame ID: 16A10AD5B46521B5DE300A04F777A4AA
Requests: 8 HTTP requests in this frame

Frame: https://cm.adskeeper.co.uk/i-noref.js?cbuster=1678985481196231810966&consentData=&gdprApplies=1&uspString=1---
Frame ID: E844A6D335C15DBE1690ED8276F6B484
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 9F9B76093D3882AC235DF5E30F0EE1EC
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
Frame ID: E4101A5696929A6A202E9127E90624EB
Requests: 20 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:3d396413-490b-4500-9b2b-6a91c6c82b14&gdpr=0&gdpr_consent=
Frame ID: 247F405DC5B7F8FF6DFACA348822EEA1
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6904143572120196328
Frame ID: 234DD44A1BE25687EEB07C95EE520E42
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Frame ID: 5BCE74110FC6B36F371E161A5E5EB3A8
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=qss5WqjGOAixmzAI-ZolXqTGPlCxmzhfrc9z99ab
Frame ID: 38717BD23C445F5228BBFA5BAE44F6C8
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=FF15C075-1CF7-4034-A45E-DEDB147FB1F0&redir=true&gdpr=0&gdpr_consent=&dcc=t
Frame ID: 428FA47341D50C68110DED299C980A63
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1589370376627655599&gdpr=0&gdpr_consent=
Frame ID: 44F1654F823DF74B8BD410628D308BE4
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7211187735677499542&gdpr=0&gdpr_consent=
Frame ID: 403742FD782470E62F0F539D89FF36D3
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=ZeMXUTfwXmdpSzJVpg37fB_Mmbo&gdpr=0&gdpr_consent=
Frame ID: 29547A908C55A26CB7583E381A742DE2
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAUh8E7IJpIAACDaqZQA0A&gdpr=0&gdpr_consent=
Frame ID: F0F39D5E40FF8B5D5F640EB3AD2369A4
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=ZBNJCwAA1Wd30AAo&gdpr=1&gdpr_consent=&_test=ZBNJCwAA1Wd30AAo
Frame ID: 695BE8C43731860A19837785796990B0
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: 1478672E9F8D0F6E7D24D521F3C8E3C9
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1t0gtn5xbis9
Frame ID: C00523774BDB48C199537783B34B1FC2
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Frame ID: DAF342C38089FD069DFE0AA5045AF61F
Requests: 1 HTTP requests in this frame

Frame: https://core.iprom.net/cookiesync?gdpr=0&gdpr_consent=
Frame ID: 01300F28E6A12246B954D797A0FC0587
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: 279EC98862C31CABA47B4D1C9ABCD960
Requests: 1 HTTP requests in this frame

Frame: https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Frame ID: AB8978B5C74DA028BBD24F250A2DD07E
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-00da8758-de9f-4251-8b82-51c35884e33d-003
Frame ID: 110137D28394B31238B50C2CDCFA929D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ShrinkMe.io

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

/prebid\.js
adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Quantcast Choice (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

quantcast\.mgr\.consensu\.org

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

233
Requests

90 %
HTTPS

43 %
IPv6

74
Domains

119
Subdomains

78
IPs

12
Countries

4412 kB
Transfer

10568 kB
Size

102
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://shrinkme.io/

Search URL Search Domain Scan URL

URL: https://shrinkme.io/payout-rates
Title: Payout Rates

Search URL Search Domain Scan URL

URL: https://shrinkme.io/pages/payment-proof
Title: Payment Proof

Search URL Search Domain Scan URL

URL: https://blog.shrinkme.io/
Title: Blog

Search URL Search Domain Scan URL

URL: https://shrinkme.io/auth/signin
Title: Login

Search URL Search Domain Scan URL

URL: https://shrinkme.io/auth/signup
Title: Register

Search URL Search Domain Scan URL

URL: https://orquidea.ai/

Search URL Search Domain Scan URL

URL: https://shrinkme.io/pages/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://shrinkme.io/pages/terms
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://shrinkme.io/pages/faq
Title: F.A.Q

Search URL Search Domain Scan URL

URL: https://forms.gle/PSzDDwcQLJCjL8V8A
Title: ABUSE/DMCA

Search URL Search Domain Scan URL

URL: https://www.facebook.com/shrinkme.io

Search URL Search Domain Scan URL

URL: https://www.instagram.com/shrinkmeofficial/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP 302
https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AWnogHeQfj88-09CFOnQOaoI2ew1RiEA1y9MUx-S29v0rqSL5t6FWoKryiQ23GiTZ4SX2pS3Tt812g HTTP 302
https://accounts.google.com/v3/signin/identifier?dsh=S1477441503%3A1678985478833125&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AWnogHcT6EFbUAW1zRWHG8mXo8L7iXQysBiPo8l2eQF8BtodWeIySKdgNNil0a3FUh-QysZBL_VBMQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin

Request Chain 18

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP 302
https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AWnogHffWglS7Fzo3h-l9HJCKmRbRdfqCRhNVZTP7uoSuA08ZYao1_2F9_IBSJwu36yzWDiKtZEjwQ HTTP 302
https://accounts.google.com/v3/signin/identifier?dsh=S-1156992828%3A1678985478865051&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AWnogHdhu3FGF453Cs3EQu6SCbVVSPoggiGGBn36TNh4rxRAEdYYp4T9E6inMJMLtwTTLKEPRIP2Dw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin

Request Chain 65

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fshrinke.me%2F&domain=shrinke.me&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=VBmtIHxDRUQ1MnZCbFpqL3hyTHBESW9MVVlkcndPejFGd1FSZno3N3FYQkgyUzdRbWR4T0JIcEtKZndlSThRYWFWZjFWaHFqWkVnaTBrMktSTXppQzUvTEdLeGpkNFhoZG9yTHBITmk3WEl5U29yV0JJRUE2aFBMTm9DRHJoeWZYcURMRXo3eCs3Q2FiWk91SUhYaEZtOFVSaC9pbmdtOWpDYjI0TEZiOHczTXVjZGQrcmhRZVdDemxZY1VUZkNReGNEUHcvTzFHanJIR3diU0xwbHB6ZEhZYmYySUJ0WFA2YXNYZWk3aVdNZkJsaFpJPXw&cppv=2

Request Chain 86

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=73F7A682AF4B4BA280D1F3BF12990724&RedC=c.clarity.ms&MXFR=11EDD8B1C7F86CB91A19CA67C3F862DD HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=73F7A682AF4B4BA280D1F3BF12990724&MUID=399A5CDE2A89645609994E082B496501

Request Chain 90

https://oajs.openx.net/esp?url=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&rid=esp&cc=1

Request Chain 99

https://gum.criteo.com/sid/json?origin=publishertagids&domain=shrinke.me&sn=ChromeSyncframe&so=0&topUrl=shrinke.me&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=VKb-lXxjOUgyOXBzYXBLMWFOLzAvcWJJRm52UDJHR3hhZHdxN2RGVWpCL2tlTmlnZXhwVHFHMzMwVjU3c2FyZ0lHQ3VpWDcyTjNLVjZuNFVTUlRKTUlGWTdkTStFc21lTnJSY2FVd01UcGJhMmtoQ3BKUUF5SFNFZlh5a2NMSVZaN2VvTGtoRGdtbTRjM20wUENCdjc4Q1krb0dQL1puOUZqeTZTVVI0dlJubE5LcW1EbnN2NnhuUUhZeXJJYkp1ZXFPdWE0SmttU01TdWtQTEhWOCtZSnk5OW9TcWtuaCtpYzNLTzRvUHdOWWZPUEM4OEdqbmRQVzJpRzV4N3l4WGxCTm1YOEJOdTR5cmI1cUZjdEo3TGVDRFIvZz09fA&cppv=2

Request Chain 149

https://media.vlitag.com/vid/?id=aOSRX0RXaas&t=y HTTP 302
https://redirector.googlevideo.com/videoplayback?expire=1678994548&ei=FBgTZIfxB4jykgaSkq0Y&ip=184.164.141.146&id=o-ADH1rbVTeSBT4A1OqGbdFBEYH6DGrcCorz5uzDs89Z0f&itag=136&aitags=134%2C136%2C137%2C160%2C243&source=youtube&requiressl=yes&mh=3a&mm=31%2C29&mn=sn-a5msenes%2Csn-a5mekn6s&ms=au%2Crdu&mv=u&mvi=4&pl=19&vprv=1&mime=video%2Fmp4&ns=ceNzpMz_1aYIGK8K4JlTK7YL&gir=yes&clen=30541471&dur=207.373&lmt=1676131234772774&mt=1678972294&fvip=2&keepalive=yes&fexp=24007246&c=WEB&txp=1216224&n=2QWqInbplVz5-cc8Rg&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAJsuNEdOTBJ8Ld207d9xnqyC17-5-yHQ4V1BNcnbTLMFAiEAk5AfCouE3o9osAlCtXC2-uN6sGJiVl4cSnccOT0xefI%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRgIhALLlistAtIR1Ba0xLqgfeKQCLRDE2ycgzmAjHwH25mHjAiEAgnay-f97O-RxydRFWdY9taTMNfZ5osCeCwGsW1Y-lB4%3D HTTP 302
https://r5---sn-pouxga5o-vu2s.googlevideo.com/videoplayback?expire=1678994548&ei=FBgTZIfxB4jykgaSkq0Y&ip=184.164.141.146&id=o-ADH1rbVTeSBT4A1OqGbdFBEYH6DGrcCorz5uzDs89Z0f&itag=136&aitags=134%2C136%2C137%2C160%2C243&source=youtube&requiressl=yes&vprv=1&mime=video%2Fmp4&ns=ceNzpMz_1aYIGK8K4JlTK7YL&gir=yes&clen=30541471&dur=207.373&lmt=1676131234772774&keepalive=yes&fexp=24007246&c=WEB&txp=1216224&n=2QWqInbplVz5-cc8Rg&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAJsuNEdOTBJ8Ld207d9xnqyC17-5-yHQ4V1BNcnbTLMFAiEAk5AfCouE3o9osAlCtXC2-uN6sGJiVl4cSnccOT0xefI%3D&cms_redirect=yes&mh=3a&mip=2a00:1630:2:608::5&mm=31&mn=sn-pouxga5o-vu2s&ms=au&mt=1678985109&mv=m&mvi=5&pl=32&lsparams=mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAONJD1NC9dQn_SzzX1DYFJEE3FjUlvIyeH2NYUH5bM0AAiEAooratF5CasndIsSh1mZw5kZgxcaKNa_xEUrQY23J26w%3D

Request Chain 186

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fshrinke.me%2F&domain=shrinke.me&bundle=dAiI-19OalZ6c3l0VmVFWVhJSmc0UXpzJTJCNG1iU2hMVHExMzklMkZKRHViSm5QOEdwaXF5SkZ5JTJGV3MydkZzWWs3REVmNWxKY3B6VndsYTdVeW9JWGxWVU1nTVk3U0tlQlJOZEtDcnMlMkJtb0JmS3VJVjY5WmZaSjNZSHR3OHhzdFVuMjR6MDclMkY&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=g9b-Z3xsZ1c0SEloak52RWNwdGV1WnZ1MFE0M1NIbC84RnZMditHL0o2WUR1azF5TlMzQ1BZdTc5MnNQMUgzRk5vNDB3NEJqbFYrc042VzdTcUFJMC9RUzNFb3ZMMXdJUlVlS3Z1MXVYRlBwRXRuLzNyZWdsZ3NHcDBZZDZJUGQxWUVkU25MbkpGRlhSamNjbDZUL3FiZnN4ODNON2ZFNUdjNWRJVHI3SU1aTXhBVzJJRnI5dVI3YVBhbDZkOFVaUDZRcHV6a1gyd3BYZTFzR0V1a2YzSlAvZHg3VVpXMW1Vck1LWkhLVit5WVZaajlyeUplQVd4SUJWQlorWDBnQWhyY1ZiRkFEa2RBd1NJY3JHM1BqSEJQUFBvQT09fA&cppv=2

Request Chain 196

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fshrinke.me%2F&domain=shrinke.me&cw=1&pbt=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=hMIEQHwyOWtpclBEdU1ZcDRvMzZSWm1xOWpkWnlwelVzeFUyYndDdEtJMkNBSGpPUjRhUzVWdXkyOEp5WnFkY2hINVNSaEtVUDlJSk40cG9Fd3E2OHh5b3F6bmN6bk5PcHNsN0Y4ZEZiUUVicTdNUXcrWW1FQTR1akc2UmY1RTg2S29hek56U29iayt6QS9OK2M2aDNHVlNUbW93YUxSelZxMHlZM1VhbXMyNDVkK2Zac3IzdXVEc1R4NG0zcEZ5N1FCU3ZoSEZNeVI0ZkVkVzE5SjhQeEVTeG1xWDdiMVdYTG93cnllTllnUWpoTnhBLzZLKy9aMU4rc3ExbTliWmVGOVlMR2dLcFpGaFh0L0JKbEl3M3ZhUjNldz09fA&cppv=2

Request Chain 202

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:3d396413-490b-4500-9b2b-6a91c6c82b14&gdpr=0&gdpr_consent=

Request Chain 203

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6904143572120196328

Request Chain 204

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@ HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=

Request Chain 205

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=qss5WqjGOAixmzAI-ZolXqTGPlCxmzhfrc9z99ab

Request Chain 206

https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=FF15C075-1CF7-4034-A45E-DEDB147FB1F0&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=FF15C075-1CF7-4034-A45E-DEDB147FB1F0&redir=true&gdpr=0&gdpr_consent=&dcc=t

Request Chain 207

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1589370376627655599&gdpr=0&gdpr_consent=

Request Chain 208

https://dsp.adfarm1.adition.com/cookie/?ssp=9&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7211187735677499542&gdpr=0&gdpr_consent=

Request Chain 209

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=ZeMXUTfwXmdpSzJVpg37fB_Mmbo&gdpr=0&gdpr_consent=

Request Chain 210

https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFVaDhFN0lKcElBQUNEYXFaUUEwQQ&gdpr=0&gdpr_consent=&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?gdpr=0&gdpr_consent=&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAUh8E7IJpIAACDaqZQA0A&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2&gdpr=0 HTTP 302
https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAUh8E7IJpIAACDaqZQA0A&pid=558502&do=add&gdpr=0 HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAUh8E7IJpIAACDaqZQA0A&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26bee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID&gdpr=0 HTTP 302
https://match.prod.bidr.io/cookie-sync?gdpr=0&gdpr=0&bee_sync_partners=pm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=66393876930835287&gdpr=0&gdpr_consent= HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAUh8E7IJpIAACDaqZQA0A&gdpr=0&gdpr_consent=

Request Chain 211

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZBNJCwAA1Wd30AAo HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=ZBNJCwAA1Wd30AAo&gdpr=1&gdpr_consent=&_test=ZBNJCwAA1Wd30AAo

Request Chain 213

https://cm-supply-web.gammaplatform.com/adx/usersyncsupply?pid=7&t=pixel HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1t0gtn5xbis9

Request Chain 214

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token} HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

Request Chain 216

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}

Request Chain 218

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1678985482924 HTTP 302
https://ad.turn.com/r/cs?pid=45&rndcb=3938620741 HTTP 302
https://sync.1rx.io/usersync/turn/3396726489196073996?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-00da8758-de9f-4251-8b82-51c35884e33d-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-00da8758-de9f-4251-8b82-51c35884e33d-003 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-00da8758-de9f-4251-8b82-51c35884e33d-003

Request Chain 219

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_xXAdRz3QDSkXt7bFH-x8A%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

Request Chain 221

https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent= HTTP 307
https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=&bounce=1&random=4042717554

Request Chain 222

https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=FF15C075-1CF7-4034-A45E-DEDB147FB1F0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_hm=ZGZteG1EcERoWS1TM0NFajA2cEhBZ0tQZw==&google_redir=https%3A%2F%2Fa.audrte.com%2Fddp%3Fred%3DeyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiYWRmb3JtIn1dfQ%253D%253D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://a.audrte.com/ddp?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiYWRmb3JtIn1dfQ%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://dmp.adform.net/serving/cookie/match/?party=1003&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent= HTTP 302
https://a.audrte.com/a?adform_uid=5792934742258671007&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D HTTP 302
https://a.audrte.com/p

Request Chain 223

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RkYxNUMwNzUtMUNGNy00MDM0LUE0NUUtREVEQjE0N0ZCMUYw&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 224

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJgcXjH91ZJ3H3IvDOFyS4Y&google_cver=1

Request Chain 226

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=5792934742258671007

Request Chain 229

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=FF15C075-1CF7-4034-A45E-DEDB147FB1F0&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=FF15C075-1CF7-4034-A45E-DEDB147FB1F0&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-WleX4rxE2uV6zhOqiWAKJq.zcA2rqzc-~A&gdpr=0

Request Chain 230

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=09936530-f675-4fb6-a89f-fc86f59f5e40 HTTP 302
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=09936530-f675-4fb6-a89f-fc86f59f5e40 HTTP 302
https://x.bidswitch.net/sync?dsp_id=4&user_id=b3673a43-f105-41fe-b085-284c7b8209fa&ssp=pubmatic&expires=30&user_group=5&bsw_param=09936530-f675-4fb6-a89f-fc86f59f5e40 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=09936530-f675-4fb6-a89f-fc86f59f5e40&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 233

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=1589370376627655599

Request Chain 234

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3180553707082290188&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 235

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:c0f55c4f-2258-4f9f-b2e8-7a07f907200e&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

233 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request HannahOwoLeaked Show response
shrinke.me/ 20 KB
7 KB 144ms
70ms Document
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shrinke.me/HannahOwoLeaked

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff73e899a03a207a8cf564d578c807f77066ed63b8135e879a7eb9b91b9f0174

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7a8e800458150bf1-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 16 Mar 2023 16:51:17 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QTmLZdfYj1bUT0U1ZYjLSvRGrLczB7l9dVAeG2ailgQNuvHCXvBLtHtURpOo1Hchusr2IrNK7A%2BL9TKJ%2BbrlYHf8AI91jqzONnm4%2FVaNvq14nG0xRJ6mii%2FlZx0LlIK4pzyb6TV4tj2Z"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
x-xss-protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ 6 KB
1 KB 110ms
40ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:400,700%7CMuli:300,300i,400

Requested by

Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

eced69e931e3d6fbbb896aec7733312d0f897063880d3d73b1403c5ca82aba7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 16 Mar 2023 16:51:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 16 Mar 2023 16:42:43 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Mar 2023 16:51:17 GMT

GET
H2 200 styles.min.css
shrinke.me/modern_theme/build/css/ 187 KB
34 KB 40ms
40ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shrinke.me/modern_theme/build/css/styles.min.css?ver=6.4.0

Requested by

Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b386764e2b714f6fe617daaedd1946a7161fc2ae5f9bd0bf606f76287121ee1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/HannahOwoLeaked
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 224113
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 31 Mar 2020 12:16:00 GMT
server: cloudflare
etag: W/"2ec69-5a22587d62000-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FeWCzcm3jv%2FjHY1vSRC101nMCtoc5HSGbPRM%2FcCw9vT%2BGwBU2gJlybZtVEXBjNi4CPHg23xvWl5Kh1WKfKH4IWy0JpBuzDs7DsWBsydWxKmonAQ5TP5a%2FEpcTYfwckZSpZ%2FvVRWnS6Yk"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
cf-ray: 7a8e8004d8750bf1-AMS
expires: Thu, 13 Apr 2023 02:36:04 GMT

GET
H2 200 / Show response
d1r90st78epsag.cloudfront.net/ 288 KB
94 KB 428ms
336ms Script
text/plain 13.32.118.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1r90st78epsag.cloudfront.net/?etsrd=792297
Requested by: Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.118.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-118-110.fra60.r.cloudfront.net
Software: /
Resource Hash: 4adf0d851914ad011619d23d0ae295717ac381df4769e6b3a3503819f20a3ae0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:18 GMT
content-encoding: gzip
via: 1.1 b04a6cb0bde4a78c29099913e07f9056.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-length: 96048
x-amz-cf-id: bmUQoS1ch3QX4jTWS7R-sk_WsyqhyoTLvipX4jMxpONkIf4ptb5f2A==

GET
H/1.1 200
OK 61894 Show response
akazginhapping.com/gspu5HpgD2oSi3/ 0
0 330ms
30ms Script
text/html 23.109.87.77
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://akazginhapping.com/gspu5HpgD2oSi3/61894
Requested by: Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 23.109.87.77 , Netherlands, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

GET
H2 200 logo-sm.webp
shrinkme.io/ 31 KB
31 KB 109ms
35ms Image
image/webp 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shrinkme.io/logo-sm.webp

Requested by

Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9777428de88c524584f0133c3c0d9becf5a3840597eb16dc873bbc29b9a0bf58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9001426
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 31236
x-xss-protection: 1; mode=block
last-modified: Tue, 31 Mar 2020 12:16:00 GMT
server: cloudflare
etag: "7a04-5a22587d62000"
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/webp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eFmeCjFO8p5V5wLgR%2FL4QEm1OiGcs3W3dgn681nsdsvzUq9Z94BJYjVnXruXHCe3fojWbKsk7lq1TT3n2HrmuL2OfL%2FZCxxj3uHzMG%2Bo3hNTPnRldJ35%2B4vNtXX%2BK0Nyd5Iqc20ugjLbUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7a8e800879ec00b6-AMS
expires: Sat, 02 Dec 2023 12:27:32 GMT

GET
H2 200 async.js Show response
cdn.adtrue.com/rtb/ 7 KB
3 KB 112ms
34ms Script
application/javascript 2606:4700:e6::ac40:c914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adtrue.com/rtb/async.js
Requested by: Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c914 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f979285e29b7738e79983b46d15f2c865f36ca1033937b4fd938af11798ef40f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11621977
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 16 Nov 2020 01:20:45 GMT
server: cloudflare
etag: W/"5fb1d3ed-1c9f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=26Zqxni57mP1jB%2FN2Pk8JY2tER4bcRxMraF8ZLjgrw6wZ%2F%2F%2B5oNuq8IgzFvTETV8njxGvgcNRA0uxs8bvlFeW9uSFlvdDDQPXBDVLpEfbC9JDyqvfI6PwkMEbNGkQWYUlIg4Qkrh08bUgD5hZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31104000
cf-ray: 7a8e80092d180eb4-AMS
expires: Sat, 28 Oct 2023 04:31:41 GMT

GET
H3 200 email-decode.min.js Show response
shrinke.me/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 27ms
26ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shrinke.me/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/HannahOwoLeaked
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 07 Mar 2023 22:56:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6407c11e-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vi6p0zsgSj28QarKD14rkpY6NMj9pNP9dyHVisIMfboy6tp3pNX6D0mqV0rQ%2F35dJRf8Ki73jB7lBY%2F3SbIETDDHhSOrBcu3KYwtoL6ZBjMsz44UyKj8Xvf%2FnzxKQgBUjhcXAEA3PR1m"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 7a8e8005896cb88b-AMS
expires: Sat, 18 Mar 2023 16:51:18 GMT

GET
H3 200 ads.js Show response
shrinke.me/js/ 190 B
658 B 31ms
31ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shrinke.me/js/ads.js

Requested by

Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9d807c16e2160c2660ffd43bf8b8bc54eb39ecd044e823209c0ade70db965d5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/HannahOwoLeaked
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 250075
cf-polished: origSize=191
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Tue, 31 Mar 2020 12:16:00 GMT
server: cloudflare
etag: W/"bf-5a22587d62000-gzip"
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nUE2z1OlgcukKbGemyjqq8nNyeLHOazU20QhZKczzW3phDilZh3sYjbFfhhOwyA4jXHhxXsifyRrh5TkSeSl%2Bjc6fOLhXheLIspNmuCZheeMiS49R1xU8c%2BoIyWAAKAm2mQdMNRo3Lef"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
cf-ray: 7a8e8005b9b8b88b-AMS
expires: Wed, 12 Apr 2023 19:23:23 GMT

GET
H3 200 rocket-loader.min.js Show response
shrinke.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 27ms
26ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shrinke.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/HannahOwoLeaked
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 07 Mar 2023 22:56:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6407c11e-302c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NywloYmuV8Q%2F%2FQxRUrpFPwgfq7%2BoL4IkzRjTGTziBpB%2Fr1UDU7gys%2FilKm4RSCwj%2B%2F5%2FdV5Z8Hg1%2F8Mwai%2FOYLvuZ95gwQccb2slsiuESrXGuVgdT0WFxyx2vNQkzINyPJhBXmlhyZLE"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 7a8e80096eb1b88b-AMS
expires: Sat, 18 Mar 2023 16:51:18 GMT

GET
H2 200 asd100.bin Show response
pogothere.xyz/ 100 KB
101 KB 104ms
38ms Fetch
binary/octet-stream 172.64.172.27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pogothere.xyz/asd100.bin
Requested by: Host: d1r90st78epsag.cloudfront.net
URL: https://d1r90st78epsag.cloudfront.net/?etsrd=792297
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.172.27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:18 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5109
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 16 Mar 2023 15:26:09 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: https://shrinke.me
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qglEPC0ZwliyDgMVqBUV7RXI2r1q18MujOW5o09jODaXuIEk3e%2FWIqtv9pL20X7vjwb8Y8e9RzixT8xLMHtt%2F3MBNn%2FWyZ0fAilwa9tZA7TP5PK4cnGla7RTzi6n4YEp"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 7a8e8009ed78b736-AMS
access-control-allow-headers: X-Requested-With, content-type

GET
H2 200 / Show response
pogothere.xyz/ 26 B
354 B 194ms
128ms Fetch
text/plain 172.64.172.27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pogothere.xyz/
Requested by: Host: d1r90st78epsag.cloudfront.net
URL: https://d1r90st78epsag.cloudfront.net/?etsrd=792297
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.172.27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 80a70a83b9ce7ec0fb482969a3ea21595462aeb854dd2a7db3d9c88bfc528e55

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:18 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0y7fO%2BvblrK6V8dMBXaqtGm1dCpqI%2F%2BwGRZxQcqURmcwqBCrOsrIShSsuBXbPOcCibZh%2BYYbKddnAKGznhPqMun%2BcymZvCft1nGp6TiX16Qp5E66mpo%2FQakMp8ZMR0kY"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
access-control-allow-origin: https://shrinke.me
content-type: text/plain
access-control-allow-credentials: true
cf-ray: 7a8e8009ed7bb736-AMS
access-control-allow-headers: X-Requested-With, content-type
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 204 utx Show response
ydenknowled.com/ 0
532 B 215ms
126ms XHR
text/plain 13.225.78.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ydenknowled.com/utx?cb=a4XzFpgal3vV&top=shrinke.me&tid=792297
Requested by: Host: d1r90st78epsag.cloudfront.net
URL: https://d1r90st78epsag.cloudfront.net/?etsrd=792297
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-97.fra2.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:18 GMT
via: 1.1 edfd22ec6695cdc9d7ac634220af1314.cloudfront.net (CloudFront)
server: openresty/1.17.8.2
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
p3p: CP="NID DSP ALL COR"
access-control-allow-origin: https://shrinke.me
cache-control: no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials: true
x-amz-cf-id: etQwLq_QiFhbpkSp4dQ4Ym1608ovg3gifSezgUYGoMu8n2-FwQKTlg==

GET
H2 200 asd100.bin Show response
pogothere.xyz/ 100 KB
100 KB 114ms
65ms Fetch
binary/octet-stream 172.64.172.27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pogothere.xyz/asd100.bin
Requested by: Host: d1r90st78epsag.cloudfront.net
URL: https://d1r90st78epsag.cloudfront.net/?etsrd=792297
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.172.27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:18 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5109
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 16 Mar 2023 15:26:09 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: https://shrinke.me
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4pbWCN1pDkbYuLbN4G6qKcd7Du01gaDFoRZQBrOugHTQPZggSUFYQbl7nVwTwLmxNvQnrQJrtsfyxJUnC0SdE3a8r39rrisvthEGaI%2Bt2s029N2DX5HjhsdmXXo0IwN7"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 7a8e8009ed7db736-AMS
access-control-allow-headers: X-Requested-With, content-type

GET
H2 200 / Show response
pogothere.xyz/ 27 B
366 B 173ms
125ms Fetch
text/plain 172.64.172.27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pogothere.xyz/
Requested by: Host: d1r90st78epsag.cloudfront.net
URL: https://d1r90st78epsag.cloudfront.net/?etsrd=792297
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.172.27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44fa25bbc65c1c85100a51e6a2d97f7a23495dacbae0460e3a1e2c5751d6bc02

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:18 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wNFr6WaF0j3%2FwDNbpgcmHLajkm4DrJYPs7%2FnwpnacWFuDSqTspx7ZaKXrzC6c71FLtjqYDrMvcUcoHQTmBhhZHm96C2welokVBt3mmJ7QzdKfwLMmuRvHF2yd5DsDvZC"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
access-control-allow-origin: https://shrinke.me
content-type: text/plain
access-control-allow-credentials: true
cf-ray: 7a8e8009ed7eb736-AMS
access-control-allow-headers: X-Requested-With, content-type
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 204 utx Show response
ydenknowled.com/ 0
533 B 284ms
213ms XHR
text/plain 13.225.78.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ydenknowled.com/utx?cb=DefEUmRMZ6oi&top=shrinke.me&tid=829554
Requested by: Host: d1r90st78epsag.cloudfront.net
URL: https://d1r90st78epsag.cloudfront.net/?etsrd=792297
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-97.fra2.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:18 GMT
via: 1.1 edfd22ec6695cdc9d7ac634220af1314.cloudfront.net (CloudFront)
server: openresty/1.17.8.2
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
p3p: CP="NID DSP ALL COR"
access-control-allow-origin: https://shrinke.me
cache-control: no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials: true
x-amz-cf-id: gJpHCOgZL2tGJyWUDicfRzUZJavpkxXPlLgrDCU3F_NEdasOpUC5_g==

GET
H2 204 Ckl8IixDFGdjbgBAY2ptA09iZGkB
denansgdfierc.com/N3haUlgYRzkhZWU+KiQBYzojMx5TKRs8EkcgDAsRVD9rNA1QPXwmMVNFbWtqBUFtdCheHGdjfkQMOyYtREVrdDFZHjVvfkFFa3xrA1ZpYHYFXi9vaREMKjM/ 0
255 B 202ms
124ms Image
text/plain 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://denansgdfierc.com/N3haUlgYRzkhZWU+KiQBYzojMx5TKRs8EkcgDAsRVD9rNA1QPXwmMVNFbWtqBUFtdCheHGdjfkQMOyYtREVrdDFZHjVvfkFFa3xrA1ZpYHYFXi9vaREMKjM/Ckl8IixDFGdjbgBAY2ptA09iZGkB
Requested by: Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:18 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kRrvwMrdZouPwzUrUlzN07JzvF%2FUoUhY%2FTxl8LfLDAPWXwjtvCKs8LnPUrkIUvq5RMewMbjuT9MgZJTVoB79IRSYy27p09xSjtBng6FAnt7jjU2zXqjJQ%2Bm9PcI%2F9%2F3kjfe3Ew%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 7a8e800a0b7a0e33-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 login.php
www.facebook.com/ 0
0 238ms
157ms Image
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
Requested by: Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

GET
H2

403

identifier
accounts.google.com/v3/signin/
Redirect Chain

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AWnogHeQfj88-09CFOnQOaoI2ew1RiEA1y9MUx-S29v0rqSL5t6FWoKryiQ23Gi...
https://accounts.google.com/v3/signin/identifier?dsh=S1477441503%3A1678985478833125&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AWnogHcT6EFbUAW1zRWHG8mXo8L7iXQysBiPo8l2eQF8BtodWe...

0
0

74ms
73ms

Image
text/html

2a00:1450:4001:80e::200d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/v3/signin/identifier?dsh=S1477441503%3A1678985478833125&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AWnogHcT6EFbUAW1zRWHG8mXo8L7iXQysBiPo8l2eQF8BtodWeIySKdgNNil0a3FUh-QysZBL_VBMQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
Requested by: Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked
Protocol: H2
Server: 2a00:1450:4001:80e::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Redirect headers

date: Thu, 16 Mar 2023 16:51:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-NX8qzwkufFJgaQrR9YS46Q' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 394
x-xss-protection: 1; mode=block
pragma: no-cache
server: GSE
x-frame-options: DENY
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type: text/html; charset=UTF-8
location: https://accounts.google.com/v3/signin/identifier?dsh=S1477441503%3A1678985478833125&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AWnogHcT6EFbUAW1zRWHG8mXo8L7iXQysBiPo8l2eQF8BtodWeIySKdgNNil0a3FUh-QysZBL_VBMQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

403

identifier
accounts.google.com/v3/signin/
Redirect Chain

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AWnogHffWglS7Fzo3h-l9HJCKmRbRdfqCRhNVZTP7uoSuA08ZYao1_2F9_I...
https://accounts.google.com/v3/signin/identifier?dsh=S-1156992828%3A1678985478865051&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AWnogHdhu3FGF453Cs3EQu6SCbVVSPoggiGGBn36TNh4rxRA...

0
0

108ms
108ms

Image
text/html

2a00:1450:4001:80e::200d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/v3/signin/identifier?dsh=S-1156992828%3A1678985478865051&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AWnogHdhu3FGF453Cs3EQu6SCbVVSPoggiGGBn36TNh4rxRAEdYYp4T9E6inMJMLtwTTLKEPRIP2Dw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
Requested by: Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked
Protocol: H2
Server: 2a00:1450:4001:80e::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Redirect headers

date: Thu, 16 Mar 2023 16:51:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'report-sample' 'nonce-twoUygNM5OijKikJVZ_ASg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 398
x-xss-protection: 1; mode=block
pragma: no-cache
server: GSE
x-frame-options: DENY
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type: text/html; charset=UTF-8
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1156992828%3A1678985478865051&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AWnogHdhu3FGF453Cs3EQu6SCbVVSPoggiGGBn36TNh4rxRAEdYYp4T9E6inMJMLtwTTLKEPRIP2Dw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 popunder.gif
denansgdfierc.com/ 35 B
560 B 109ms
33ms Image
image/gif 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://denansgdfierc.com/popunder.gif
Requested by: Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: public
date: Thu, 16 Mar 2023 16:51:18 GMT
cf-cache-status: HIT
last-modified: Wed, 15 Mar 2023 23:30:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 62476
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K3g8aCqSFVO5VtPDo8Bo3vz%2F%2BiKm5LIaLP%2F5O2oVTVwO2hPHdHWClmYg1YCA9%2BNJyl9f2jN%2FWTGmDBxSiWwzzK0qgZIaLmLvVykgxzutq5IvT6Oqu%2F%2FxckkdIEjpt1wJFJcjSg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800, immutable
cf-ray: 7a8e800a0b7c0e33-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 204 Vl8AXGBDDQUANlhIUxElERVIUGdSQUxZZFFOTVdjVw
denansgdfierc.com/UWV5dWF+WhoGXABVET0sFwlLFikEIBhGFWcGHjsQNVY/UFMTJC5NRyUMHUhWaFdLTFl3FRARXGBdXwYVMBEMBlxgQxAbBz5YXwNcYEtJW1N/ 0
256 B 201ms
125ms Image
text/plain 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://denansgdfierc.com/UWV5dWF+WhoGXABVET0sFwlLFikEIBhGFWcGHjsQNVY/UFMTJC5NRyUMHUhWaFdLTFl3FRARXGBdXwYVMBEMBlxgQxAbBz5YXwNcYEtJW1N/Vl8AXGBDDQUANlhIUxElERVIUGdSQUxZZFFOTVdjVw
Requested by: Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:18 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r9%2FEfR1h%2Bc5iHd1Wa1l%2BRPOOEY1r5AZT3ntfsE3fmRewZbU5W1KE3ewB%2FX8l1MYpKsjtYYb7%2FBAIJ7IOVANAgVANTi%2FMywR0ZmgDIUKMZQ8gcETZhbhdjyksRfx5386F%2FBcAFg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 7a8e800a0b7d0e33-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 204 UkJoBSIJHHNKOlJCYFxiWUNgX2oaTn9KOB8SKVF9SQM6GCBSQnhbdFZLe1h7V0V8VA
denansgdfierc.com/TG9zTmxjUBA9URU4JQMiCQchGyQjKBAINh0KMhRJfikmGAhpXTUKJCNJBycIcVdBd1l5W1U+BShSQXdKPxsSOhk/ 0
261 B 199ms
123ms Image
text/plain 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://denansgdfierc.com/TG9zTmxjUBA9URU4JQMiCQchGyQjKBAINh0KMhRJfikmGAhpXTUKJCNJBycIcVdBd1l5W1U+BShSQXdKPxsSOhk/UkJoBSIJHHNKOlJCYFxiWUNgX2oaTn9KOB8SKVF9SQM6GCBSQnhbdFZLe1h7V0V8VA
Requested by: Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:18 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EJR2cGoni0EpjwSylPXrSuQmZAsC6cvaOwSqvHY5CtFBv7L0yE%2FKhpeCaw1YZvf3YalQ%2BIZS1aOTY6LqAdmPaRaPdxSiD6PcFdT4T5DnES31PjESdeO3KjPBF%2Fd%2Bg%2FHoJurUGg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 7a8e800a0b7e0e33-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 header9.webp
shrinkme.io/ 127 KB
128 KB 37ms
36ms Image
image/webp 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shrinkme.io/header9.webp

Requested by

Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd3fb9c39fddd8aba2e4c7af555aeb970686c92304fba3ff4850901ec3e1ff53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17490763
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 130482
x-xss-protection: 1; mode=block
last-modified: Tue, 31 Mar 2020 12:16:00 GMT
server: cloudflare
etag: "1fdb2-5a22587d62000"
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/webp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xIqTrAQqQT07mDkbbWE2DcWa6dRKn8htwemWPBYBiKHgct%2Fcgm9kPTSWHAGtxdlke42JFnNSiS%2B8BMcTsN5LP%2FBM%2B%2B%2BJlcZiEjX9Abw%2BUF4qUDgMmH1Z27C3eNp4plNpmycKIBV44kGJyA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7a8e80099ab400b6-AMS
expires: Sat, 26 Aug 2023 06:18:35 GMT

GET
H3 200 HannahOwoLeaked
shrinke.me/ 19 KB
19 KB 83ms
83ms Image
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shrinke.me/HannahOwoLeaked

Requested by

Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/HannahOwoLeaked
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
server: cloudflare
x-frame-options: SAMEORIGIN, SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y0YzDD6lSYccuczKDIq%2FevPwvRtt7WS5X4qeokm2NPROnC%2Fej0tG77q5LD5NbIwAeOfHdka8cZjeB10QpI0zYRwHPAF8XFkgEl80lWzw8k6znkpDr0Xa9U46pMwa%2B2AzSmSe0ib%2Fg1We"}],"group":"cf-nel","max_age":604800}
cache-control: no-store, no-cache, must-revalidate
x-robots-tag: noindex, nofollow
cf-ray: 7a8e80099eeab88b-AMS
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v25/ 30 KB
30 KB 135ms
63ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400,700%7CMuli:300,300i,400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://shrinke.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 10 Mar 2023 13:48:40 GMT
x-content-type-options: nosniff
age: 529358
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30928
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Mar 2024 13:48:40 GMT

GET
H3 200 fontawesome-webfont.woff2
shrinke.me/modern_theme/build/fonts/ 75 KB
76 KB 31ms
31ms Font
font/woff2 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shrinke.me/modern_theme/build/fonts/fontawesome-webfont.woff2

Requested by

Host: shrinke.me
URL: https://shrinke.me/modern_theme/build/css/styles.min.css?ver=6.4.0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://shrinke.me/modern_theme/build/css/styles.min.css?ver=6.4.0
Origin: https://shrinke.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3675
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160
x-xss-protection: 1; mode=block
last-modified: Tue, 31 Mar 2020 12:16:00 GMT
server: cloudflare
etag: "12d68-5a22587d62000"
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: font/woff2
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DfnG4Kvh5LemkuAFLiw19tWlK2SdbRFGh0RtRgrxglSwHx1fINpzgGV4iSbEiQeba6BFRILfxmoGtzLYHQV4QYIUIa21KDV8cEZTl1U7H0y7Erxl9iUWB1PSDZL%2BepmfJny7B85rtMlu"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7a8e80099eeeb88b-AMS

GET
H2 200 7Auwp_0qiz-afTLGLQ.woff2
fonts.gstatic.com/s/muli/v28/ 30 KB
31 KB 102ms
30ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/muli/v28/7Auwp_0qiz-afTLGLQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400,700%7CMuli:300,300i,400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a04078f9550381b5148170ceaf5b378a1b31ed8274c6d0094aeba6f599462cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://shrinke.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 08:56:08 GMT
x-content-type-options: nosniff
age: 28510
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31196
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 20:43:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Mar 2024 08:56:08 GMT

GET
H2 200 api.js Show response
www.recaptcha.net/recaptcha/ 921 B
905 B 243ms
129ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit

Requested by

Host: shrinke.me
URL: https://shrinke.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

eaedac048f51c664fc21681a841943a8c11d4481480df8589860014ba0b65655

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 585
x-xss-protection: 1; mode=block
expires: Thu, 16 Mar 2023 16:51:18 GMT

GET
H3 200 script.min.js Show response
shrinke.me/modern_theme/build/js/ 202 KB
61 KB 100ms
98ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shrinke.me/modern_theme/build/js/script.min.js?ver=6.4.0

Requested by

Host: shrinke.me
URL: https://shrinke.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

852593ea1830ce3d6821822385a17af199442f4938b588ed7c84942c351d9f16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/HannahOwoLeaked
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 249999
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 31 Mar 2020 12:16:00 GMT
server: cloudflare
etag: W/"32956-5a22587d62000-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wSG7WVmP5UrTQAGnlvU%2FwWMNU5BviZQz1N1UnXiylM24zd2c%2FhvjtCAROlsqTyfhuukycqP1YuVGR4%2FZfzFGWBDVHtPO0uOuDTRTWyfQ5xWF%2BgDolUSA6CI2v5flghMSw91jUE27Y7dQ"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
cf-ray: 7a8e8009bf15b88b-AMS
expires: Wed, 12 Apr 2023 19:24:39 GMT

GET
H2 200 11628 Show response
tags.orquideassp.com/tag/ 823 B
1 KB 144ms
36ms Script
text/javascript 2600:9000:2491:a200:2:e529:700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tags.orquideassp.com/tag/11628

Requested by

Host: shrinke.me
URL: https://shrinke.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2491:a200:2:e529:700:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx/1.16.1 /

Resource Hash

ce36f676ef8ce52a9213048f1a08b0bb84d9c42597d327d4844feb68f368ab44

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; includeSubDomains
date: Thu, 16 Mar 2023 16:09:55 GMT
x-content-type-options: nosniff
via: 1.1 da749f044be44d389a30372d73356c4e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P7
age: 2483
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
content-length: 823
x-xss-protection: 1; mode=block
server: nginx/1.16.1
etag: W/"337-b1qf5FlC4abtHU8zyRVmerh6bFM"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-cf-id: xww4h1-0dEJdS7Rini2gW31oDztnGCRjLqXaav9sALBD6jyfVk5d2w==

GET
H2 200 22192 Show response
tags.orquideassp.com/tag/ 823 B
1 KB 144ms
37ms Script
text/javascript 2600:9000:2491:a200:2:e529:700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tags.orquideassp.com/tag/22192

Requested by

Host: shrinke.me
URL: https://shrinke.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2491:a200:2:e529:700:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx/1.16.1 /

Resource Hash

3300cadb9447618dce059b872298b213f3d28e35f5654d696e5bac1642b4c936

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; includeSubDomains
date: Thu, 16 Mar 2023 16:07:35 GMT
x-content-type-options: nosniff
via: 1.1 da749f044be44d389a30372d73356c4e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P7
age: 2623
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
content-length: 823
x-xss-protection: 1; mode=block
server: nginx/1.16.1
etag: W/"337-ecg65WlYeXO5mNZp13bmwaZGVKE"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-cf-id: vneIYvPhUSoPMLPNnUwpfuJjPR_SmQKdpk9tudGC0Im6r7B6CZjZfg==

GET
H2 200 22193 Show response
tags.orquideassp.com/tag/ 823 B
1 KB 145ms
38ms Script
text/javascript 2600:9000:2491:a200:2:e529:700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tags.orquideassp.com/tag/22193

Requested by

Host: shrinke.me
URL: https://shrinke.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2491:a200:2:e529:700:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx/1.16.1 /

Resource Hash

4a935dd954795d7a6e5cf17eba098987baa2209bcce70338070d817089f3140f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; includeSubDomains
date: Thu, 16 Mar 2023 16:01:08 GMT
x-content-type-options: nosniff
via: 1.1 da749f044be44d389a30372d73356c4e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P7
age: 3010
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
content-length: 823
x-xss-protection: 1; mode=block
server: nginx/1.16.1
etag: W/"337-8xdnZAiI6ozND5LIJEiNJf1vKdc"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-cf-id: RxNmjQ9qPhOpz-HPg6WJaednS7pAkeJx_l9T_u6qnnmNgas5hCBWNQ==

GET
H2 200 12656 Show response
tags.orquideassp.com/tag/ 823 B
1 KB 145ms
38ms Script
text/javascript 2600:9000:2491:a200:2:e529:700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tags.orquideassp.com/tag/12656

Requested by

Host: shrinke.me
URL: https://shrinke.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2491:a200:2:e529:700:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx/1.16.1 /

Resource Hash

2f7278404edca136bf89b7f73199f14c662e1fd6468a4d4f72ec8bcfbfa3d84a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; includeSubDomains
date: Thu, 16 Mar 2023 16:00:49 GMT
x-content-type-options: nosniff
via: 1.1 da749f044be44d389a30372d73356c4e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P7
age: 3029
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
content-length: 823
x-xss-protection: 1; mode=block
server: nginx/1.16.1
etag: W/"337-qJ++jr3n04I22/Ou037JBvp6MKI"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-cf-id: KDZcw_4ZcMZ5QUl_Erm_AKfjqmCwCgi5O4x8Acxzmc97VmD67ZcWfQ==

GET
H2 200 / Show response
services.vlitag.com/adv1/ 544 KB
142 KB 143ms
63ms Script
application/javascript 2606:4700:10::ac43:15e3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://services.vlitag.com/adv1/?q=b696d0f5c06dbd9fd83feb568718537b
Requested by: Host: shrinke.me
URL: https://shrinke.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:15e3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f25d87e95c7b1d5d30c67f3ca11140afe8ab14835e91b2edc0a1c50b6e93dcff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:18 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
server: cloudflare
age: 771
cf-polished: origSize=556900
etag: W/"b696d0f5c06dbd9fd83feb568718537b 2023-03-07T23:21:23 v1 default"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, stale-while-revalidate=3600
x-robots-tag: noindex, nofollow, noarchive, nosnippet
cf-ray: 7a8e800a3e2c6967-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 jquery-2.2.4.min.js Show response
code.jquery.com/ 84 KB
29 KB 110ms
35ms Script
application/javascript 2001:4de0:ac18::1:a:2a
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-2.2.4.min.js
Requested by: Host: shrinke.me
URL: https://shrinke.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:18 GMT
content-encoding: gzip
last-modified: Fri, 20 May 2016 17:24:41 GMT
server: nginx
etag: W/"573f4859-14e4a"
vary: Accept-Encoding
x-hw: 1678985478.dop206.am5.t,1678985478.cds116.am5.hn,1678985478.cds218.am5.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 29811

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 164 KB
60 KB 118ms
43ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-137383949-1

Requested by

Host: shrinke.me
URL: https://shrinke.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

386dfbd4d0a0e248c9f9e2fc5c7ca4aa3a0035707b785e40a8e96a8737c2574b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:18 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 61255
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 16 Mar 2023 16:51:18 GMT

GET
H2 200 cm0bcmZ6CigzJBMYZCkgJDcyfhd7aAgiPn80AQ Show response
ydenknowled.com/Q1NLWUIiMSg0fSJuKX83MT92fHAFdnkfJnIhcmkxN2RzPDIwMix3IS88Pj0kMTwlLWwtNj98cAVjGms6EwccaSUCKg4rFykwDRJxATIuNXd6Nw0pLgE5PDADOR0ZGnFyMAgIcio2GhgDEDk4agEbZig4EQYeBwg2OjI8PjYHYAFhEToaAhUaA... Frame 00B5 3 KB
2 KB 177ms
134ms Document
text/html 13.225.78.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ydenknowled.com/Q1NLWUIiMSg0fSJuKX83MT92fHAFdnkfJnIhcmkxN2RzPDIwMix3IS88Pj0kMTwlLWwtNj98cAVjGms6EwccaSUCKg4rFykwDRJxATIuNXd6Nw0pLgE5PDADOR0ZGnFyMAgIcio2GhgDEDk4agEbZig4EQYeBwg2OjI8PjYHYAFhEToaAhUaAQkRCyVmYQ0QJRl2eRsAKWMlGzggHxsNMQgfDjZ0DxUKLAM5BiAYEXsdKjd6MTcgE2dxFSofezkBDz4pAiooHQ0HZgI6FDQ7BAwqOwsDbHsSYAUTJAJqAjoUNGcBGAxyBAwpZ3ERB2sYJjUxDyAnYx0oJHJjIhEGbmsjGgYSGQcKGwYdezV7AGIjLhVxFW5rABRhETwkcQYMEjokOgIMKjsfeSlncRUTCnoFGQgxCyAFPDYJAmckGHAZPBNqDxMZMWEBDzQnKCQ6JzIBGnY5Ew5zGTYlLSchBTtuIwVqMRE7dyEPHQcFMiVhMCc/cm0bcmZ6CigzJBMYZCkgJDcyfhd7aAgiPn80AQ
Requested by: Host: d1r90st78epsag.cloudfront.net
URL: https://d1r90st78epsag.cloudfront.net/?etsrd=792297
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-97.fra2.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: 1ca535fbe579ff94326f08fb5a1df1e019e4848e207502d6a1c32daffc0f52f8

Request headers

Referer: https://shrinke.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
cache-control: no-store, no-cache, must-revalidate, no-transform
content-encoding: gzip
content-length: 1228
content-type: text/html
date: Thu, 16 Mar 2023 16:51:18 GMT
p3p: CP="NID DSP ALL COR"
pragma: no-cache
server: openresty/1.17.8.2
via: 1.1 edfd22ec6695cdc9d7ac634220af1314.cloudfront.net (CloudFront)
x-amz-cf-id: doY0bpetopIuuaB6I5GmwcK2IwXPOA3cjUk5qjxt3BMHqvTZwwCtRA==
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront

GET
H2 200 HTECUys Show response
ydenknowled.com/emRZdlMbBjobbBtZO1AmCAhkU2E8QWswN0sWYEYgDlNhEyMJBT5YMBYLLBI1CAs3An0UAS1TYTwPCkUBNzIROzw9HRAPBz5cPT0UFiE6HQlfVhsUBg4QERxrTSwNAhk2Nws+FzsqbDs7HRQdPiAXMg1OHDEjNTIxKAMtOTsoVgwfOEwhESwVG... Frame 9AF1 3 KB
2 KB 172ms
132ms Document
text/html 13.225.78.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ydenknowled.com/emRZdlMbBjobbBtZO1AmCAhkU2E8QWswN0sWYEYgDlNhEyMJBT5YMBYLLBI1CAs3An0UAS1TYTwPCkUBNzIROzw9HRAPBz5cPT0UFiE6HQlfVhsUBg4QERxrTSwNAhk2Nws+FzsqbDs7HRQdPiAXMg1OHDEjNTIxKAMtOTsoVgwfOEwhESwVGw4MLhgvCG0VNCMVCiUWTScKPwozIA8hNi4ubBM4NBELGCtCJho/MjEgKjMcPCJ8RBEgJmlTYTwxAUM4KwotFzUyIhg1BTxBazQJOzUwMT0KAw8YNEgFDiwXN1QTQjUsPmwkEEoPGA8wKCsjMwEzJmlCMC8hFycLV10zLgsSJzghCT49IU44MyZtGAYiUAEgPRYhEDJjIyg1MHZIJgM0Ag8iIBVkLQlsMTU+Bzs5AQkMFCAJTyk3Rz8rCQ8zChciHhAGHg0AHTcPNjcBPT8NaSADEFUOEwcwUQNGARY2agYqOAoDMHUQFzYYI0cFKUIUDVE/HTECUys
Requested by: Host: d1r90st78epsag.cloudfront.net
URL: https://d1r90st78epsag.cloudfront.net/?etsrd=792297
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-97.fra2.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: aaca148376c47136482c94aa6d86ab8ff42b84ec97892a3e27ad210314dd4664

Request headers

Referer: https://shrinke.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
cache-control: no-store, no-cache, must-revalidate, no-transform
content-encoding: gzip
content-length: 1216
content-type: text/html
date: Thu, 16 Mar 2023 16:51:18 GMT
p3p: CP="NID DSP ALL COR"
pragma: no-cache
server: openresty/1.17.8.2
via: 1.1 edfd22ec6695cdc9d7ac634220af1314.cloudfront.net (CloudFront)
x-amz-cf-id: 8PAV6X8CzRYWhSPGhobwlcx8f_RFMFx1eATUeUFyaKjYLo77qm-DJg==
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront

GET
H2 200 Y29Zd1ICDToabQJSO1EnEQNkUmAlSmsxNlIdYEchF1hhEiIQDj5ZMQ8ALBM0EQA3A3wNCi1SYCUiDyAcKgoRMmAnLAASBgoqEjsXNSUDRiJaOwwhKCA7Ki8aGjk8PgYqSms1GhkqHzE4MQUeEDEpLCMmMAEILjsfNVptLzpTXx0kayU5IzYcKF8PNjEUJiowORsHC... Show response
ydenknowled.com/ Frame 55D2 3 KB
2 KB 172ms
135ms Document
text/html 13.225.78.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ydenknowled.com/Y29Zd1ICDToabQJSO1EnEQNkUmAlSmsxNlIdYEchF1hhEiIQDj5ZMQ8ALBM0EQA3A3wNCi1SYCUiDyAcKgoRMmAnLAASBgoqEjsXNSUDRiJaOwwhKCA7Ki8aGjk8PgYqSms1GhkqHzE4MQUeEDEpLCMmMAEILjsfNVptLzpTXx0kayU5IzYcKF8PNjEUJiowORsHCyMlKiczQjcqCDYVAhsMLzQ1ABYdMGYtKh4QHSkYEC4dMlcpLwcuOw8aCCo5HhMGOi5hLh0UDDczJSkYDC81NC0BNQAGKjU1N1IhLSQoLRgMLzUzKB0DBAUpaDQUUzVvJBMPBQ9FfyULCEUHICAYEDYuLQgDFQsAYTFgUiQXRRAyCWgtETpfA0EBJQR8RRAgFS4hGjstCzRjUisDJmoLKiElJTY3PhEUJzYQPWMlOgNGHxEqGDpkJwZoEwMbIQoSBw8JAyJjWjsMEz83N2w6BCQLDTgqCDcXNRcLNww6BjUBLScKUTUPFTVSIgM2dAkcNhkiXgYTOBgxIjcyZBogKA0zGw
Requested by: Host: d1r90st78epsag.cloudfront.net
URL: https://d1r90st78epsag.cloudfront.net/?etsrd=792297
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-97.fra2.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: 570ee0da7340f6b651253dd1f879b4b85971a7949042f9b8758f157a14d79cce

Request headers

Referer: https://shrinke.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
cache-control: no-store, no-cache, must-revalidate, no-transform
content-encoding: gzip
content-length: 1242
content-type: text/html
date: Thu, 16 Mar 2023 16:51:18 GMT
p3p: CP="NID DSP ALL COR"
pragma: no-cache
server: openresty/1.17.8.2
via: 1.1 edfd22ec6695cdc9d7ac634220af1314.cloudfront.net (CloudFront)
x-amz-cf-id: IrHBVGYnnpOq9asYtp-J-6w3DTQ24yF1siTMteerUzxkVPOr5q0ovQ==
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront

GET
H2 200 multi Show response
ydenknowled.com/ 3 KB
2 KB 134ms
125ms XHR
text/plain 13.225.78.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ydenknowled.com/multi?cs=aWwzNTRZWQUHDF5ZBwcDWV4ADQY&abt=0&red=1&sm=76&k=highest%20payout%20short%20shrinkme%20shortener%20link%20earn%20money&v=1.0.60.3&sts=0&prn=0&emb=0&tid=829554&rxy=1600_1200&fs=1&ref=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64)%20applewebkit%2F537.36%20(khtml%2C%20like%20gecko)%20chrome%2F111.0.5563.64%20safari%2F537.36&tzd=0&uloc=&if=0&_IQe0=1678985478752&crc=1
Requested by: Host: d1r90st78epsag.cloudfront.net
URL: https://d1r90st78epsag.cloudfront.net/?etsrd=792297
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-97.fra2.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: 1d82cdf12b1033aa1162d9e9a4f09a0d2fe2b53d93dc580275d174057b079e8c

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:18 GMT
content-encoding: gzip
via: 1.1 edfd22ec6695cdc9d7ac634220af1314.cloudfront.net (CloudFront)
server: openresty/1.17.8.2
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
content-type: text/plain
access-control-allow-origin: https://shrinke.me
p3p: CP="NID DSP ALL COR"
cache-control: no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials: true
content-length: 1630
x-amz-cf-id: m1Ty-N_5PCZBdIyBb327OiPfMjBhjlTiKwIr_rmSSOA7IX1a_i0nKA==

GET
H2 200 UX5kQntafHFACVF+ZAQiGnpgVng2aWZDM0J4fVZ5RC0kAycROzERIB04cUENQX-9jXXhCaWZDYx8kIB4nUX4XVnlEID0YLlF+ZBQuFyc7Wm5GfDcbORshMVZ5Mn1lQmVEYmFGfUdiYkduRnwnEi0VPj1WeTJ5Z0RlR3pyBnZF Show response
d1r90st78epsag.cloudfront.net/kS3RMVHMoGyIyTD8dKGlEckZ+bUttHj87HTtJLSRHDAN5MhgpDHsmVT8OKGlDbRgtOhR2Uik6EHZFajUXKUl4cgYqSSE7CSIYIDVWeTJ5ekNuRnx8BCIaKDsEOFF+ZB0/ Frame 9AF1 192 B
459 B 327ms
326ms Script
text/plain 13.32.118.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1r90st78epsag.cloudfront.net/kS3RMVHMoGyIyTD8dKGlEckZ+bUttHj87HTtJLSRHDAN5MhgpDHsmVT8OKGlDbRgtOhR2Uik6EHZFajUXKUl4cgYqSSE7CSIYIDVWeTJ5ekNuRnx8BCIaKDsEOFF+ZB0/UX5kQntafHFACVF+ZAQiGnpgVng2aWZDM0J4fVZ5RC0kAycROzERIB04cUENQX-9jXXhCaWZDYx8kIB4nUX4XVnlEID0YLlF+ZBQuFyc7Wm5GfDcbORshMVZ5Mn1lQmVEYmFGfUdiYkduRnwnEi0VPj1WeTJ5Z0RlR3pyBnZF
Requested by: Host: ydenknowled.com
URL: https://ydenknowled.com/emRZdlMbBjobbBtZO1AmCAhkU2E8QWswN0sWYEYgDlNhEyMJBT5YMBYLLBI1CAs3An0UAS1TYTwPCkUBNzIROzw9HRAPBz5cPT0UFiE6HQlfVhsUBg4QERxrTSwNAhk2Nws+FzsqbDs7HRQdPiAXMg1OHDEjNTIxKAMtOTsoVgwfOEwhESwVGw4MLhgvCG0VNCMVCiUWTScKPwozIA8hNi4ubBM4NBELGCtCJho/MjEgKjMcPCJ8RBEgJmlTYTwxAUM4KwotFzUyIhg1BTxBazQJOzUwMT0KAw8YNEgFDiwXN1QTQjUsPmwkEEoPGA8wKCsjMwEzJmlCMC8hFycLV10zLgsSJzghCT49IU44MyZtGAYiUAEgPRYhEDJjIyg1MHZIJgM0Ag8iIBVkLQlsMTU+Bzs5AQkMFCAJTyk3Rz8rCQ8zChciHhAGHg0AHTcPNjcBPT8NaSADEFUOEwcwUQNGARY2agYqOAoDMHUQFzYYI0cFKUIUDVE/HTECUys
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.118.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-118-110.fra60.r.cloudfront.net
Software: /
Resource Hash: d42b37b91d5b471cf62ffb0e4828c9effa944edbc47d239b32fb165630878bfe

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ydenknowled.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
content-encoding: gzip
via: 1.1 b04a6cb0bde4a78c29099913e07f9056.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: max-age=31556926
content-length: 182
x-amz-cf-id: 9MyyplOCPcQLik19Ve_UMI3uFZ6sRiJeOSKK382n5bMOU7m9sDfqLQ==

GET
H2 200 XS8FJChIcVwoKA4oA2ZoX3MPJz8CLglqfytyXX5jXW1ZentebVp7aF9zHy4rDDEFan8rdl94Y151SjpwXA Show response
d1r90st78epsag.cloudfront.net/0Q2xPTW0gAyErUjcFK3Bael59dFplBjwiAzNRC31cCQ0ieQAASjs3CX5caSEMLQtyawgtD3J8SyIILXBZZRg/IgZ+Bj0nBzcLPTsKLEo6LFAuAzUkAS8Nan8rdkJ/aF9zRDgkAycDOD5IcVwhOUhxXH59Q3NJfA9IcVw4JA... Frame 00B5 753 B
820 B 327ms
327ms Script
text/plain 13.32.118.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1r90st78epsag.cloudfront.net/0Q2xPTW0gAyErUjcFK3Bael59dFplBjwiAzNRC31cCQ0ieQAASjs3CX5caSEMLQtyawgtD3J8SyIILXBZZRg/IgZ+Bj0nBzcLPTsKLEo6LFAuAzUkAS8Nan8rdkJ/aF9zRDgkAycDOD5IcVwhOUhxXH59Q3NJfA9IcVw4JAN1WGp+L2ZefzVbd0Vqf10iHD-8hCDQJLSYEN0l9C1hwW2F+W2Zef2UGKxgiIUhxL2p/XS8FJChIcVwoKA4oA2ZoX3MPJz8CLglqfytyXX5jXW1ZentebVp7aF9zHy4rDDEFan8rdl94Y151SjpwXA
Requested by: Host: ydenknowled.com
URL: https://ydenknowled.com/Q1NLWUIiMSg0fSJuKX83MT92fHAFdnkfJnIhcmkxN2RzPDIwMix3IS88Pj0kMTwlLWwtNj98cAVjGms6EwccaSUCKg4rFykwDRJxATIuNXd6Nw0pLgE5PDADOR0ZGnFyMAgIcio2GhgDEDk4agEbZig4EQYeBwg2OjI8PjYHYAFhEToaAhUaAQkRCyVmYQ0QJRl2eRsAKWMlGzggHxsNMQgfDjZ0DxUKLAM5BiAYEXsdKjd6MTcgE2dxFSofezkBDz4pAiooHQ0HZgI6FDQ7BAwqOwsDbHsSYAUTJAJqAjoUNGcBGAxyBAwpZ3ERB2sYJjUxDyAnYx0oJHJjIhEGbmsjGgYSGQcKGwYdezV7AGIjLhVxFW5rABRhETwkcQYMEjokOgIMKjsfeSlncRUTCnoFGQgxCyAFPDYJAmckGHAZPBNqDxMZMWEBDzQnKCQ6JzIBGnY5Ew5zGTYlLSchBTtuIwVqMRE7dyEPHQcFMiVhMCc/cm0bcmZ6CigzJBMYZCkgJDcyfhd7aAgiPn80AQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.118.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-118-110.fra60.r.cloudfront.net
Software: /
Resource Hash: 136814b62baec8b71e6990f9d809bc5c3e054aec601d11d6e623c7a8176cb89d

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ydenknowled.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
content-encoding: gzip
via: 1.1 b04a6cb0bde4a78c29099913e07f9056.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: max-age=31556926
content-length: 542
x-amz-cf-id: NytkjAml_X8yF5z4sVdhGNNdrssODnhnkQ0zSKgzYUaULYXPmKH5hw==

GET
H2 200 MVWNIeHE2DCYeTiEKLEVJZ1p9TUVzCTsXHyVeITI+HzEFFjRjGgcJCzQbbgwLMV54Xh00DS9FVzANK0VAcwIsGkxhRTwIHj5eIgobPxcvCgcyDG4NEGgOJwIYOQ8pXUMTVmZIVGdTYA8YOwcnDwJwUXgWBXBReElBe1NtSzNwUXgPGDtVfF1CF0Z6SAljV2-FdQ2U... Show response
d1r90st78epsag.cloudfront.net/ Frame 55D2 591 B
728 B 328ms
328ms Script
text/plain 13.32.118.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1r90st78epsag.cloudfront.net/MVWNIeHE2DCYeTiEKLEVJZ1p9TUVzCTsXHyVeITI+HzEFFjRjGgcJCzQbbgwLMV54Xh00DS9FVzANK0VAcwIsGkxhRTwIHj5eIgobPxcvCgcyDG4NEGgOJwIYOQ8pXUMTVmZIVGdTYA8YOwcnDwJwUXgWBXBReElBe1NtSzNwUXgPGDtVfF1CF0Z6SAljV2-FdQ2UCOAgdMBQtGho8F21KN2BQf1ZCY0Z6SFk+CzwVHXBRC11DZQ8hExRwUXgfFDYIJ1FUZ1MrEAM6Di1dQxNSeUlfZU19TUdmTX5MVGdTOxkXNBEhXUMTVntPX2ZVbg1MZA
Requested by: Host: ydenknowled.com
URL: https://ydenknowled.com/Y29Zd1ICDToabQJSO1EnEQNkUmAlSmsxNlIdYEchF1hhEiIQDj5ZMQ8ALBM0EQA3A3wNCi1SYCUiDyAcKgoRMmAnLAASBgoqEjsXNSUDRiJaOwwhKCA7Ki8aGjk8PgYqSms1GhkqHzE4MQUeEDEpLCMmMAEILjsfNVptLzpTXx0kayU5IzYcKF8PNjEUJiowORsHCyMlKiczQjcqCDYVAhsMLzQ1ABYdMGYtKh4QHSkYEC4dMlcpLwcuOw8aCCo5HhMGOi5hLh0UDDczJSkYDC81NC0BNQAGKjU1N1IhLSQoLRgMLzUzKB0DBAUpaDQUUzVvJBMPBQ9FfyULCEUHICAYEDYuLQgDFQsAYTFgUiQXRRAyCWgtETpfA0EBJQR8RRAgFS4hGjstCzRjUisDJmoLKiElJTY3PhEUJzYQPWMlOgNGHxEqGDpkJwZoEwMbIQoSBw8JAyJjWjsMEz83N2w6BCQLDTgqCDcXNRcLNww6BjUBLScKUTUPFTVSIgM2dAkcNhkiXgYTOBgxIjcyZBogKA0zGw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.118.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-118-110.fra60.r.cloudfront.net
Software: /
Resource Hash: 2817220ab714a7441b651264dd12444eedeb78ddb1833dc00d4a656a6a81194b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ydenknowled.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
content-encoding: gzip
via: 1.1 b04a6cb0bde4a78c29099913e07f9056.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: max-age=31556926
content-length: 452
x-amz-cf-id: dSFAiNhba323cexlHVxdXrd60mnDBQItQgho95NLti4tk5ky-N4QGA==

GET
H2 200 6j3srg4zo7 Show response
www.clarity.ms/tag/ 623 B
986 B 430ms
304ms Script
application/x-javascript 2620:1ec:48:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/6j3srg4zo7
Requested by: Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:48:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: ab1f7a9c4ad351a13d71fa6938003fe5309e3e81f798d121421d82fd29014158

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: application/x-javascript
date: Thu, 16 Mar 2023 16:51:18 GMT
cache-control: no-cache, no-store
expires: -1
x-azure-ref: 0B0kTZAAAAAD8vEH/t3M4QZNGXZg0BOo2UEFSMjAxMDgwMzg1MDI5ADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
x-cache: CONFIG_NOCACHE
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

GET
H2 200 5775069 Show response
gloaphoo.net/401/ 0
0 118ms
24ms Script
text/plain 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://gloaphoo.net/401/5775069
Requested by: Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 232 KB
79 KB 45ms
44ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-D3PJV22VQR&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-137383949-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4f2d9c6b278dda055b9d33228e4250a12f20d74cf7d32c8b013648bc3c1c3e6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 80739
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 16 Mar 2023 16:51:19 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 116ms
38ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-137383949-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Mar 2023 15:19:33 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 5506
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Thu, 16 Mar 2023 17:19:33 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 79 KB
27 KB 117ms
44ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: shrinke.me
URL: https://shrinke.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03fd7849ddf8ba76324176b14ad84ec584db5235a5b374c6a0e34b3ccea05534

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27443
x-xss-protection: 0
server: sffe
etag: "1512 / 958 of 1000 / last-modified: 1678964715"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 16 Mar 2023 16:51:19 GMT

GET
H2 200 icon.svg
supertruco.com/ 4 KB
2 KB 94ms
23ms Image
image/svg+xml 192.0.78.146
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://supertruco.com/icon.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.146 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6500f7835a2323775cb4c894af2f8c7506ab6266809823cd23c1de35e6b63e77

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 30 Aug 2022 14:43:20 GMT
server: nginx
x-ac: 3.ams _atomic_ams HIT
etag: W/"630e2208-102b"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
expires: Tue, 27 Dec 2022 19:24:49 GMT

GET
H2 200 impress Show response
exchange.adtrue.com/delivery/ Frame C4DF 5 KB
2 KB 65ms
47ms Script
application/javascript 2606:4700:e6::ac40:c914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://exchange.adtrue.com/delivery/impress?pzoneid=20034&ref=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&cb=2466136573&timeZone=0&adWidth=300&adHeight=250&loc=https://shrinke.me/HannahOwoLeaked
Requested by: Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c914 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 94d58d4bdf0f3a3c068c75e43817b2391ff8450274f97e96629f7e408e18f31d

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-adtrue-instance: adt-backend-2
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IQCaj5%2Fse579Fw4weEXCKcHcGBswQejbTmI66Te%2BuYi5e3jO61J12j4b5NWMXkgjK0hk2eBsPgC66YNsq2Rxd3FoNft9ImBisBiOD8ghKukwrNsCJCU4lHkIeW4FrkeB4rHsB6AtCLDfp%2Fp%2F%2FOUf6xwO"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-ray: 7a8e800d8dde0eb4-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 b696d0f5c06dbd9fd83feb568718537b.json Show response
services.vlitag.com/cli/ 42 B
379 B 599ms
528ms XHR
application/json 2606:4700:10::ac43:15e3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://services.vlitag.com/cli/b696d0f5c06dbd9fd83feb568718537b.json?hn=https://shrinke.me
Requested by: Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=b696d0f5c06dbd9fd83feb568718537b
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:15e3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 63695acfd5647a34642b083966f4d6c4c2c4112462f770b3acad663fe1dab344

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:19 GMT
cf-cache-status: BYPASS
server: cloudflare
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://shrinke.me
cache-control: private, no-cache, no-store, must-revalidate
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noarchive, nosnippet
cf-ray: 7a8e800e2de43618-FRA
content-length: 42
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 recaptcha__nl.js Show response
www.gstatic.com/recaptcha/releases/MuIyr8Ej74CrXhJDQy37RPBe/ 404 KB
162 KB 183ms
59ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/MuIyr8Ej74CrXhJDQy37RPBe/recaptcha__nl.js

Requested by

Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

339ef7570ef796934502d47991cbe776ef484da0b545b3f74f62a2db6ed978b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://shrinke.me/
Origin: https://shrinke.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 12:10:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 103244
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 164836
x-xss-protection: 0
last-modified: Sun, 05 Mar 2023 21:03:42 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 12:10:35 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
250 B 80ms
28ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-D3PJV22VQR&gtm=45je33d0h1&_p=283733604&cid=1684580923.1678985479&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1678985479&sct=1&seg=0&dl=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&dt=ShrinkMe.io&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-D3PJV22VQR&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:19 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://shrinke.me
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 prebid.js Show response
cdn.adtrue.com/pb/ Frame C4DF 309 KB
98 KB 39ms
39ms Script
application/javascript 2606:4700:e6::ac40:c914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adtrue.com/pb/prebid.js
Requested by: Host: exchange.adtrue.com
URL: https://exchange.adtrue.com/delivery/impress?pzoneid=20034&ref=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&cb=2466136573&timeZone=0&adWidth=300&adHeight=250&loc=https://shrinke.me/HannahOwoLeaked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c914 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 825d5cd71dbdd99c5c8181e2e88e24573f837019cc0b15a6a15fa98bdffc506e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11621933
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 11 Oct 2022 04:44:29 GMT
server: cloudflare
etag: W/"6344f4ad-4d256"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x6%2BrKhWMg0qlbnKgmjsGgm7XFVcZ5ewzCqdfSyCCwyGP0Rm9ka6gKXOcdEcq1mpHJ1PnLuiQkAcm08xRkxCMltE2n931%2FSPNkK8w1wQXeB0c86vXg30npJogpCRAxZyPezRmw%2BUYhmCvFT00%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31104000
cf-ray: 7a8e800e1ec30eb4-AMS
expires: Sat, 28 Oct 2023 04:32:26 GMT

GET
H2 200 pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/155495/4202/ Frame C4DF 255 KB
79 KB 113ms
34ms Script
text/javascript 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/155495/4202/pwt.js
Requested by: Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: eb2b4bf34c54d7f4b3479dc7cc24ba304d9f8561f65c6a5fa3734bd462f8e64f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

unused62: 8096267
date: Thu, 16 Mar 2023 16:51:19 GMT
content-encoding: gzip
last-modified: Wed, 27 Oct 2021 05:33:12 GMT
server: Apache
etag: "1241a12-3fca8-5cf4eee137dd8"
vary: Accept-Encoding
content-type: text/javascript
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=31085
accept-ranges: bytes
content-length: 80538
expires: Fri, 17 Mar 2023 01:29:24 GMT

GET
H2 200 request Show response
track.adtrue.com/track/ Frame 928D 377 B
522 B 67ms
49ms Document
text/html 2606:4700:e6::ac40:c914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://track.adtrue.com/track/request?pzoneid=20034&domain=shrinke.me&ref=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&loc=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked
Requested by: Host: exchange.adtrue.com
URL: https://exchange.adtrue.com/delivery/impress?pzoneid=20034&ref=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&cb=2466136573&timeZone=0&adWidth=300&adHeight=250&loc=https://shrinke.me/HannahOwoLeaked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c914 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f4e125313753d65db851e4b47334123f4f71ac3ee6e28f3c87ee5264a874da78

Request headers

Referer: https://shrinke.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7a8e800e3f0a0eb4-AMS
content-encoding: br
content-type: text/html
date: Thu, 16 Mar 2023 16:51:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KA9qRVeGZA8nBcXNxg2B1wGq9TSrgZt3l0pmSzY%2F0oaDxC7AUnf%2B7aozGJ0%2BklAZvu8PZGv1ZgqN3PwxbgiSXwL8WHH1k4EeGhkQqaZju2kzOdXUp1Uvb3htUFXNqmFk4D88I6bqb92XrNiONE9Y"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-host-name: adt-backend-1

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
203 B 38ms
37ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=283733604&t=pageview&_s=1&dl=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&ul=en-us&de=UTF-8&dt=ShrinkMe.io&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1933030755&gjid=425916528&cid=1684580923.1678985479&tid=UA-137383949-1&_gid=1551814896.1678985479&_r=1&gtm=457e33d0&z=867375547

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://shrinke.me/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:19 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://shrinke.me
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_2023031301.js Show response
securepubads.g.doubleclick.net/gpt/ 397 KB
134 KB 34ms
33ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb7d39384f8a58e23c5e8c78b974aabb9cd28238d451301a12b43c321783fe6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:12:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2324
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 136873
x-xss-protection: 0
last-modified: Mon, 13 Mar 2023 08:34:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 15 Mar 2024 16:12:35 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 2 KB
512 B 130ms
65ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=shrinke.me

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a7059195163a0606eed7449bcee87ee0d015eb28c781da6d37a7e75bf116a024

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 487
x-xss-protection: 0
expires: Thu, 16 Mar 2023 16:51:19 GMT

GET
H3 500 js
www.googletagmanager.com/gtag/ Frame 928D 0
0 38ms
37ms Script
text/html 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.googletagmanager.com/gtag/js?id=GTM-NPLC9ST
Requested by: Host: track.adtrue.com
URL: https://track.adtrue.com/track/request?pzoneid=20034&domain=shrinke.me&ref=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&loc=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://track.adtrue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame C4DF 42 B
845 B 75ms
24ms XHR
application/json 185.89.211.116
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

dedd81f9590e4534677ed3e1801c27f37f3837af1843524d8923087ef6f20997

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://shrinke.me/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 16:51:19 GMT
AN-X-Request-Uuid: 3a7b87a5-bc65-417c-9afe-30eadcc5f49f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://shrinke.me
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 31.204.153.186; 31.204.153.186; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 42
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame C4DF 0
212 B 105ms
28ms XHR
text/plain 2a02:2638:3::7
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.12.0-pre&cb=22158386099&lsavail=0

Requested by

Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::7 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://shrinke.me/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
access-control-allow-origin: https://shrinke.me
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame C4DF 0
112 B 91ms
27ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shrinke.me/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://shrinke.me
date: Thu, 16 Mar 2023 16:51:18 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
345 B 99ms
34ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-137383949-1&cid=1684580923.1678985479&jid=1933030755&gjid=425916528&_gid=1551814896.1678985479&_u=YADAAUAAAAAAACAAI~&z=1681279676

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

122fac0ffbb44fb8bba0388baa11afc67faec3b223a06871a40dbcab4c6cc787

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://shrinke.me/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 16 Mar 2023 16:51:19 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://shrinke.me
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 113ms
30ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fshrinke.me%2F&domain=shrinke.me&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://shrinke.me
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://shrinke.me
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 16 Mar 2023 16:51:19 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 548273
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/ Frame C4DF
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fshrinke.me%2F&domain=shrinke.me&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=VBmtIHxDRUQ1MnZCbFpqL3hyTHBESW9MVVlkcndPejFGd1FSZno3N3FYQkgyUzdRbWR4T0JIcEtKZndlSThRYWFWZjFWaHFqWkVnaTBrMktSTXppQzUvTEdLeGpkNFhoZG9yTHBITmk3WEl5U29yV0JJRUE2aFBMTm9DRH...

362 B
649 B

77ms
25ms

XHR
application/json

178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=VBmtIHxDRUQ1MnZCbFpqL3hyTHBESW9MVVlkcndPejFGd1FSZno3N3FYQkgyUzdRbWR4T0JIcEtKZndlSThRYWFWZjFWaHFqWkVnaTBrMktSTXppQzUvTEdLeGpkNFhoZG9yTHBITmk3WEl5U29yV0JJRUE2aFBMTm9DRHJoeWZYcURMRXo3eCs3Q2FiWk91SUhYaEZtOFVSaC9pbmdtOWpDYjI0TEZiOHczTXVjZGQrcmhRZVdDemxZY1VUZkNReGNEUHcvTzFHanJIR3diU0xwbHB6ZEhZYmYySUJ0WFA2YXNYZWk3aVdNZkJsaFpJPXw&cppv=2

Protocol

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

411d62ef464a15dc681097de1e4aae341b71840e791a54ad76c7b853db12db86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:19 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 900825
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:19 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
access-control-allow-methods: GET
location: https://mug.criteo.com/sid?cpp=VBmtIHxDRUQ1MnZCbFpqL3hyTHBESW9MVVlkcndPejFGd1FSZno3N3FYQkgyUzdRbWR4T0JIcEtKZndlSThRYWFWZjFWaHFqWkVnaTBrMktSTXppQzUvTEdLeGpkNFhoZG9yTHBITmk3WEl5U29yV0JJRUE2aFBMTm9DRHJoeWZYcURMRXo3eCs3Q2FiWk91SUhYaEZtOFVSaC9pbmdtOWpDYjI0TEZiOHczTXVjZGQrcmhRZVdDemxZY1VUZkNReGNEUHcvTzFHanJIR3diU0xwbHB6ZEhZYmYySUJ0WFA2YXNYZWk3aVdNZkJsaFpJPXw&cppv=2
access-control-allow-origin: https://shrinke.me
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 572092
content-length: 0
expires: 0

GET
H2 200 integrator.js Show response
adservice.google.nl/adsid/ 107 B
531 B 164ms
38ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=shrinke.me

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 113ms
40ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=shrinke.me

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 1 KB
2 KB 136ms
25ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 23bc1d893ce2d2f30b68e549aa3cb991c2a7b7dd87e3df67d9fbb6a8dd113bf8

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:13:54 GMT
via: 1.1 google
age: 2245
x-guploader-uploadid: ADPycdtfBwFOj3y4hAWkCEKiwB-0g1zfWUHMYnQtGqyHjWpCIrRHbp-iUJj6FPRHbi7JSCuNFYR2MrgBmssRSa_GRAjtRg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1258
last-modified: Fri, 29 Jul 2022 16:55:09 GMT
server: UploadServer
etag: "f5bc066f146e3dbb049aa6c86c7012e6"
vary: X-Goog-Allowed-Resources
x-goog-generation: 1659113709880056
x-goog-hash: crc32c=6QojvA==, md5=9bwGbxRuPbsEmqbIbHAS5g==
content-type: text/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 1258
accept-ranges: bytes
expires: Thu, 16 Mar 2023 17:13:54 GMT

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 2 KB
2 KB 140ms
30ms Script
text/javascript 2600:9000:2250:ca00:a:e047:752:b361
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:ca00:a:e047:752:b361 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 71fc1599035adc6bc34df2117b8631285905f97737ba730af28644ee6a0d8dde

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 05:18:35 GMT
Via: 1.1 1aa52a2a71a599aaf6b3df3a9c53b268.cloudfront.net (CloudFront)
Last-Modified: Mon, 23 Jan 2023 04:07:36 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P2
Age: 41565
x-amz-server-side-encryption: AES256
ETag: "aded621b17723f487b3c9d0e43cf2f94"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1859
X-Amz-Cf-Id: Hiku-Lr760L4RexABeJSf2gU8fje0xGD9tmNcV8JjtW5YjzRs12Adg==

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 37 KB
11 KB 146ms
34ms Script
text/javascript 18.66.97.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-109.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 46dde6dd5afd36e719cfe8c4146eb9608243dfca499da8b5387c02dae3ba2382

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 00:52:11 GMT
content-encoding: gzip
via: 1.1 4d0ae7ca3bb5e2d6eaa1450e1906adb4.cloudfront.net (CloudFront)
last-modified: Wed, 08 Mar 2023 18:15:21 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 57549
x-amz-server-side-encryption: AES256
etag: W/"6efe327d19f3ed2460254f4c8a1faf92"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age: 86400
x-amz-cf-id: GyTlD8VnAp4dUpI_eH2QQrSQk4ynTihmwhLpkL9GEuSCzx4trsvLtw==

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 58 KB
17 KB 151ms
40ms Script
text/javascript 2606:4700:10::6816:3456
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3456 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b1546ae8f493de03b1ca99f9f955a20785679be18625354b363f2f8311f421b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 13 Feb 2023 11:21:55 GMT
server: cloudflare
x-amz-request-id: 72SJ98BPH5NRBYNS
age: 3538
etag: W/"b988c8d91b8a22dcd50f129d3a9d67f1"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 7a8e80103d5b364a-FRA
x-amz-id-2: sAdRQ23IcjMGFRCw1s7cZgLVr5ssar/2oaucXbzSysShilKIgGbMkRfz2MS2nLoou7fM1VcEZhk=

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
1 KB 92ms
35ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 29796
x-jsd-version: master
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230042-FRA, cache-yyz4535-YYZ
x-jsd-version-type: branch
server: cloudflare
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iQWoWwaFKxTmqmh7IIF7azI4MW3EjblEdJ%2Fg2EeXu6MBu6YKWLMgp3uLSTSSWMQw3OPHRG35j4IocqwAljaCeCjxwKSynxrc4r2%2FA%2Bj8xbCrt%2FBvU0bZ8jqusv90jAMQUdmV%2BGz9kPp7dGPxsYo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 7a8e800fea340c11-AMS

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 39 KB
13 KB 159ms
49ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

c7fc8dae04703101d705fac5268f8900d96149d6b2d3fdd6c1fac249ed16cf1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 24 Feb 2023 07:57:32 GMT
server: nginx
etag: W/"63f86dec-9c21"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 17 Mar 2023 16:51:19 GMT

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 134ms
24ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 05:57:48 GMT
content-encoding: gzip
age: 1853611
x-guploader-uploadid: ADPycduOfLe5lOY3EI69rMndjHMqpFpthp5ZXMPBqNLi0lnG4MF-PbwWAMX4whmYTvRwNdZE2e_9TmmD-UvuPv4q1VRt_g
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Fri, 23 Feb 2024 05:57:48 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 45 KB
19 KB 732ms
728ms XHR
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3969188998036713&correlator=4149784929076950&eid=31072886%2C31073062%2C31072516%2C31072975%2C31071975&output=ldjh&gdfp_req=1&vrg=2023031301&ptt=17&impl=fif&iu_parts=211182487%3A22476148198%2Cwww.shrinke.me_Display336x280&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ifi=1&adks=3910693916&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1678985479595&lmt=1678985479&dlt=1678985477875&idt=1647&adxs=632&adys=164&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&frm=20&vis=1&psz=336x-1&msz=336x-1&fws=0&ohw=0&ga_vid=1684580923.1678985479&ga_sid=1678985480&ga_hid=283733604&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYo4vV2u4wSABSAghkEhkKCnB1YmNpZC5vcmcYo4vV2u4wSABSAghkEhcKCHJ0YmhvdXNlGKOL1druMEgAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRiji9Xa7jBIAFICCGQSGQoKdWlkYXBpLmNvbRiji9Xa7jBIAFICCGQSFAoFb3BlbngYo4vV2u4wSABSAghkEhsKDGlkNS1zeW5jLmNvbRiji9Xa7jBIAFICCGQ.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

69574a5304488c5c9c074eb37f623ea48fc56cc9191169843072800ca00075a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19356
x-xss-protection: 0
google-lineitem-id: 5786376946
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138392486969
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://shrinke.me
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 45 KB
19 KB 1412ms
1408ms XHR
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3969188998036713&correlator=4149784929076950&eid=31072886%2C31073062%2C31072516%2C31072975%2C31071975&output=ldjh&gdfp_req=1&vrg=2023031301&ptt=17&impl=fif&iu_parts=211182487%3A22476148198%2Cwww.shrinke.me_Display480x320&enc_prev_ius=%2F0%2F1&prev_iu_szs=480x320&ifi=2&adks=4056164895&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1678985479606&lmt=1678985479&dlt=1678985477875&idt=1647&adxs=560&adys=593&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&frm=20&vis=1&psz=480x-1&msz=480x-1&fws=0&ohw=0&ga_vid=1684580923.1678985479&ga_sid=1678985480&ga_hid=283733604&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYo4vV2u4wSABSAghkEhkKCnB1YmNpZC5vcmcYo4vV2u4wSABSAghkEhcKCHJ0YmhvdXNlGKOL1druMEgAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRiji9Xa7jBIAFICCGQSGQoKdWlkYXBpLmNvbRiji9Xa7jBIAFICCGQSFAoFb3BlbngYo4vV2u4wSABSAghkEhsKDGlkNS1zeW5jLmNvbRiji9Xa7jBIAFICCGQ.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6b19c95e34beeabba7040eb71ff22d20e3db7603b26b5de791fe048449d759ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19168
x-xss-protection: 0
google-lineitem-id: 5786376946
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138392486987
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://shrinke.me
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 45 KB
18 KB 1041ms
1040ms XHR
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3969188998036713&correlator=4149784929076950&eid=31072886%2C31073062%2C31072516%2C31072975%2C31071975&output=ldjh&gdfp_req=1&vrg=2023031301&ptt=17&impl=fif&iu_parts=211182487%3A22476148198%2Cwww.shrinke.me_Display320x480&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x480&ifi=3&adks=4026386124&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1678985479609&lmt=1678985479&dlt=1678985477875&idt=1647&adxs=640&adys=1027&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&frm=20&vis=1&psz=320x-1&msz=320x-1&fws=0&ohw=0&ga_vid=1684580923.1678985479&ga_sid=1678985480&ga_hid=283733604&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYo4vV2u4wSABSAghkEhkKCnB1YmNpZC5vcmcYo4vV2u4wSABSAghkEhcKCHJ0YmhvdXNlGKOL1druMEgAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRiji9Xa7jBIAFICCGQSGQoKdWlkYXBpLmNvbRiji9Xa7jBIAFICCGQSFAoFb3BlbngYo4vV2u4wSABSAghkEhsKDGlkNS1zeW5jLmNvbRiji9Xa7jBIAFICCGQ.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a64d37ed16fe1c6e3386a64907cc4dfc15f0012e879ea4cf9e5b92313006a449

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18753
x-xss-protection: 0
google-lineitem-id: 5786376946
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138392486516
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://shrinke.me
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 45 KB
18 KB 330ms
329ms XHR
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3969188998036713&correlator=4149784929076950&eid=31072886%2C31073062%2C31072516%2C31072975%2C31071975&output=ldjh&gdfp_req=1&vrg=2023031301&ptt=17&impl=fif&iu_parts=211182487%3A22476148198%2Cwww.shrinke.me_Display300x250&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=4&adks=1879609403&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1678985479615&lmt=1678985479&dlt=1678985477875&idt=1647&adxs=650&adys=1782&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=4&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&frm=20&vis=1&psz=300x-1&msz=300x-1&fws=0&ohw=0&ga_vid=1684580923.1678985479&ga_sid=1678985480&ga_hid=283733604&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYo4vV2u4wSABSAghkEhkKCnB1YmNpZC5vcmcYo4vV2u4wSABSAghkEhcKCHJ0YmhvdXNlGKOL1druMEgAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRiji9Xa7jBIAFICCGQSGQoKdWlkYXBpLmNvbRiji9Xa7jBIAFICCGQSFAoFb3BlbngYo4vV2u4wSABSAghkEhsKDGlkNS1zeW5jLmNvbRiji9Xa7jBIAFICCGQ.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ab27ba1271c724d436f2eeb76d1cb2c84e4c95bf6d4d403c60a3516e8b4f09c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18741
x-xss-protection: 0
google-lineitem-id: 5786376946
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138398240524
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://shrinke.me
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 211ms
76ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023031301&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

61223d77604ce26c800a9d545aa6c31b5b407896d231e8ae588bbda539329763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11057
x-xss-protection: 0

GET
H2 200 container.html Show response
49666cd046e264d1214d49f4f50baeb2.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 974B 6 KB
3 KB 248ms
63ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://49666cd046e264d1214d49f4f50baeb2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://shrinke.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 16:51:19 GMT
expires: Fri, 15 Mar 2024 16:51:19 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 passback.js Show response
cdn.adtrue.com/rtb/ Frame 1D81 753 B
963 B 64ms
62ms Script
application/javascript 2606:4700:e6::ac40:c914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adtrue.com/rtb/passback.js
Requested by: Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e6::ac40:c914 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 43bda1428a5263bac1077be4600446811177d2517529640d7cf560363d67a629

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 14562412
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 28 Oct 2020 03:26:52 GMT
server: cloudflare
etag: W/"5f98e4fc-2f1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dInpz19q68lnEq75PJB6yk5m41Ru1CVqg%2BUy1Qf1SiCsE6AeCz%2FI%2FCPwH0%2B0CZYayc3aIpVUH2TfeyBHHOcXEWB%2FZZ35PAxdgtPiZblxUGLfxjEemI%2B87MgglauOODTmQaiDFyKvi2wTpdlDRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31104000
cf-ray: 7a8e800fcbf3b7b2-AMS
expires: Sun, 24 Sep 2023 03:44:27 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 203ms
79ms Image
image/gif 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-137383949-1&cid=1684580923.1678985479&jid=1933030755&_u=YADAAUAAAAAAACAAI~&z=2099468544

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.nl/ads/ 42 B
408 B 133ms
55ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.nl/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-137383949-1&cid=1684580923.1678985479&jid=1933030755&_u=YADAAUAAAAAAACAAI~&z=2099468544

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 anchor Show response
www.recaptcha.net/recaptcha/api2/ Frame 73E2 48 KB
26 KB 76ms
47ms Document
text/html 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LdE2L0jAAAAAE5NpOAD7HvYjNHnROo_ENbqdz2g&co=aHR0cHM6Ly9zaHJpbmtlLm1lOjQ0Mw..&hl=nl&v=MuIyr8Ej74CrXhJDQy37RPBe&size=normal&cb=9160uvt328wl

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/MuIyr8Ej74CrXhJDQy37RPBe/recaptcha__nl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

609c486ab7ddbd090dcb92a95c410aa4a36fbc036253193f438d6af20ffb319f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-GvuA9CR5BriXWjP0-cezGg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://shrinke.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 26561
content-security-policy: script-src 'report-sample' 'nonce-GvuA9CR5BriXWjP0-cezGg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 16:51:19 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 clarity.js Show response
www.clarity.ms/eus2-d/s/0.7.2/ 56 KB
19 KB 44ms
33ms Script
application/javascript 2620:1ec:48:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/eus2-d/s/0.7.2/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/6j3srg4zo7
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:48:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 99b523edd72385876c466fc061393829b08dec3aa544963373b22a08fb97784f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
content-encoding: br
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
server: nginx/1.18.0 (Ubuntu)
x-azure-ref-originshield: 0yaoSZAAAAABzkKYmYbldRo8IGaFAlwPLUEFSMjAxMDMxMDEyMDI5ADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
etag: "1d9569c9fccb81c"
x-azure-ref: 0B0kTZAAAAADOZYJpWlUKSZtaVy3057EUUEFSMjAxMDgwMzg1MDI5ADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
x-cache: TCP_HIT
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=73F7A682AF4B4BA280D1F3BF12990724&RedC=c.clarity.ms&MXFR=11EDD8B1C7F86CB91A19CA67C3F862DD
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=73F7A682AF4B4BA280D1F3BF12990724&MUID=399A5CDE2A89645609994E082B496501

42 B
442 B

39ms
38ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=73F7A682AF4B4BA280D1F3BF12990724&MUID=399A5CDE2A89645609994E082B496501
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:19 GMT
last-modified: Fri, 10 Mar 2023 22:29:58 GMT
server: Microsoft-IIS/10.0
etag: "6c9591d89f53d91:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:19 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 827A14E0B5DE4971A5965812BBF2B59B Ref B: DUS30EDGE0408 Ref C: 2023-03-16T16:51:19Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=73F7A682AF4B4BA280D1F3BF12990724&MUID=399A5CDE2A89645609994E082B496501
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H3 200 passback Show response
exchange.adtrue.com/tag/ Frame 1D81 299 B
715 B 43ms
42ms Script
application/javascript 2606:4700:e6::ac40:c914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://exchange.adtrue.com/tag/passback?adtrue_pzoneid=20034&divid=743598677&ref=undefined
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/rtb/passback.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e6::ac40:c914 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dbdd2ee2a6245e818664984007dd3ca9eb31dff1d18b626efe873639a4e9ea55

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eHGb14K6xJcmovj5BUfkVH53SPIaonWDv1xNr%2BgOg35D0TAQI3mriZePY5HAi91i%2FPTVqgf1C290E0pjr9vsFQQ%2F4Xuf1y6yHOvalpXTzFyWsDo7CpX%2FAKqVlXx2dVwfeYwFJaj0kaOJEcY89CxWsujc"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-ray: 7a8e80103c7cb7b2-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H2 200 encrypt Show response
esp.rtbhouse.com/ 221 B
315 B 38ms
37ms Fetch
application/json 35.190.39.111
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://esp.rtbhouse.com/encrypt
Requested by: Host: invstatic101.creativecdn.com
URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 111.39.190.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 34e44dd9475f0ea0056a85fae9c1b56132548eeb17711b60c74fc060d8d046dc

Request headers

Referer: https://shrinke.me/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
via: 1.1 google
server: Google Frontend
content-type: application/json
access-control-allow-origin: *
x-cloud-trace-context: c6335c8d5c3827fc019d0d8daa7f5421
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 221

OPTIONS
H2 200 encrypt
esp.rtbhouse.com/ Frame 0
0 104ms
36ms Preflight
text/plain 35.190.39.111
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://esp.rtbhouse.com/encrypt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 111.39.190.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://shrinke.me
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST, GET
access-control-allow-origin: https://shrinke.me
access-control-max-age: 600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
content-type: text/plain; charset=utf-8
date: Thu, 16 Mar 2023 16:51:19 GMT
server: Google Frontend
vary: Origin
via: 1.1 google
x-cloud-trace-context: 33340f3719ee695096713d59290a852e

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&rid=esp&cc=1

85 B
202 B

201ms
200ms

Fetch
application/json

34.120.107.143
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&rid=esp&cc=1
Protocol: H2
Server: 34.120.107.143 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 143.107.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: 2728bcb7c0931c5ab7ecec254655741bed7d4161553ea42e8d2b2085af45d193

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-zH2ErXq9B52t2Az0vLkmwN/0Dqo"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://shrinke.me
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Thu, 16 Mar 2023 16:51:19 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://shrinke.me
location: /esp?url=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
330 B 151ms
41ms XHR
application/json 54.228.6.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.228.6.120 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-228-6-120.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 771df5dda42da6f4e3c59fa0c3ce94c8965f7d6a55c8086e1b122daa956ee97c

Request headers

Referer: https://shrinke.me/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:19 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://shrinke.me
cache-control: no-cache
x-server: 10.45.4.25
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/MuIyr8Ej74CrXhJDQy37RPBe/ Frame 73E2 55 KB
24 KB 99ms
32ms Stylesheet
text/css 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/MuIyr8Ej74CrXhJDQy37RPBe/styles__ltr.css

Requested by

Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LdE2L0jAAAAAE5NpOAD7HvYjNHnROo_ENbqdz2g&co=aHR0cHM6Ly9zaHJpbmtlLm1lOjQ0Mw..&hl=nl&v=MuIyr8Ej74CrXhJDQy37RPBe&size=normal&cb=9160uvt328wl

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.recaptcha.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:10:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9643
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24605
x-xss-protection: 0
last-modified: Sun, 05 Mar 2023 21:03:42 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Mar 2024 14:10:36 GMT

GET
H3 200 recaptcha__nl.js Show response
www.gstatic.com/recaptcha/releases/MuIyr8Ej74CrXhJDQy37RPBe/ Frame 73E2 404 KB
161 KB 115ms
48ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/MuIyr8Ej74CrXhJDQy37RPBe/recaptcha__nl.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

339ef7570ef796934502d47991cbe776ef484da0b545b3f74f62a2db6ed978b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.recaptcha.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 12:10:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 103244
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 164836
x-xss-protection: 0
last-modified: Sun, 05 Mar 2023 21:03:42 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 12:10:35 GMT

GET
H2 200 adtrue.shrinke.me.994621.js Show response
jsc.adskeeper.co.uk/a/d/ Frame 1D81 3 KB
1 KB 109ms
31ms Script
text/javascript 2606:4700::6812:b14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.adskeeper.co.uk/a/d/adtrue.shrinke.me.994621.js
Requested by: Host: exchange.adtrue.com
URL: https://exchange.adtrue.com/tag/passback?adtrue_pzoneid=20034&divid=743598677&ref=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:b14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aed5d72cb96a9f77dab08ca9a8c366553f2a801c96fff3d67d84ab702970ed0b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
content-encoding: gzip
x-amz-version-id: sZCrmXBEe.ZS33fF8GZYqDWPtu1Q8827
cf-cache-status: HIT
x-amz-request-id: 4XTKW786N327AG4F
age: 3063
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1021
x-amz-id-2: t9f8XBi0OWm8ZxY02Y/0m/cWfEOuYDWDwkJU2LBem7Ax7HW/PhaszV62AQtE5YtdB5ZmqzAs1dsu8dt8ySOwrJ4tq92nPXrEgZzwFtaGNtI=
last-modified: Wed, 18 Jan 2023 10:11:23 GMT
server: cloudflare
etag: "483b4d3c6f8840f2025d00f4655217b4"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 7a8e80113f681c8c-AMS
expires: Thu, 16 Mar 2023 20:51:19 GMT

GET
H/1.1 204 increment Show response
id5-sync.com/api/esp/ 0
319 B 117ms
34ms XHR
text/plain 162.19.138.120
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.120 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533571.ip-162-19-138.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://shrinke.me/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://shrinke.me
date: Thu, 16 Mar 2023 16:51:19 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 101ms
29ms Preflight
application/json 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 16 Mar 2023 16:51:19 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 292329
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 4C9E 15 KB
6 KB 34ms
34ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=shrinke.me

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

aeb779d96af4bfa1b664c203d52fbd9ef573b84a31b34314668325fc784e1b13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://shrinke.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 16:51:18 GMT
server: Kestrel
server-processing-duration-in-ticks: 616460
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 136ms
57ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Mar 2023 16:51:19 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 4C9E
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=shrinke.me&sn=ChromeSyncframe&so=0&topUrl=shrinke.me&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=VKb-lXxjOUgyOXBzYXBLMWFOLzAvcWJJRm52UDJHR3hhZHdxN2RGVWpCL2tlTmlnZXhwVHFHMzMwVjU3c2FyZ0lHQ3VpWDcyTjNLVjZuNFVTUlRKTUlGWTdkTStFc21lTnJSY2FVd01UcGJhMmtoQ3BKUUF5SFNFZlh5a2...

433 B
670 B

71ms
27ms

Fetch
application/json

178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=VKb-lXxjOUgyOXBzYXBLMWFOLzAvcWJJRm52UDJHR3hhZHdxN2RGVWpCL2tlTmlnZXhwVHFHMzMwVjU3c2FyZ0lHQ3VpWDcyTjNLVjZuNFVTUlRKTUlGWTdkTStFc21lTnJSY2FVd01UcGJhMmtoQ3BKUUF5SFNFZlh5a2NMSVZaN2VvTGtoRGdtbTRjM20wUENCdjc4Q1krb0dQL1puOUZqeTZTVVI0dlJubE5LcW1EbnN2NnhuUUhZeXJJYkp1ZXFPdWE0SmttU01TdWtQTEhWOCtZSnk5OW9TcWtuaCtpYzNLTzRvUHdOWWZPUEM4OEdqbmRQVzJpRzV4N3l4WGxCTm1YOEJOdTR5cmI1cUZjdEo3TGVDRFIvZz09fA&cppv=2

Protocol

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

14857bf2362aefd80e0e544816ebe6e9598a2bb6c06549d16153e933281b8a85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:19 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1814914
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:19 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=VKb-lXxjOUgyOXBzYXBLMWFOLzAvcWJJRm52UDJHR3hhZHdxN2RGVWpCL2tlTmlnZXhwVHFHMzMwVjU3c2FyZ0lHQ3VpWDcyTjNLVjZuNFVTUlRKTUlGWTdkTStFc21lTnJSY2FVd01UcGJhMmtoQ3BKUUF5SFNFZlh5a2NMSVZaN2VvTGtoRGdtbTRjM20wUENCdjc4Q1krb0dQL1puOUZqeTZTVVI0dlJubE5LcW1EbnN2NnhuUUhZeXJJYkp1ZXFPdWE0SmttU01TdWtQTEhWOCtZSnk5OW9TcWtuaCtpYzNLTzRvUHdOWWZPUEM4OEdqbmRQVzJpRzV4N3l4WGxCTm1YOEJOdTR5cmI1cUZjdEo3TGVDRFIvZz09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 603721
content-length: 0
expires: 0

POST
H/1.1 204
No Content collect Show response
j.clarity.ms/ 0
290 B 445ms
195ms XHR
text/plain 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus2-d/s/0.7.2/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://shrinke.me/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://shrinke.me
Date: Thu, 16 Mar 2023 16:51:20 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H3 200 vl.json Show response
services.vlitag.com/vld/1678770233/ 13 B
287 B 174ms
172ms XHR
application/json 2606:4700:10::ac43:15e3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://services.vlitag.com/vld/1678770233/vl.json?page_url=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked
Requested by: Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=b696d0f5c06dbd9fd83feb568718537b
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:15e3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 76aacba4eece592e3a3281e69a5762c6f10b527a29fbba5eae5ac091f47ae554

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
cf-cache-status: HIT
last-modified: Wed, 15 Mar 2023 18:27:19 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://shrinke.me
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noarchive, nosnippet
cf-ray: 7a8e80118bc53618-FRA
content-length: 13
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 b696d0f5c06dbd9fd83feb568718537b.json Show response
services.vlitag.com/obj/1678770233/ 44 KB
5 KB 47ms
40ms XHR
application/json 2606:4700:10::ac43:15e3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://services.vlitag.com/obj/1678770233/b696d0f5c06dbd9fd83feb568718537b.json?cc=NL&hn=https://shrinke.me
Requested by: Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=b696d0f5c06dbd9fd83feb568718537b
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:15e3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40c674b20f9f3e5db9cc7de45b85078b911be7ea93d421f39b3395e1f6b46c27

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 Mar 2023 05:07:50 GMT
server: cloudflare
age: 194757
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://shrinke.me
cache-control: public, immutable, max-age=31536000
x-robots-tag: noindex, nofollow, noarchive, nosnippet
cf-ray: 7a8e80118be93618-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 adtrue.shrinke.me.994621.es6.js Show response
jsc.adskeeper.co.uk/a/d/ Frame 1D81 251 KB
75 KB 31ms
30ms Script
text/javascript 2606:4700::6812:b14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.adskeeper.co.uk/a/d/adtrue.shrinke.me.994621.es6.js
Requested by: Host: jsc.adskeeper.co.uk
URL: https://jsc.adskeeper.co.uk/a/d/adtrue.shrinke.me.994621.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:b14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ced814aab3b568fbc77d0cfe3a6672e67c9ed4fbac835823829cedf2f1a0937

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:19 GMT
content-encoding: gzip
x-amz-version-id: kXu23gMhFRKpTqE9RLwdUzkvmaZe0oCF
cf-cache-status: HIT
x-amz-request-id: 4XTVY57102A0VDJQ
age: 5870
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 76603
x-amz-id-2: fEMVc4SYV3wYGI//z6vF574II0oWlYXK2g6b4YtccFZejRq05kpN+La0f7ovFtxHjg8gumanRcc=
last-modified: Wed, 18 Jan 2023 10:11:23 GMT
server: cloudflare
etag: "650edca5a1d0a7551eca6b4a8206de0b"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 7a8e801188191c8c-AMS
expires: Thu, 16 Mar 2023 20:51:19 GMT

GET
H2 200 cmp-v2.0.1.js Show response
assets.vlitag.com/plugins/cmptcf2/ 267 KB
72 KB 81ms
45ms Script
application/javascript 2606:4700:10::ac43:15e3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.vlitag.com/plugins/cmptcf2/cmp-v2.0.1.js

Requested by

Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=b696d0f5c06dbd9fd83feb568718537b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:15e3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

645c745c972fa286538b481ff3da9a58bf2a8b2fba6b8a195853f6d221a4775e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1496358
cf-polished: origSize=489839
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Tue, 29 Dec 2020 02:18:12 GMT
server: cloudflare
etag: W/"5fea91e4-7796f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=16070400
x-robots-tag: noindex, nofollow
cf-ray: 7a8e8012399a6967-FRA
expires: Mon, 27 Feb 2023 09:41:49 GMT

GET
H2 200 prebid-7.34.0.js Show response
assets.vlitag.com/prebid/default/ 564 KB
169 KB 103ms
69ms Script
application/javascript 2606:4700:10::ac43:15e3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.vlitag.com/prebid/default/prebid-7.34.0.js

Requested by

Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=b696d0f5c06dbd9fd83feb568718537b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:15e3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e0cd7c93caed8ff26db1c4ebd8e053f8a76e7127b9f4b036c2af89653e68737

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1081753
cf-polished: origSize=579129
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Wed, 01 Feb 2023 04:21:56 GMT
server: cloudflare
etag: W/"63d9e8e4-8d639"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=16070400
x-robots-tag: noindex, nofollow
cf-ray: 7a8e8012399b6967-FRA
expires: Wed, 01 Mar 2023 23:32:42 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 79 KB
27 KB 123ms
45ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=b696d0f5c06dbd9fd83feb568718537b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03fd7849ddf8ba76324176b14ad84ec584db5235a5b374c6a0e34b3ccea05534

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27443
x-xss-protection: 0
server: sffe
etag: "1512 / 943 of 1000 / last-modified: 1678964715"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 16 Mar 2023 16:51:20 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 361 KB
121 KB 191ms
55ms Script
text/javascript 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=b696d0f5c06dbd9fd83feb568718537b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0afdfec0cc81ad101710150812834831dd21e1d766c380af5114509ff56b7eb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123281
x-xss-protection: 0
expires: Thu, 16 Mar 2023 16:51:20 GMT

GET
H2 200 sf_host.min.js Show response
assets.vlitag.com/plugins/safeframe/src/js/ 38 KB
17 KB 99ms
66ms Script
application/javascript 2606:4700:10::ac43:15e3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.vlitag.com/plugins/safeframe/src/js/sf_host.min.js

Requested by

Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=b696d0f5c06dbd9fd83feb568718537b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:15e3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1916cf4455a526aadafd82710bf7304154905dcdf69dd9e0b516a63cc82e27e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1496369
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Nov 2019 05:04:50 GMT
server: cloudflare
etag: W/"5dbbbcf2-9806"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=16070400
x-robots-tag: noindex, nofollow
cf-ray: 7a8e8012399e6967-FRA
expires: Mon, 27 Feb 2023 09:41:44 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 222 KB
55 KB 104ms
34ms Script
application/javascript 108.138.4.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=b696d0f5c06dbd9fd83feb568718537b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.4.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-4-10.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2e2d56cece389641b16dea99088a149ade31ad4dd2a3864f501c729dac4543e0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:13:33 GMT
content-encoding: gzip
via: 1.1 6fd3ab2be93b19c970fb371964d46d94.cloudfront.net (CloudFront), 1.1 7b20af4202adb6ef25a7920ed74908dc.cloudfront.net (CloudFront)
last-modified: Wed, 15 Mar 2023 20:24:51 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA56-P6
age: 2268
etag: W/"a7e0149ce78dcfe46a1b0656ebdcc903"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: CCxtS3BulWLPIHSzWOWmIX8rfqbqb_rq8q8HqFsIP1A7VXpzgkVLag==

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame DA12 0
0 93ms
93ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstJvo2jaOWkIicaV7OVYQn5grx5NERQNB1g9fMYyEjzei2ZZggZ15_fH8yl_jhXJYRJgB_C-jstKV-BF8uvd6w7CGksoTnTPs4IeRoG0OqpCvE1e1snQ_3oTQNdEyou9IEvojXGAi6_uyV4wSUmfOJ1Si11FvRTJsg37J1fpoNQvC3mHGARcM5UWQJQKTi-Bz1F7Jqchg06cRXbtfBitqsVS9ajsK7IM7TFHeIBD5POo3iMes4joHcKGd6wqHGvM0X0wJYWusyKgzW02hRKoEnBU-t-R0kmuiwKYOUXw38n6bmcC_ldWylDRAqKk65Mz8GXKZ_lrAUNInGc0xeG&sai=AMfl-YRRutCA0si-oF6pHkx6ZZxIly623xlEFcM_W2P0V56NP8ZXHv3yBFM1neu-Y_aAFx5fRsnlJ0htkr_Lftb8yidsy5uQqxfh3xlP7asGpAFKkbGLjj-bAJYP4ZKvprhdyDLTwOqIw6spgaoJkGNz&sig=Cg0ArKJSzKjuE-HlhUahEAE&uach_m=[UACH]&adurl=

Requested by

Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 16:51:20 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/ Frame DA12 22 KB
9 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41f2d67bc7d54d1fc7714c567d05bc33b34173e8088bd52d521d3e8f3b506c9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 10:24:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9097
x-xss-protection: 0
server: cafe
etag: 6133207136504656605
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Mar 2023 10:24:20 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame DA12 3 KB
1 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 12:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15252
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Mar 2023 12:37:08 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DA12 158 KB
49 KB 111ms
70ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Mar 2023 16:51:20 GMT

GET
H2 200 6255599122967643750
tpc.googlesyndication.com/simgad/ Frame DA12 54 KB
54 KB 39ms
38ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6255599122967643750

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ef72d53e982b3804c42cd6d26b64c416fd85b5e4d02c5f4d71e8513d01c68a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 22:31:39 GMT
x-content-type-options: nosniff
age: 584381
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55430
x-xss-protection: 0
last-modified: Thu, 07 Jul 2022 20:20:01 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 08 Mar 2024 22:31:39 GMT

GET
DATA 200
OK truncated
/ Frame 73E2 14 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 73E2 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 73E2 2 KB
2 KB 31ms
30ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/MuIyr8Ej74CrXhJDQy37RPBe/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/MuIyr8Ej74CrXhJDQy37RPBe/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 13 Mar 2023 08:02:07 GMT
x-content-type-options: nosniff
age: 290953
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Mon, 20 Mar 2023 08:02:07 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 73E2 15 KB
15 KB 32ms
29ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.recaptcha.net/
Origin: https://www.recaptcha.net
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:27:04 GMT
x-content-type-options: nosniff
age: 5056
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Mar 2024 15:27:04 GMT

GET
H3 200 webworker.js
www.recaptcha.net/recaptcha/api2/ Frame 73E2 102 B
134 B 39ms
39ms Other
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recaptcha.net/recaptcha/api2/webworker.js?hl=nl&v=MuIyr8Ej74CrXhJDQy37RPBe

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bfa28f12f14801addd6b91fc2181129821f83468933c696c3d7c8fdb0e2eb579

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LdE2L0jAAAAAE5NpOAD7HvYjNHnROo_ENbqdz2g&co=aHR0cHM6Ly9zaHJpbmtlLm1lOjQ0Mw..&hl=nl&v=MuIyr8Ej74CrXhJDQy37RPBe&size=normal&cb=9160uvt328wl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 112
x-xss-protection: 1; mode=block
expires: Thu, 16 Mar 2023 16:51:20 GMT

GET
BLOB 200
OK 20c838bb-d15d-4e50-bbc3-66dad54bfed3
https://shrinke.me/ Frame 1D81 0
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://shrinke.me/20c838bb-d15d-4e50-bbc3-66dad54bfed3
Requested by: Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Length: 0
Content-Type: text/javascript

GET
BLOB 200
OK b17e6816-845c-4aa8-93de-9603e1b9584b
https://shrinke.me/ Frame 1D81 250 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://shrinke.me/b17e6816-845c-4aa8-93de-9603e1b9584b
Requested by: Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e37071398d21f18dff2370ee0885f38811bb69bb465b398100ab3101fc521d6b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Length: 250
Content-Type: text/javascript

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 2AAF 13 KB
5 KB 37ms
35ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://shrinke.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 3588
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:51:32 GMT
expires: Fri, 15 Mar 2024 15:51:32 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F9FB 783 B
970 B 73ms
69ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

071f1ff840b366fa73e0788d03a12b453786cfd1a95d2c727beb4f766a19c03a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-tSxA2kpei8z5C8Z7C_X9bA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://shrinke.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-tSxA2kpei8z5C8Z7C_X9bA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 16:51:20 GMT
expires: Thu, 16 Mar 2023 16:51:20 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ Frame DA12 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8f9ab1689dc99d5f70e1dd243d70735981d0075292e2066b01cdfc47898c4f6c

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 cmp-list.json Show response
test.quantcast.mgr.consensu.org/GVL-v2/ 10 KB
3 KB 121ms
31ms XHR
application/json 2600:9000:225e:b400:3:a4cd:8380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://test.quantcast.mgr.consensu.org/GVL-v2/cmp-list.json
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/plugins/cmptcf2/cmp-v2.0.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:b400:3:a4cd:8380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 709217a175f0d9b049be1cc3c9980b3e2b2e0417b0d939bc26224a18aad6de97

Request headers

Accept: application/json, text/plain, */*
Referer: https://shrinke.me/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 03:00:36 GMT
x-amz-version-id: rrDKdPiC6DTUsB4O5Q5BpNF7km7hHe63
content-encoding: gzip
via: 1.1 d81b69368e6f8be2907e338480e58682.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 49845
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 15 Mar 2023 19:52:29 GMT
server: AmazonS3
etag: W/"4958fc924e291de6e8d94c7f49ababfa"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=172800
vary: Accept-Encoding
x-amz-cf-id: MbCBXB9fC1ViPtmh_gqyCkgySedA1x1n73TNuZW1suURy_MaUDlk8Q==

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame DA12 0
0 68ms
67ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstEOub6Iv7h6oBnH7-_Fg9o0oj2Ec3Vgr2hLPhSEsATTmeQxIFZdAGiRiB47rjBi1aqIzYO-by7Ktb-CjyrFDEzc64N5c9LHoCE06zBxeuv0runWQ8PflnoHMO-1kLMichMFDdkYA1pqy-E7hUYDoSdrrMbRhcRspHle7jNrg67rX58k2j51PtZEN7gwzFDPgtLN-RqFk3OQwRRsUlwKF3a102CiUSrrPcZi_KyCV1cEXCEQaKFwDTYLkYElp8SIIl0KP1VDsNGu_-JTIeVzItc5uu-iCYLPQDRfdEppckCV6zgswaAAMKwB9dH900kNfG15rviVyfb-S0Kv2nKpgk&sai=AMfl-YR93dora8TMhDfjYXeNgDL96G5N_GOz2Flzpf1SNQBcACb429s0sTikkOykh0XTBqNSUUZa0kqcgsxcxd9BENuzkAb2cbSmHPTtbBW1g0J4CYHvmX_KCck4BvxUOudLWp-_Fcdf0XiN1YOYilxV&sig=Cg0ArKJSzN556HVkgVV2EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 16:51:20 GMT

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 98ms
31ms XHR
application/javascript 108.138.4.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.4.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-4-10.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-amz-version-id: XEGmc9MeWOPeqjC.bMBvPzs7I4WH7xPz
content-encoding: gzip
via: 1.1 bfb5bffe90e3b0e760933a7a07d850ba.cloudfront.net (CloudFront)
date: Thu, 16 Mar 2023 03:07:25 GMT
x-amz-cf-pop: FRA56-P6
age: 49436
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 03 Mar 2023 23:20:46 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: ZS1bQRIMQIJmffJkFXnbNLyMhrpHA5Xw6-qsSB-K8z0EelvdainpjA==

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame 1F72 0
176 B 110ms
31ms Document
text/html 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shrinke.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Thu, 16 Mar 2023 16:51:20 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H3 200 bframe Show response
www.recaptcha.net/recaptcha/api2/ Frame 14E4 7 KB
1 KB 43ms
41ms Document
text/html 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recaptcha.net/recaptcha/api2/bframe?hl=nl&v=MuIyr8Ej74CrXhJDQy37RPBe&k=6LdE2L0jAAAAAE5NpOAD7HvYjNHnROo_ENbqdz2g

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/MuIyr8Ej74CrXhJDQy37RPBe/recaptcha__nl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

58272b48f5f41d2f7c22a249f811e921b513462c9cf047f2eaba2edadce51c86

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-JtzTzitTTWTpsXWkxcR2NA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://shrinke.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 1119
content-security-policy: script-src 'report-sample' 'nonce-JtzTzitTTWTpsXWkxcR2NA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 16:51:20 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 vendor-list.json Show response
quantcast.mgr.consensu.org/GVL-v2/ 404 KB
54 KB 119ms
37ms XHR
application/json 2600:9000:211e:ac00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/GVL-v2/vendor-list.json
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/plugins/cmptcf2/cmp-v2.0.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:ac00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 06ce81f9ad2a8606c8df3a6c5c3c991053078fdc193842c4bed2ace10e93cdf2

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 03:00:36 GMT
content-encoding: gzip
via: 1.1 93b0598b43d63761f1a129690721f888.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 49845
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 16 Mar 2023 03:00:34 GMT
server: AmazonS3
etag: W/"40c6eaf353ff802f61113d009bb338c5"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: bNyy8ekJNU9w3TTKO3ZMaKrlN9js8EYYjcdv6bwAmp-O9zCv5YnqHg==

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
305 B 33ms
32ms XHR
text/plain 108.138.4.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fshrinke.me&pubid=9cf0c4f1-7630-476b-9141-f4472e005192
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.4.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-4-10.fra56.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:11:23 GMT
via: 1.1 7b20af4202adb6ef25a7920ed74908dc.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
age: 5996
x-cache: Hit from cloudfront
access-control-allow-origin: https://shrinke.me
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: KWBgRahhQDXwXksFMi87B1dqX6ybAd_GmI1ftKgEYYnP0oL4Fy2fng==

GET
H3 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
2 KB 65ms
35ms XHR
application/json 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20230316

Requested by

Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-7.34.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e1cbc0637dd5fdd8e2516ba95117b64b924bd1e14f3edbd666f8053e80e3e69c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://shrinke.me/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3027
x-jsd-version: 1.0.1648
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230103-FRA, cache-yyz4550-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"63b-V+X5VQkoGQDkKFOjza5edit0IvI"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FkONc5m4S533%2Be2uOWOu56NfzWcNBe8swxbUCdxC3euOA232fPHMNK7dNLQV2rEzs4qD%2B31e5TvKTGXfNsS%2Bu2KQXUfhc9zQECFE%2BZ7iPDNpqIK2v%2FdlW26C4YBEhESckRnufpPj%2FwqRQfLV1E0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 7a8e8014a90d0eaf-AMS

GET
H2 200 cc.jpeg
px.vliplatform.com/bi-v4/ 0
272 B 252ms
159ms Image
image/jpeg 2606:4700:3037::ac43:9e3b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.vliplatform.com/bi-v4/cc.jpeg?e=rNMZAaRrtNrtl0zghRzdNMqKeKZAe-AYKM-PUZP-MMwY-UaqTweBZZBKqRdzNwqfftkRlmNBYAbTAARwlNqdqmgfRkjmNBYAbTAA,BYAbZA,BAAbTAA,BAAbKZRrdzNqdqmgfRwkjNARmNYaPPTRleNpl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:9e3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
cf-cache-status: MISS
last-modified: Thu, 16 Mar 2023 16:51:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vSw64MamyFsWVF4Bz0%2BugxO1O4PoclwwBYn9oDQ%2F2bsVy5pfRxImhH9OoICGenYfbXV%2BAmmKoPGIRk8krB9MQ29myz%2BgiH3hGehGvv45OoB5XuJclpTLDHXzkAH7SLErjGwzHNCuAKDYhAuD8RCUgw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=864000, immutable
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noarchive, nosnippet
cf-ray: 7a8e80154df9368b-FRA
content-length: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 cc.jpeg
px.vliplatform.com/bi-v4/ 0
270 B 258ms
166ms Image
image/jpeg 2606:4700:3037::ac43:9e3b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.vliplatform.com/bi-v4/cc.jpeg?e=rNMZAaRrtNrtl0zghRzdNaaZKyKKa-MtTY-Ptrr-wMUY-eawweBKAwTePRdzNwqfftkRlmNaKAbYZARwlNqdqmgfRkjmNaKAbYZA,aKAbaA,KYMbaA,PUMbUARrdzNqdqmgfRwkjNARmNYaPPARleNpl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:9e3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
cf-cache-status: MISS
last-modified: Thu, 16 Mar 2023 16:51:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HPUj3smuTCTBiG1SprTGjfSwDZwteEamc9EU9hjB7SxQMnmv8yKjh2078FKhDtLwNUTV6aXuvxZiD8GUBmZGlMe3AC%2FUn7CPeV2MChofCKytF8ijDCgIo%2FW6TglEscRQE1XGz89G7uCDezWw44Qr%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=864000, immutable
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noarchive, nosnippet
cf-ray: 7a8e80154dfc368b-FRA
content-length: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 cc.jpeg
px.vliplatform.com/bi-v4/ 0
277 B 256ms
164ms Image
image/jpeg 2606:4700:3037::ac43:9e3b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.vliplatform.com/bi-v4/cc.jpeg?e=rNMZAaRrtNrtl0zghRzdNBKyByqPq-YtrU-PBaw-qKyt-MwetTwqUqYaTRdzNcortg%20oflzktqdRlmNUPAbPMARwlNqdqmgfRkjmNUPAbPMARrdzNqdqmgfRwkjNARmNaYUUURleNpl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:9e3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
cf-cache-status: MISS
last-modified: Thu, 16 Mar 2023 16:51:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LruODj1P27pCG8SxGL5LL5mZgqfvd%2Buiia3SzAswb015GqxOCNfLz8szMPoo8sMXDTB6%2B297SMxTKDTQk8Y%2FilWnXmo%2Bu0i%2BKmdMv2RhOKUw%2BeA2hQ%2Bx6xWudEriJpsweTHZ18qF%2B7dRqi%2Bg8gLXqg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=864000, immutable
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noarchive, nosnippet
cf-ray: 7a8e80154dfd368b-FRA
content-length: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 cc.jpeg
px.vliplatform.com/bi-v4/ 0
272 B 252ms
160ms Image
image/jpeg 2606:4700:3037::ac43:9e3b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.vliplatform.com/bi-v4/cc.jpeg?e=rNMZAaRrtNrtl0zghRzdNaTBZqryA-BwTP-PTPw-aTZT-aaMqKePwyaPMRdzNwqfftkRlmNBBUbPMARwlNqdqmgfRkjmNBBUbYMA,BAAbYZARrdzNqdqmgfRwkjNARmNaYUUURleNpl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:9e3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
cf-cache-status: MISS
last-modified: Thu, 16 Mar 2023 16:51:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=igfkPe4iHTxLNbZ9%2Fn9wPrTVOXbcDzmkBJzGgp7XZhs4xD6ziw3O4rgSlHH76mzBmhKGrdu%2B0c1bCm0vVgtwQpjRgyQS1dxMImQW6l%2FK55NpWsP1KjJcHMxeYFdQnT2Di%2F26AbUW%2FJBJ1rxVM8kZ7w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=864000, immutable
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noarchive, nosnippet
cf-ray: 7a8e80154dff368b-FRA
content-length: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 410F 0
0 111ms
111ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvOzZ7ExNYp56W2dArIy8xYBBQkjtaiLBXuUiSuLaLUzl3DxKLKxmJjFNQ2lab3kfLiiYNjVUhNgbRbMgoz3bIbfhPmrtdHzsUFZsUA9KIYWLbcXFuhHnYLeIezMAchsNvL_pSSwI2yL7trHcbB0PWiK8EDcbAuDknoaCx1eeDq3CkBRNZFWdNo3uhfN8-7bejiypG1EzKIxQRS-Aqi9knwhc6cOzyuY04i6iEsFLT7YbYezN6dDRIuFbhGv7lz4PQyBezPgbuPv5g3tgfTLrAkhiXFl_KFHno4dBZXU0hzeLlB27zkwkh0D2VOtp8dkoG9nEfMEi5hS-vwOzPK&sai=AMfl-YSqaHUqpFQQUeCTnrPLBy5GtISFZTfmQ1LUkoy0E5UyFaLn6QmmXJf2X9gGSkQVwCWu4F4fMXIt8w8ZgspgXa_otX_VT3aZDw7mkavvDQxegAy6osre8rsbuqN1LZ56xBQJQ3bYOsZD1YPnu6W4&sig=Cg0ArKJSzJLK7337hXJgEAE&uach_m=[UACH]&adurl=

Requested by

Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/ Frame 410F 22 KB
9 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41f2d67bc7d54d1fc7714c567d05bc33b34173e8088bd52d521d3e8f3b506c9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 10:24:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9097
x-xss-protection: 0
server: cafe
etag: 6133207136504656605
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Mar 2023 10:24:20 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame 410F 3 KB
1 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 12:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15252
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Mar 2023 12:37:08 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 410F 158 KB
48 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Mar 2023 16:51:20 GMT

GET
H3 200 17684472351409442507
tpc.googlesyndication.com/simgad/ Frame 410F 185 KB
185 KB 44ms
43ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17684472351409442507

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd153a821cad21f4153ce3f3d99d458e6d3a77647adeacc9871310e7981f96d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 16:26:01 GMT
x-content-type-options: nosniff
age: 87919
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 189468
x-xss-protection: 0
last-modified: Sat, 21 May 2022 00:23:13 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 14 Mar 2024 16:26:01 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F9FB 0
0 131ms
67ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2023031301&jk=3969188998036713&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

GET
H2 200 cc.jpeg
px.vliplatform.com/bi-v4/ 0
275 B 219ms
162ms Image
image/jpeg 2606:4700:3037::ac43:9e3b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.vliplatform.com/bi-v4/cc.jpeg?e=rNMZAaRrtNrtl0zghRzdNrrKPreyq-tPMA-PKUZ-qZyt-qAYaYPeeAYArRdzNwqfftkRlmNaKAbaARwlNqdqmgfRkjmNaKAbaARrdzNqdqmgfRwkjNARmNPPPTZRleNpl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:9e3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
cf-cache-status: MISS
last-modified: Thu, 16 Mar 2023 16:51:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zgvMaJecf4i6ZC0jZvvedvUPqO3PxyhqQMTgGYoSfO%2BLXPbvfSTTX%2FcQgDhE8Bl2BPkk9ELi1x1FCGBZGTRGdmXJtFAK%2F7pWosSatqALSTzqkvowSYdmBicPM7bO%2FhAzPrbUc69%2BodJJM%2Fw3TLSiuw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=864000, immutable
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noarchive, nosnippet
cf-ray: 7a8e80154e00368b-FRA
content-length: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 cc.jpeg
px.vliplatform.com/bi-v4/ 0
546 B 215ms
159ms Image
image/jpeg 2606:4700:3037::ac43:9e3b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.vliplatform.com/bi-v4/cc.jpeg?e=rNMZAaRrtNrtl0zghRzdNtBAtaBAt-eKMa-PPrT-MeYw-yAwYrAZytyyYRdzNwqfftkRlmNKYMbaARwlNqdqmgfRkjmNKYMbaARrdzNqdqmgfRwkjNARmNPPPTZRleNpl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:9e3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
cf-cache-status: MISS
last-modified: Thu, 16 Mar 2023 16:51:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=to%2FRJga35oPtIWofMjc3ma8AFInRzeCQyI%2BNdODVv1t2%2FIUAdBDx5Cc1UFYdP8EBsF653GhH7o47hsyqAlmHIefc%2Bqw8aKbH50Hw%2BXcOX6EjbNoyf1h6VW2gVXsGsLU3tb5WkSR9vQCQux%2Bs9bdlXw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=864000, immutable
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noarchive, nosnippet
cf-ray: 7a8e80154e01368b-FRA
content-length: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 1572962830.jpg
assets.vlitag.com/widget/2019/11/05/ 192 KB
192 KB 49ms
47ms Image
image/jpeg 2606:4700:10::ac43:15e3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.vlitag.com/widget/2019/11/05/1572962830.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:15e3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

31370f14534e5bb78d3da68b6cf0e72369feea1bd68aaeac1b61d07094aa1deb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1496375
cf-polished: degrade=85, origSize=227959, status=webp_bigger
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 196267
x-xss-protection: 1; mode=block
cf-bgj: imgq:85,h2pri
last-modified: Tue, 05 Nov 2019 14:07:11 GMT
server: cloudflare
etag: "5dc1820f-37a77"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=16070400
accept-ranges: bytes
x-robots-tag: noindex, nofollow
cf-ray: 7a8e80153daf6967-FRA
expires: Mon, 27 Feb 2023 09:41:45 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/MuIyr8Ej74CrXhJDQy37RPBe/ Frame 14E4 55 KB
24 KB 44ms
43ms Stylesheet
text/css 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/MuIyr8Ej74CrXhJDQy37RPBe/styles__ltr.css

Requested by

Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/api2/bframe?hl=nl&v=MuIyr8Ej74CrXhJDQy37RPBe&k=6LdE2L0jAAAAAE5NpOAD7HvYjNHnROo_ENbqdz2g

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.recaptcha.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:10:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9644
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24605
x-xss-protection: 0
last-modified: Sun, 05 Mar 2023 21:03:42 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Mar 2024 14:10:36 GMT

GET
H3 200 recaptcha__nl.js Show response
www.gstatic.com/recaptcha/releases/MuIyr8Ej74CrXhJDQy37RPBe/ Frame 14E4 404 KB
161 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/MuIyr8Ej74CrXhJDQy37RPBe/recaptcha__nl.js

Requested by

Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/api2/bframe?hl=nl&v=MuIyr8Ej74CrXhJDQy37RPBe&k=6LdE2L0jAAAAAE5NpOAD7HvYjNHnROo_ENbqdz2g

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

339ef7570ef796934502d47991cbe776ef484da0b545b3f74f62a2db6ed978b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.recaptcha.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 12:10:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 103245
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 164836
x-xss-protection: 0
last-modified: Sun, 05 Mar 2023 21:03:42 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 12:10:35 GMT

GET
H3 200 haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js Show response
pagead2.googlesyndication.com/bg/ Frame 2AAF 36 KB
14 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85a7b34dd31e8a3bcda73a5efa232fcdfd306898e1c4746c69fd9a45d564037a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 14:17:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 95636
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14212
x-xss-protection: 0
last-modified: Mon, 06 Mar 2023 11:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 14:17:24 GMT

GET
H3

206

videoplayback
r5---sn-pouxga5o-vu2s.googlevideo.com/
Redirect Chain

https://media.vlitag.com/vid/?id=aOSRX0RXaas&t=y
https://redirector.googlevideo.com/videoplayback?expire=1678994548&ei=FBgTZIfxB4jykgaSkq0Y&ip=184.164.141.146&id=o-ADH1rbVTeSBT4A1OqGbdFBEYH6DGrcCorz5uzDs89Z0f&itag=136&aitags=134%2C136%2C137%2C160...
https://r5---sn-pouxga5o-vu2s.googlevideo.com/videoplayback?expire=1678994548&ei=FBgTZIfxB4jykgaSkq0Y&ip=184.164.141.146&id=o-ADH1rbVTeSBT4A1OqGbdFBEYH6DGrcCorz5uzDs89Z0f&itag=136&aitags=134%2C136%...

288 KB
0

175ms
55ms

Media
video/mp4

2a00:ff0:1234:3::10
INTERLAN

General

Check archive.org

Show headers Download Go to

Full URL

https://r5---sn-pouxga5o-vu2s.googlevideo.com/videoplayback?expire=1678994548&ei=FBgTZIfxB4jykgaSkq0Y&ip=184.164.141.146&id=o-ADH1rbVTeSBT4A1OqGbdFBEYH6DGrcCorz5uzDs89Z0f&itag=136&aitags=134%2C136%2C137%2C160%2C243&source=youtube&requiressl=yes&vprv=1&mime=video%2Fmp4&ns=ceNzpMz_1aYIGK8K4JlTK7YL&gir=yes&clen=30541471&dur=207.373&lmt=1676131234772774&keepalive=yes&fexp=24007246&c=WEB&txp=1216224&n=2QWqInbplVz5-cc8Rg&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAJsuNEdOTBJ8Ld207d9xnqyC17-5-yHQ4V1BNcnbTLMFAiEAk5AfCouE3o9osAlCtXC2-uN6sGJiVl4cSnccOT0xefI%3D&cms_redirect=yes&mh=3a&mip=2a00:1630:2:608::5&mm=31&mn=sn-pouxga5o-vu2s&ms=au&mt=1678985109&mv=m&mvi=5&pl=32&lsparams=mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAONJD1NC9dQn_SzzX1DYFJEE3FjUlvIyeH2NYUH5bM0AAiEAooratF5CasndIsSh1mZw5kZgxcaKNa_xEUrQY23J26w%3D

Protocol

Server

2a00:ff0:1234:3::10 , Romania, ASN41494 (INTERLAN, RO),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

client-protocol: quic
date: Thu, 16 Mar 2023 16:51:21 GMT
x-restrict-formats-hint: None
x-content-type-options: nosniff
last-modified: Sat, 11 Feb 2023 16:00:34 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
Content-Range: bytes 0-30541470/30541471
cache-control: private, max-age=8767
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 30541471
expires: Thu, 16 Mar 2023 16:51:21 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:21 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r5---sn-pouxga5o-vu2s.googlevideo.com/videoplayback?expire=1678994548&ei=FBgTZIfxB4jykgaSkq0Y&ip=184.164.141.146&id=o-ADH1rbVTeSBT4A1OqGbdFBEYH6DGrcCorz5uzDs89Z0f&itag=136&aitags=134%2C136%2C137%2C160%2C243&source=youtube&requiressl=yes&vprv=1&mime=video%2Fmp4&ns=ceNzpMz_1aYIGK8K4JlTK7YL&gir=yes&clen=30541471&dur=207.373&lmt=1676131234772774&keepalive=yes&fexp=24007246&c=WEB&txp=1216224&n=2QWqInbplVz5-cc8Rg&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAJsuNEdOTBJ8Ld207d9xnqyC17-5-yHQ4V1BNcnbTLMFAiEAk5AfCouE3o9osAlCtXC2-uN6sGJiVl4cSnccOT0xefI%3D&cms_redirect=yes&mh=3a&mip=2a00:1630:2:608::5&mm=31&mn=sn-pouxga5o-vu2s&ms=au&mt=1678985109&mv=m&mvi=5&pl=32&lsparams=mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAONJD1NC9dQn_SzzX1DYFJEE3FjUlvIyeH2NYUH5bM0AAiEAooratF5CasndIsSh1mZw5kZgxcaKNa_xEUrQY23J26w%3D
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1219
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bid Show response
aax-dtb-cf.amazon-adsystem.com/e/dtb/ 23 B
456 B 135ms
68ms XHR
text/javascript 13.32.106.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&pid=VnjrWkylj6hsM&cb=0&ws=1600x1200&v=23.313.1233&t=1000&slots=%5B%7B%22sd%22%3A%22vi_850929441_1%22%2C%22s%22%3A%5B%22320x100%22%2C%22320x50%22%2C%22300x100%22%2C%22300x75%22%5D%2C%22sn%22%3A29441%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A1%7D%5D&schain=1.0%2C1!pubpower.io%2C305%2C1%2C%2C%2C&pubid=9cf0c4f1-7630-476b-9141-f4472e005192&gdpre=1&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.106.197 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-106-197.fra60.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 00746b020527dcdbeca0dab6f6de299a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA60-P1
x-amz-rid: GYQ73FBMCT40RRC2BBB8
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://shrinke.me
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: l_mW7_CuDWb4kdrmrFDed2EzrcY8vgWKnfX6871aDotWsbG5XcV7Rg==

GET
H2 200 bid Show response
aax-dtb-cf.amazon-adsystem.com/e/dtb/ 23 B
459 B 128ms
66ms XHR
text/javascript 13.32.106.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&pid=VnjrWkylj6hsM&cb=1&ws=1600x1200&v=23.313.1233&t=1000&slots=%5B%7B%22sd%22%3A%22vi_850929440_1%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%2C%22468x60%22%5D%2C%22sn%22%3A29440%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A1%7D%5D&schain=1.0%2C1!pubpower.io%2C305%2C1%2C%2C%2C&pubid=9cf0c4f1-7630-476b-9141-f4472e005192&gdpre=1&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.106.197 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-106-197.fra60.r.cloudfront.net

Software

Server /

Resource Hash

89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 00746b020527dcdbeca0dab6f6de299a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA60-P1
x-amz-rid: 2G5B1NN838JF9P5EMPPQ
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://shrinke.me
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: Gq4TxFzzase2P_HnAVqgNw0jCj89qBtyBKVU66mOP_Xy6KO_P_LIoA==

GET
H2 200 bid Show response
aax-dtb-cf.amazon-adsystem.com/e/dtb/ 23 B
456 B 133ms
71ms XHR
text/javascript 13.32.106.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&pid=VnjrWkylj6hsM&cb=2&ws=1600x1200&v=23.313.1233&t=1000&slots=%5B%7B%22fc%22%3A%22USD%22%2C%22fp%22%3A1%2C%22id%22%3A%22Interdog_Media_RON_Instream%22%2C%22mt%22%3A%22v%22%2C%22s%22%3A%5B%22640x480%22%5D%7D%2C%7B%22sd%22%3A%22vi_850992666_banner%22%2C%22s%22%3A%5B%22336x280%22%2C%22300x250%22%5D%2C%22sn%22%3A92666%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A1%7D%5D&schain=1.0%2C1!pubpower.io%2C305%2C1%2C%2C%2C&pubid=9cf0c4f1-7630-476b-9141-f4472e005192&gdpre=1&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.106.197 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-106-197.fra60.r.cloudfront.net

Software

Server /

Resource Hash

5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 00746b020527dcdbeca0dab6f6de299a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA60-P1
x-amz-rid: X77K7F5SEPP8N8EDCFN4
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://shrinke.me
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: 3eb8bA92V4XvYcuQiaqWMxAmSnpTuOsd2mbZvd9U3IV1f5psTzkiRQ==

GET
H2 200 bid Show response
aax-dtb-cf.amazon-adsystem.com/e/dtb/ 23 B
457 B 130ms
69ms XHR
text/javascript 13.32.106.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&pid=VnjrWkylj6hsM&cb=3&ws=1600x1200&v=23.313.1233&t=1000&slots=%5B%7B%22sd%22%3A%22vi_850944415_7%22%2C%22s%22%3A%5B%22970x90%22%5D%2C%22sn%22%3A44415%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A1%7D%2C%7B%22sd%22%3A%22vi_850944415_8%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A44415%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A1%7D%5D&schain=1.0%2C1!pubpower.io%2C305%2C1%2C%2C%2C&pubid=9cf0c4f1-7630-476b-9141-f4472e005192&gdpre=1&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.106.197 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-106-197.fra60.r.cloudfront.net

Software

Server /

Resource Hash

1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 00746b020527dcdbeca0dab6f6de299a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA60-P1
x-amz-rid: FZD8Y1GSYF05DGWVAX40
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://shrinke.me
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: keKtdeadX5HyDZfl0_-kzWMr9-cxDyKHsw-7sCHTlaDuwGfYtgX7fg==

GET
H2 200 cmp2ui-en.js Show response
quantcast.mgr.consensu.org/tcfv2/23/ 469 KB
124 KB 98ms
35ms Script
text/javascript 2600:9000:211e:ac00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2ui-en.js
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/plugins/cmptcf2/cmp-v2.0.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:ac00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 587e2e7350886d6b5fd31e385638ffe5cf3331c82260e8fe76523f99cda27a42

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 19:34:13 GMT
content-encoding: br
via: 1.1 1ee1abe42f3acbda66e5d1252319566a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 163027
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
last-modified: Fri, 18 Dec 2020 15:09:43 GMT
server: AmazonS3
etag: W/"b999c652510fc4edd897a1d667aaee33"
access-control-max-age: 604800
access-control-allow-methods: GET
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800
vary: Accept-Encoding
x-amz-cf-id: Y2IvDqCKLc-JxIc4lkABJJrijYIHvOwkxOsJYwOAJBWwfuChij1dXQ==

GET
H2 200 publishertag.prebid.123.js Show response
static.criteo.net/js/ld/ Frame C4DF 87 KB
28 KB 41ms
41ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.123.js

Requested by

Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

0413c66952464f1ecd016f7bcaab521634a380fc3f9b1b907caa11cb70c2ebc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 03 May 2022 11:21:03 GMT
server: nginx
etag: W/"6271101f-15b58"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 17 Mar 2023 16:51:20 GMT

GET
DATA 200
OK truncated
/ Frame 410F 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 82aaa19b1260ace98ecd491f21390250625bfea33fdb35e08d54040c7cf9ef36

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 410F 0
0 67ms
66ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuKyHqqsPf7pMJ25MwvQRFCLBOqshY3ZXSMYzJPw14jfHwPYml9sG7qgszDCOqM3yCT-zmpm3LHqtzqjYXVbXXDxVBgGC6SUCtgm2a1oTRcC-Y-WK3IYCMCEtXKZvtdReMGCvdCp0iFxG1JiOs4gbQOVpNKPadepRLpBkTSYU8amu5CH0SDL7nVT8i-lxFUQt28YF-kdTb-Yz2XY7jtZGejmxWXpPIQbp2VELj32j79FN06YP09ZryWCoPZqZ5K9c09sffHiSITakW3mqpBxleD7uTEK4BerbrHEwpPSHKlBbYCoSmvEGwwQzYNvOMM74vl2jUWob5kn1LgOhmnEUA&sai=AMfl-YQr8ebzDRcYwdKc7FQYRodRVxVal8gJb2rg5thut-ZDyDWYhIr1J7lCmwGthdSwaidIgvwd42istGZPg_rYFFKGszdjcl4Rp5jNUD3azwuF3rk_STWtx0rYW4UTCxFYpzsdM5yRhx-N4ZBdFLEp&sig=Cg0ArKJSzL1I7H2ZaT6HEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 16:51:20 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 034D 0
0 94ms
94ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv-55FLRTNyhdIU-RI530Hv73atznF7TTJrhYvTGf26vFL4AcGxrXlg20jl2-G1Vd01lbpTU1x0ic981-jrzJJVZ3xL7dVAvpHEOYZN4H6I_2xvA0tJ8EWfR7nJjCldUkfUCUxP-UPxLdomY6At-QUoqQiTtQLRXBpfE-nzsGfZBmRKD-zW8xj6fGrXv6ZwRMTtII1Xo0o_aOpXdQ72bNDbV8LPlPuRWZuJypzz-qOUMSCTOgDQqnAgPTqM9imkyaOs5H_8TpAjkMSqrD8mmsAyg6c2E53LEvGoENITOQlj5RDttNnxJxcouuddOyRf4a31LaMaDXvp_EQ9nv7K&sai=AMfl-YQnscEHF96vB61w2q3I-1i9gqZzguM79HQTJQyzqze4Z249ol6VId8RVsr9pzysrgl5-2X53E4bEPW67h2k0z84A9gx5et5gmrFUvnn-HEK9TW6px4-anljkGPL7J5HVZ8-lZq0x4TKETsgm825&sig=Cg0ArKJSzDmoDwbkzDkVEAE&uach_m=[UACH]&adurl=

Requested by

Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/ Frame 034D 22 KB
9 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41f2d67bc7d54d1fc7714c567d05bc33b34173e8088bd52d521d3e8f3b506c9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 10:24:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9097
x-xss-protection: 0
server: cafe
etag: 6133207136504656605
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Mar 2023 10:24:20 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame 034D 3 KB
1 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 12:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15252
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Mar 2023 12:37:08 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 034D 158 KB
48 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Mar 2023 16:51:20 GMT

GET
H3 200 989334862705299342
tpc.googlesyndication.com/simgad/ Frame 034D 311 KB
311 KB 42ms
41ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/989334862705299342

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8cfac324a64e03d5217540d6419692b2a5be8ebc86edf51bea6ffba1114e67d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 10 Mar 2023 16:36:14 GMT
x-content-type-options: nosniff
age: 519306
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 318685
x-xss-protection: 0
last-modified: Sat, 21 May 2022 00:20:54 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Mar 2024 16:36:14 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame C4DF 89 KB
29 KB 138ms
68ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.123.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

20678c305b50c0988193d64cb34f41e2dcb6f2fa48353106436ea301e07ce70a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 24 Feb 2023 07:57:32 GMT
server: nginx
etag: W/"63f86dec-16386"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 17 Mar 2023 16:51:20 GMT

GET
H2 200 / Show response
audit-tcfv2.quantcast.mgr.consensu.org/ 2 B
101 B 133ms
32ms XHR
text/plain 3.66.33.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://audit-tcfv2.quantcast.mgr.consensu.org/?log=%7B%22domain%22%3A%22shrinke.me%22%2C%22publisher%22%3A%22%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.23%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22%22%2C%22clientTimestamp%22%3A1678985480778%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-yixlv3zyjb4icnev2vbz%22%7D
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2ui-en.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.66.33.201 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-33-201.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept: application/json, text/plain, */*
Referer: https://shrinke.me/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 16 Mar 2023 16:51:20 GMT
content-length: 2
content-type: text/plain; charset=utf-8

GET
DATA 200
OK truncated
/ Frame 034D 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 86a08433467787df0715172fc76c5e9016cd4493e2fd83b626f9ea05592b4db8

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 034D 0
0 73ms
73ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuLtL4946WKsobR-CdUS3Pru4ZQER4_ID1jTQT8h3Ll3LqQ4ifV6QBPtWfBr1YKs3K-YVo46We8VQ2AnsgjzCYgRvlGK-qAgrGBceTwY47-ealaKAnP3P8WFXn-fdxbXDbqQetGhOgEfNkvcMhk_Ov4mJqvmvdcElxvVFlIUzusjQpVEV2NuM2AVW4qgA6ffNIQVD4n8Pv8puBlCD7XkIw_n992EHrKyWsWr3J4SKGbdOp88DSGRHJa2UMCT_PzX9BWVScNFGGxo3VHsr868jTsFsQETFfG1gglIPR0cgbgizFWcDfmHC_UEhsrx-Jx93aFIVdIskSQCklfst5LgnY&sai=AMfl-YQ5FqIWMW4XipMMTGLCkEiwqOckB1fkvGNW4CxuP9mHV6oxEvIgy7Yke5YOMsJ87Z3c7ATwZ22p-fgomFyPnRAQia_1FAjpgToSBycJqaU9CECKsjuFeCe1_ltLr7Ty3etXBjeF_t5rKb838Rkc&sig=Cg0ArKJSzPcQ6Gmwv_Z6EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 16:51:20 GMT

POST
H/1.1 204
No Content collect Show response
j.clarity.ms/ 0
290 B 397ms
397ms XHR
text/plain 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus2-d/s/0.7.2/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://shrinke.me/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://shrinke.me
Date: Thu, 16 Mar 2023 16:51:21 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 2AAF 0
10 B 39ms
38ms Image
text/plain 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?66IoLA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:20 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 / Show response
c.adskeeper.co.uk/pv/ Frame 1D81 0
43 B 69ms
49ms Script
text/plain 2606:4700::6812:b14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.adskeeper.co.uk/pv/?tcfV2=1&scum=%3F0&scuw=%3F0&pv=5&cbuster=167898548099836975387&uniqId=079a2&consentData=&gdprApplies=1&uspString=1---&lct=1674000000&niet=4g&nisd=false&jsv=es6&iframe=1&ref=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&cxurl=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&lu=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&sessionId=64134909-02260&pageView=1&pvid=186eb554b279f4e69f1&site=630298&implVersion=11&dpr=1
Requested by: Host: jsc.adskeeper.co.uk
URL: https://jsc.adskeeper.co.uk/a/d/adtrue.shrinke.me.994621.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:b14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:21 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7a8e80187c6e1c8c-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

GET
BLOB 206
Partial Content 9101c1e7-3349-48b9-bf6d-924e775af1c4
https://shrinke.me/ Frame 1D81 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://shrinke.me/9101c1e7-3349-48b9-bf6d-924e775af1c4
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

GET
H2 200 adskeeper_svg.svg
cdn.adskeeper.co.uk/images/ Frame 1D81 4 KB
1 KB 52ms
33ms Image
image/svg+xml 2606:4700::6812:b14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.adskeeper.co.uk/images/adskeeper_svg.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:b14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c1798ee0e6e7de78f91bb457e6670385951caea9fc9c97295ca303ec6fe49be

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:21 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: 9G5BQQQ1X2DEZE3Q
age: 1264
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: nbZPN+yt91+x4/Y+C/FCf+YYW0Y7Cmn6X/2ojTvR/ojtBW0KL+mLS9yDxklCrUT+tFHGg9LLnCk=
last-modified: Tue, 08 Dec 2020 08:34:59 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1607416491/ctime:1607416491/gid:0/gname:root/md5:93f6d1136fb77e38a0a2c72108588f09/mode:33206/mtime:1607416491/uid:0/uname:root
etag: W/"93f6d1136fb77e38a0a2c72108588f09"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=14400
cf-ray: 7a8e80188c7f1c8c-AMS
expires: Thu, 16 Mar 2023 20:51:21 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 16A1 0
0 94ms
93ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvHZQRTDB9dER_sWEPAjMxHFy1gMeLXatxfEEc-ZnFkn9fsJiPnAUXcvp-uv1EGK02EoV-ARW3SG3BUWSjvKNd--Y54lVuEaPlwxkPovy4uRR3B2h-z5IzNeQk9F50p3-ckllAYogC9770KkAJA8b8aXWUfeB1n94R4-ZC7q3TkTWPkdWnSX1CqjQcOKAiCaAnNkzuOIBo6b_CGBv4fe4cf70rgr29UQXcY7mwVRRVroKpu_eZP8Y89_g4djVhh09zQfAfpXAdRg5p5juutAUMc7wyS7pTV7Gvxgw030XQbLvQGEBXdZiIQpwsbFJoGBb0Xd5Wzto_Bac3EkHQ_&sai=AMfl-YTTR6TWsBRGhMIntKGiQpCx_C32z1yGs7Ldvqn6dfUs7yXI-JrLQsqhSYLzI_0wd60RyTkXjlsXpGCZDINbwZOAzImi15eUoF75iPbECxagt1u5c2FZ6J3nK0b4x91P0vHelDEQ1iOuA08dWyY&sig=Cg0ArKJSzPNS9xQwalRFEAE&uach_m=[UACH]&adurl=

Requested by

Host: shrinke.me
URL: https://shrinke.me/HannahOwoLeaked

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/ Frame 16A1 22 KB
9 KB 30ms
30ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41f2d67bc7d54d1fc7714c567d05bc33b34173e8088bd52d521d3e8f3b506c9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 10:24:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23221
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9097
x-xss-protection: 0
server: cafe
etag: 6133207136504656605
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Mar 2023 10:24:20 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame 16A1 3 KB
1 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 12:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15253
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Mar 2023 12:37:08 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 16A1 158 KB
48 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Mar 2023 16:51:21 GMT

GET
H3 200 3397393718824588569
tpc.googlesyndication.com/simgad/ Frame 16A1 304 KB
304 KB 33ms
33ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3397393718824588569

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75c8e005dfde33d8d3eb5f5b654ec66c76ffc16be7e4653e66e58aa2f7f2aed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 22:36:59 GMT
x-content-type-options: nosniff
age: 152062
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 310900
x-xss-protection: 0
last-modified: Sat, 21 May 2022 00:23:45 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 13 Mar 2024 22:36:59 GMT

GET
H2 200 1 Show response
servicer.adskeeper.co.uk/994621/ Frame 1D81 1 KB
984 B 94ms
70ms Script
application/x-javascript 2606:4700::6812:b14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://servicer.adskeeper.co.uk/994621/1?tcfV2=1&scum=%3F0&scuw=%3F0&pv=5&cbuster=1678985481072480712213&uniqId=079a2&consentData=&gdprApplies=1&uspString=1---&lct=1674000000&niet=4g&nisd=false&jsv=es6&mp4=1&ap=1&w=300&h=250&cols=1&iframe=1&ref=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&cxurl=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&lu=https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked&sessionId=64134909-02260&pageView=1&pvid=186eb554b279f4e69f1&implVersion=11&dpr=1
Requested by: Host: jsc.adskeeper.co.uk
URL: https://jsc.adskeeper.co.uk/a/d/adtrue.shrinke.me.994621.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:b14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f3eb7fb2bc577c7f25710e755df951895a4898817ad9a56dcd6b1fa455d9c15

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:21 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 7a8e8018fd491c8c-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
DATA 200
OK truncated
/ Frame 16A1 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 85b15c55f6e922cdb0ccb02b9212a14b4b29ac100fa3b8cbcf5c79ac1f76a647

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 16A1 0
0 67ms
67ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss41lOC33JM1qEeThhyB-6x7RxlnS2GaW5PYBVd7EQ43--YoW0Vfx01UVkds3PR_2oF0TinvFERi6AqyxRmQYNUn9e1VJrrzTbWGYQO5gEUTnGFeLTRqonPB8YG2JLqStz8bHAIfiGfHCN9CcEMNK_ZCHGROBrvtFDAbJtI-_ViwlyDQYgEiteL4qpHYM673qGLI3GHaab-fKmj3-9etJx1MgPv-ubZoPFT8pyIYTNrRIMjMjwW0EkU-9O5Jr26xqTEcDlsgMkX_aFhW86XYnxZGBg_fu5tw9X0oOR_yAcix8BAzdR1hhVcmHd9Ht2yHIGG0c5Lqcb38erftKM3rxk&sai=AMfl-YSAXkacWB3FGMQMB4xAVesPxX-K9n7vq5Tsu0sxOktAF_sC4Weigqbq8g876Rn97H2WAQozMyp2uiRHJhLDfydb-gLKGg_W1zZfzWEZeFsCuGxu9v4mo_Vz4uBnnu5RrPwZsLcdgYtYsiVztOs&sig=Cg0ArKJSzFwwO7n1LHyVEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 16:51:21 GMT

GET
H3 200 adskeeper_svg.svg
cdn.adskeeper.co.uk/images/ Frame 1D81 4 KB
1 KB 35ms
35ms Image
image/svg+xml 2606:4700::6812:b14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.adskeeper.co.uk/images/adskeeper_svg.svg
Requested by: Host: jsc.adskeeper.co.uk
URL: https://jsc.adskeeper.co.uk/a/d/adtrue.shrinke.me.994621.es6.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:b14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c1798ee0e6e7de78f91bb457e6670385951caea9fc9c97295ca303ec6fe49be

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:21 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: KVPFNN6K1HEETVEF
age: 897
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 48uWtTcCd/SIud8BjNIiiNtZdJ+R3Alm+sa7xjoHZ/24yoMMOZd1qOARWhegk+oip3mc8ClXHo4=
last-modified: Tue, 08 Dec 2020 08:34:59 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1607416491/ctime:1607416491/gid:0/gname:root/md5:93f6d1136fb77e38a0a2c72108588f09/mode:33206/mtime:1607416491/uid:0/uname:root
etag: W/"93f6d1136fb77e38a0a2c72108588f09"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=14400
cf-ray: 7a8e80197be0b830-AMS
expires: Thu, 16 Mar 2023 20:51:21 GMT

GET
H2 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wOS83NDMzMjAvNzUyN...
s-img.adskeeper.co.uk/g/14204096/492x277/-/ Frame 1D81 23 KB
24 KB 103ms
32ms Image
image/webp 2606:4700::6812:b14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.adskeeper.co.uk/g/14204096/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wOS83NDMzMjAvNzUyN2JlNDhhYjhjNzJkY2IyMjI3MWE3Njk5YmM1NDkucG5n.webp?v=1678985481-k5M8zLYQapItREsnvVQMfgCEnZ5oL8RCmLwyI4Uf0gw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:b14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9da9304c96b175c53cad4ff2b23fe51f123d9caf250c3c4e4a5cfa1bbc3ab88d

Request headers

Referer: https://shrinke.me/
Origin: https://shrinke.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:21 GMT
cf-cache-status: HIT
last-modified: Thu, 16 Mar 2023 06:47:08 GMT
x-mg-request-uuid: 9ffd116d-c8b1-4546-ad87-fbe6ec1c1b54
server: cloudflare
age: 36253
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 7a8e8019ecf11ca2-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 23838

GET
H2 200 i.js Show response
cm.adskeeper.co.uk/ Frame 1D81 0
100 B 137ms
118ms Script
application/javascript 2606:4700::6812:b14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adskeeper.co.uk/i.js?&cbuster=1678985481187896694561&consentData=&gdprApplies=1&uspString=1---
Requested by: Host: jsc.adskeeper.co.uk
URL: https://jsc.adskeeper.co.uk/a/d/adtrue.shrinke.me.994621.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:b14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:21 GMT
cf-cache-status: DYNAMIC
server: cloudflare
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 7a8e8019ae3e1c8c-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

GET
H2 200 i-noref.js Show response
cm.adskeeper.co.uk/ Frame E844 0
36 B 134ms
124ms Script
application/javascript 2606:4700::6812:b14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adskeeper.co.uk/i-noref.js?cbuster=1678985481196231810966&consentData=&gdprApplies=1&uspString=1---
Requested by: Host: jsc.adskeeper.co.uk
URL: https://jsc.adskeeper.co.uk/a/d/adtrue.shrinke.me.994621.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:b14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:21 GMT
cf-cache-status: DYNAMIC
server: cloudflare
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 7a8e8019ae401c8c-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

GET
H2 200 pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/161673/7165/ Frame 1D81 190 KB
59 KB 36ms
36ms Script
application/javascript 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/161673/7165/pwt.js
Requested by: Host: jsc.adskeeper.co.uk
URL: https://jsc.adskeeper.co.uk/a/d/adtrue.shrinke.me.994621.es6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 25795c5164a6b299891cdaf8925dfb9b5e7961ac9f740667c3722e0111353986

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:21 GMT
content-encoding: gzip
last-modified: Wed, 22 Feb 2023 07:52:04 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=131377
accept-ranges: bytes
content-length: 60066
expires: Sat, 18 Mar 2023 05:20:58 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 30ms
30ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fshrinke.me%2F&domain=shrinke.me&bundle=dAiI-19OalZ6c3l0VmVFWVhJSmc0UXpzJTJCNG1iU2hMVHExMzklMkZKRHViSm5QOEdwaXF5SkZ5JTJGV3MydkZzWWs3REVmNWxKY3B6VndsYTdVeW9JWGxWVU1nTVk3U0tlQlJOZEtDcnMlMkJtb0JmS3VJVjY5WmZaSjNZSHR3OHhzdFVuMjR6MDclMkY&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://shrinke.me
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://shrinke.me
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 16 Mar 2023 16:51:20 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 630991
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/ Frame 1D81
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fshrinke.me%2F&domain=shrinke.me&bundle=dAiI-19OalZ6c3l0VmVFWVhJSmc0UXpzJTJCNG1iU2hMVHExMzklMkZKRHViSm5QOEdwaXF5SkZ5JTJGV3MydkZzWWs...
https://mug.criteo.com/sid?cpp=g9b-Z3xsZ1c0SEloak52RWNwdGV1WnZ1MFE0M1NIbC84RnZMditHL0o2WUR1azF5TlMzQ1BZdTc5MnNQMUgzRk5vNDB3NEJqbFYrc042VzdTcUFJMC9RUzNFb3ZMMXdJUlVlS3Z1MXVYRlBwRXRuLzNyZWdsZ3NHcDBZZD...

412 B
684 B

31ms
31ms

XHR
application/json

178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=g9b-Z3xsZ1c0SEloak52RWNwdGV1WnZ1MFE0M1NIbC84RnZMditHL0o2WUR1azF5TlMzQ1BZdTc5MnNQMUgzRk5vNDB3NEJqbFYrc042VzdTcUFJMC9RUzNFb3ZMMXdJUlVlS3Z1MXVYRlBwRXRuLzNyZWdsZ3NHcDBZZDZJUGQxWUVkU25MbkpGRlhSamNjbDZUL3FiZnN4ODNON2ZFNUdjNWRJVHI3SU1aTXhBVzJJRnI5dVI3YVBhbDZkOFVaUDZRcHV6a1gyd3BYZTFzR0V1a2YzSlAvZHg3VVpXMW1Vck1LWkhLVit5WVZaajlyeUplQVd4SUJWQlorWDBnQWhyY1ZiRkFEa2RBd1NJY3JHM1BqSEJQUFBvQT09fA&cppv=2

Protocol

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e1953a81c4ebfef03804c1a10ee75aa0576f5559fb47a947f85166dc121ae661

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:21 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 4034515
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:20 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
access-control-allow-methods: GET
location: https://mug.criteo.com/sid?cpp=g9b-Z3xsZ1c0SEloak52RWNwdGV1WnZ1MFE0M1NIbC84RnZMditHL0o2WUR1azF5TlMzQ1BZdTc5MnNQMUgzRk5vNDB3NEJqbFYrc042VzdTcUFJMC9RUzNFb3ZMMXdJUlVlS3Z1MXVYRlBwRXRuLzNyZWdsZ3NHcDBZZDZJUGQxWUVkU25MbkpGRlhSamNjbDZUL3FiZnN4ODNON2ZFNUdjNWRJVHI3SU1aTXhBVzJJRnI5dVI3YVBhbDZkOFVaUDZRcHV6a1gyd3BYZTFzR0V1a2YzSlAvZHg3VVpXMW1Vck1LWkhLVit5WVZaajlyeUplQVd4SUJWQlorWDBnQWhyY1ZiRkFEa2RBd1NJY3JHM1BqSEJQUFBvQT09fA&cppv=2
access-control-allow-origin: https://shrinke.me
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 564008
content-length: 0
expires: 0

GET
H2 200 id Show response
id.crwdcntrl.net/ Frame 1D81 43 B
313 B 152ms
42ms XHR
application/json 52.30.48.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.crwdcntrl.net/id?gdpr_applies=false&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/161673/7165/pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.48.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-48-43.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596

Request headers

Referer: https://shrinke.me/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:21 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://shrinke.me
cache-control: no-cache
x-server: 10.45.22.48
access-control-allow-credentials: true
content-length: 43
expires: 0

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 26ms
26ms Preflight
application/json 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 16 Mar 2023 16:51:20 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 309322
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 67ms
67ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2023031301&jk=3969188998036713&bg=!R0SlRBDNAAZKh9k7aoc7ADkAdvg8Ws-8rvNxrrWjMnpcPPgaTyLPFMKy36qIHNFnXt8-ql7xYeCRu2_pbKiDOqoJFHM7wDlyQb4CAAABcFIAAAAEaAEHCgB1sYB1PTc40i2WbG0GiHq1kCsRhlg0S_pc-EXwIz1WhJ2gimrlSRv8-2JBzWm35VzC2XQGb6pqjcoWF6KbnbqgFOI1vWl6RbP2Ou2R526g1Qo48A0kgDFRuQjKuQOP7v7PHG0pMPWX95NT7JeLfehPlILxcH6fmQKbQU_scWnekxqGCsb4OFlDZq25FkvZAboNT_10WSBxgjrTzWlHT9ZzimmcVstSSoS2Q4xVJBU62DdDpQZmm4m-AuBdkfId40AekYcn0DXEjzkpURPDkyhUHvvz1CUO9eO3-nQDwN8u3SFdhTGBzZBkNy7Z3yFhXYOiWKcyHobyL2xprCSrMEFfrTIKj_cjevZglmMlaMhH76UKHfHhLCKHTGsrRsWJoFB33uMRHbMg6ZQQea2eky7wQwmhFH7-tWDc8YmLhQFK5SCDH1V3FtvfIq94ouKCgH46PDM7GDfVXxcKbfEEEm1QZw7s-i3wPetAx89w8lIpjpEHjzpHKBNQu1AfaYsk_HW3Bs_i7AGYqz_Df8y0_cm5B5g3w9VcJ_fpJe8hNlE_9wigQ_-qpGjO1c9dGDVvKWAviyT2AzZW1vnNWWb3JXNbJhHL0Tp3lV5MTMz45O62v4lnPGeo4_-FfEC3RKfYKoTFHkxsNNZb7VZ4Yd4Nk56Gm2jzbVuuH46M7653o3lA6S1Mg84UpwnKdJjfmBFiRb5A5WW-RGpJb_b5tEJKoQkhYODOsN2KkGgN2nLVoe66AbGNE1D17ammUDykZBsUrjU0h4__an1lQh8b88NM-tNvTezPew7hUmSJzMuF9pa6-l2Biqr3FRz8bgfttZ6a3Eurrzt3aWY_ZpkPnOnsMpi_ZN3TXG3yl_rsxNtWM1qZllsCbixRx0C2L8HLhZ0f2hLIVVc6-uNPPtEWFCYfgpWrpr-gYnuGCHQ3IHIb3CbCyyNvwarGiA4HcCzWAyM1rSRQIcmuc7j-x7Iys5TPpI811Ge2cmkLU5qmfqjnoYXuzsxQ-vEcjK-sGvvG8iCqvKwXNGuLclWbUjWGU4C4vrQJZsYEgQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

POST
H/1.1 200 806.json Show response
id5-sync.com/g/v2/ Frame C4DF 215 B
619 B 98ms
35ms XHR
application/json 162.19.138.120
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/806.json

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/155495/4202/pwt.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.120 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533571.ip-162-19-138.eu

Software

Resource Hash

7a943d992d247c43230de87436532cc0bb1d928f203da4c8ee7bac8dbda739ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://shrinke.me/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://shrinke.me
date: Thu, 16 Mar 2023 16:51:20 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET envelope
api.rlcdn.com/api/identity/ Frame C4DF 0
0

GET
H2 200 id Show response
id.crwdcntrl.net/ Frame C4DF 43 B
313 B 42ms
42ms XHR
application/json 52.30.48.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.crwdcntrl.net/id
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/155495/4202/pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.48.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-48-43.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596

Request headers

Referer: https://shrinke.me/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:21 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://shrinke.me
cache-control: no-cache
x-server: 10.45.12.113
access-control-allow-credentials: true
content-length: 43
expires: 0

GET
H2 200 rid Show response
match.adsrvr.org/track/ Frame C4DF 63 B
386 B 127ms
42ms XHR
application/json 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/155495/4202/pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 13461c7ee76a0d430b8fbfa265275c7f2e194ceba34e6e0f1958af651df76034

Request headers

Referer: https://shrinke.me/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 16 Mar 2023 16:51:21 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://shrinke.me
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 63
expires: Sat, 15 Apr 2023 16:51:21 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 410F 42 B
174 B 66ms
66ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssfghlK0Ut1_iw9xITBeBHie9JsBnQl8FmsBGRjnqQvmWjlCq_NxO96cCYN2S62KX7_aYpjJU0EefHcmW2hJMB6xpKQSEY3_k5LOss7VQJZb2Ic54Z7&sig=Cg0ArKJSzI6yj-oZTr7cEAE&id=lidar2&mcvt=1000&p=164,632,444,968&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230315&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=3910693916&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1678985480427&rpt=183&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 16A1 42 B
64 B 66ms
65ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvU7AT6koFGEY_10SvlWASncxHg5UmOh0YPICoWypebvPpVoJNpJtUQ_cXUSguQbZno7_XK3AaR_X8_E59wHrhHE8Pa_V29KZQp112qBoU10D7O5p9r&sig=Cg0ArKJSzFIXjm2maBEUEAE&id=lidar2&mcvt=1001&p=1006,560,1326,1040&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&v=20230315&bin=7&avms=nio&bs=1600,1200&mc=0.61&vu=1&app=0&itpl=3&adk=4056164895&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1678985481043&rpt=78&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame C4DF
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fshrinke.me%2F&domain=shrinke.me&cw=1&pbt=1&lsw=1
https://mug.criteo.com/sid?cpp=hMIEQHwyOWtpclBEdU1ZcDRvMzZSWm1xOWpkWnlwelVzeFUyYndDdEtJMkNBSGpPUjRhUzVWdXkyOEp5WnFkY2hINVNSaEtVUDlJSk40cG9Fd3E2OHh5b3F6bmN6bk5PcHNsN0Y4ZEZiUUVicTdNUXcrWW1FQTR1akc2Um...

431 B
701 B

26ms
26ms

XHR
application/json

178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=hMIEQHwyOWtpclBEdU1ZcDRvMzZSWm1xOWpkWnlwelVzeFUyYndDdEtJMkNBSGpPUjRhUzVWdXkyOEp5WnFkY2hINVNSaEtVUDlJSk40cG9Fd3E2OHh5b3F6bmN6bk5PcHNsN0Y4ZEZiUUVicTdNUXcrWW1FQTR1akc2UmY1RTg2S29hek56U29iayt6QS9OK2M2aDNHVlNUbW93YUxSelZxMHlZM1VhbXMyNDVkK2Zac3IzdXVEc1R4NG0zcEZ5N1FCU3ZoSEZNeVI0ZkVkVzE5SjhQeEVTeG1xWDdiMVdYTG93cnllTllnUWpoTnhBLzZLKy9aMU4rc3ExbTliWmVGOVlMR2dLcFpGaFh0L0JKbEl3M3ZhUjNldz09fA&cppv=2

Protocol

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

7b19fa5010d728bedbca14a371d2f9a228213ae7cd6f5c1d51fd936afa296129

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:22 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1250199
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:22 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
access-control-allow-methods: GET
location: https://mug.criteo.com/sid?cpp=hMIEQHwyOWtpclBEdU1ZcDRvMzZSWm1xOWpkWnlwelVzeFUyYndDdEtJMkNBSGpPUjRhUzVWdXkyOEp5WnFkY2hINVNSaEtVUDlJSk40cG9Fd3E2OHh5b3F6bmN6bk5PcHNsN0Y4ZEZiUUVicTdNUXcrWW1FQTR1akc2UmY1RTg2S29hek56U29iayt6QS9OK2M2aDNHVlNUbW93YUxSelZxMHlZM1VhbXMyNDVkK2Zac3IzdXVEc1R4NG0zcEZ5N1FCU3ZoSEZNeVI0ZkVkVzE5SjhQeEVTeG1xWDdiMVdYTG93cnllTllnUWpoTnhBLzZLKy9aMU4rc3ExbTliWmVGOVlMR2dLcFpGaFh0L0JKbEl3M3ZhUjNldz09fA&cppv=2
access-control-allow-origin: https://shrinke.me
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 392936
content-length: 0
expires: 0

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 30ms
30ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fshrinke.me%2F&domain=shrinke.me&cw=1&pbt=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://shrinke.me
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://shrinke.me
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 16 Mar 2023 16:51:22 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 975814
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 9F9B 52 KB
17 KB 298ms
94ms Document
text/html 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://shrinke.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 34720
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Thu, 16 Mar 2023 16:51:22 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 01 Mar 2023 07:12:12 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 19, 105529
X-Served-By: cache-lga13626-LGA, cache-ewr18127-EWR
X-Timer: S1678985483.886686,VS0,VE0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame E410 16 KB
6 KB 31ms
31ms Document
text/html 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://shrinke.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=60767
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Thu, 16 Mar 2023 16:51:22 GMT
expires: Fri, 17 Mar 2023 09:44:09 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame E410 5 KB
6 KB 111ms
29ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=30117924&p=155495&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 3d423720317ef6580e31c0f56b88d53811427deb2b2e1a2eec2662358af42d63

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Thu, 16 Mar 2023 16:51:21 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 25ms
25ms Preflight
application/json 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 16 Mar 2023 16:51:22 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 301363
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 247F
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:3d396413-490b-4500-9b2b-6a91c6c82b14&gdpr=0&gdpr_consent=

42 B
326 B

57ms
31ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:3d396413-490b-4500-9b2b-6a91c6c82b14&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 16:51:22 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Content-Type: image/gif
Date: Thu, 16 Mar 2023 16:51:22 GMT
Expires: Thu, 16 Mar 2023 16:51:21 GMT
Keep-Alive: timeout=360
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 569 46451a0 master zrh-pixel-x25 config:1.0.0
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:3d396413-490b-4500-9b2b-6a91c6c82b14&gdpr=0&gdpr_consent=

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 234D
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6904143572120196328

42 B
194 B

33ms
31ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6904143572120196328
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 16:51:22 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6904143572120196328
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 5BCE
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCooki...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=

42 B
113 B

89ms
30ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 16:51:21 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

cache-control: no-cache
content-length: 0
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 16:51:22 GMT
expires: Thu, 16 Mar 2023 00:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 1056363
strict-transport-security: max-age=31536000; preload;
x-errorlevel: 0

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 3871
Redirect Chain

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=qss5WqjGOAixmzAI-ZolXqTGPlCxmzhfrc9z99ab

42 B
568 B

111ms
34ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=qss5WqjGOAixmzAI-ZolXqTGPlCxmzhfrc9z99ab
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 16:51:22 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
date: Thu, 16 Mar 2023 16:51:22 GMT
expires: Fri, 04 Aug 1978 12:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=qss5WqjGOAixmzAI-ZolXqTGPlCxmzhfrc9z99ab
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
pragma: no-cache
strict-transport-security: max-age=86400

GET
H/1.1

200
OK

dcm Show response
aax-eu.amazon-adsystem.com/s/ Frame 428F
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=FF15C075-1CF7-4034-A45E-DEDB147FB1F0&redir=true&gdpr=0&gdpr_consent=
https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=FF15C075-1CF7-4034-A45E-DEDB147FB1F0&redir=true&gdpr=0&gdpr_consent=&dcc=t

43 B
855 B

206ms
206ms

Document
image/gif

67.220.226.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=FF15C075-1CF7-4034-A45E-DEDB147FB1F0&redir=true&gdpr=0&gdpr_consent=&dcc=t

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

67.220.226.233 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Thu, 16 Mar 2023 16:51:23 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: V9H69EB12SM1AQYDYAHP

Redirect headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Date: Thu, 16 Mar 2023 16:51:22 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=FF15C075-1CF7-4034-A45E-DEDB147FB1F0&redir=true&gdpr=0&gdpr_consent=&dcc=t
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: KK9YYR50E7SS30XBVDB4

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 44F1
Redirect Chain

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1589370376627655599&gdpr=0&gdpr_consent=

42 B
219 B

120ms
33ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1589370376627655599&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 16:51:22 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

AN-X-Request-Uuid: bc85c9f1-30a4-4516-a435-c17cf1d63f52
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 16:51:22 GMT
Expires: Sat, 15 Nov 2008 16:00:00 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1589370376627655599&gdpr=0&gdpr_consent=
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Pragma: no-cache
Server: nginx/1.21.3
X-Proxy-Origin: 31.204.153.186; 31.204.153.186; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
X-XSS-Protection: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 4037
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7211187735677499542&gdpr=0&gdpr_consent=

42 B
298 B

60ms
30ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7211187735677499542&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 16:51:22 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Date: Thu, 16 Mar 2023 16:51:22 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7211187735677499542&gdpr=0&gdpr_consent=
Server: nginx
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 2954
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=ZeMXUTfwXmdpSzJVpg37fB_Mmbo&gdpr=0&gdpr_consent=

42 B
300 B

29ms
29ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=ZeMXUTfwXmdpSzJVpg37fB_Mmbo&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 16:51:23 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 188
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 16:51:23 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=ZeMXUTfwXmdpSzJVpg37fB_Mmbo&gdpr=0&gdpr_consent=

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame F0F3
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=&_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFVaDhFN0lKcElBQUNEYXFaUUEwQQ&gdpr=0&gdpr_consent=&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_syn...
https://match.prod.bidr.io/cookie-sync/adx?gdpr=0&gdpr_consent=&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAUh8E7IJpIAACDaqZQA0A&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dsas%252Cpm%26bee_sync_current_par...
https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAUh8E7IJpIAACDaqZQA0A&pid=558502&do=add&gdpr=0
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAUh8E7IJpIAACDaqZQA0A&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26bee_sync_partners%3Dpm%2...
https://match.prod.bidr.io/cookie-sync?gdpr=0&gdpr=0&bee_sync_partners=pm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=66393876930835287&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAUh8E7IJpIAACDaqZQA0A&gdpr=0&gdpr_consent=

42 B
200 B

30ms
29ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAUh8E7IJpIAACDaqZQA0A&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 16:51:23 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 0
Date: Thu, 16 Mar 2023 16:51:23 GMT
Server: gunicorn
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAUh8E7IJpIAACDaqZQA0A&gdpr=0&gdpr_consent=
strict-transport-security: max-age=2592000; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 695B
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_con...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=ZBNJCwAA1Wd30AAo&gdpr=1&gdpr_consent=&_test=ZBNJCwAA1Wd30AAo

0
74 B

30ms
29ms

Document
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=ZBNJCwAA1Wd30AAo&gdpr=1&gdpr_consent=&_test=ZBNJCwAA1Wd30AAo
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 16 Mar 2023 16:51:23 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-ranges: bytes
cache-control: no-cache
content-length: 0
date: Thu, 16 Mar 2023 16:51:23 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=ZBNJCwAA1Wd30AAo&gdpr=1&gdpr_consent=&_test=ZBNJCwAA1Wd30AAo
pragma: no-cache
retry-after: 0
server: Varnish
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 0
x-served-by: cache-ewr18142-EWR
x-timer: S1678985483.176530,VS0,VE0

GET
H2 200 bridge Show response
cm.adgrx.com/ Frame 1478 43 B
282 B 289ms
31ms Document
image/gif 173.231.180.197
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.231.180.197 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS: ams-delivery-4.sys.adgear.com
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, proxy-revalidate
content-length: 43
content-type: image/gif
date: Thu, 16 Mar 2023 16:51:23 GMT
expires: Thu, 23 Sep 2004 17:42:04 GMT
p3p: CP="NOI OTC OTP OUR NOR"
pragma: no-cache
server: Cowboy
x-realserver-nx: ams-delivery-1

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame C005
Redirect Chain

https://cm-supply-web.gammaplatform.com/adx/usersyncsupply?pid=7&t=pixel
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1t0gtn5xbis9

42 B
307 B

30ms
30ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1t0gtn5xbis9
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 16:51:23 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-encoding: utf-8
cache-control: no-cache, no-store
content-length: 0
date: Thu, 16 Mar 2023 16:51:23 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1t0gtn5xbis9
lws: 122
strict-transport-security: max-age=31536000; includeSubDomains
time-ms: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame DAF3
Redirect Chain

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token}
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

0
225 B

35ms
29ms

Document
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 16 Mar 2023 16:51:22 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Thu, 16 Mar 2023 16:51:22 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
server: _

GET
H/1.1 200
OK cookiesync Show response
core.iprom.net/ Frame 0130 43 B
279 B 269ms
48ms Document
image/gif 195.5.165.20
IPROM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://core.iprom.net/cookiesync?gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.5.165.20 , Slovenia, ASN44968 (IPROM-AS, SI),
Reverse DNS
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Connection: close
Content-Length: 43
Content-Type: image/gif
Date: Thu, 16 Mar 2023 16:51:23 GMT
Vary: Accept-Encoding
X-adserver-worker: erebus-df1611e6f4c4@version_1.536v2
X-core-time: 1ms
X-server-arch: v2

GET
H2

200

i.match Show response
s.tribalfusion.com/z/ Frame 279E
Redirect Chain

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...

43 B
422 B

197ms
178ms

Document
image/gif

2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache private
cf-cache-status: DYNAMIC
cf-ray: 7a8e80257e7106cc-AMS
content-length: 43
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 16:51:23 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
x-function: 302

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache private
cf-cache-status: DYNAMIC
cf-ray: 7a8e80241cab06cc-AMS
content-type: text/html
date: Thu, 16 Mar 2023 16:51:23 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
x-function: 206
x-reuse-index: 47

GET
H2 200 cm Show response
ipac.ctnsnet.com/int/ Frame AB89 43 B
368 B 93ms
29ms Document
image/gif 35.186.193.173
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.193.173 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 173.193.186.35.bc.googleusercontent.com
Software: Apache-Coyote/1.1 /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 43
content-type: image/gif
date: Thu, 16 Mar 2023 16:51:22 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: CP="NOI DSP COR NID CUR OUR NOR"
pragma: no-cache
server: Apache-Coyote/1.1
via: 1.1 google

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 1101
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1678985482924
https://ad.turn.com/r/cs?pid=45&rndcb=3938620741
https://sync.1rx.io/usersync/turn/3396726489196073996?dspret=1&gdpr=&gdpr_consent=&us_privacy=
https://sync.targeting.unrulymedia.com/csync/RX-00da8758-de9f-4251-8b82-51c35884e33d-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-00da8758-de9f-4251-8b82-51c35884e33d-003

42 B
255 B

30ms
30ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-00da8758-de9f-4251-8b82-51c35884e33d-003
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 16:51:23 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-type: text/html
date: Thu, 16 Mar 2023 16:51:23 GMT
etag: RX00da8758de9f42518b8251c35884e33d003
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-00da8758-de9f-4251-8b82-51c35884e33d-003
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame E410
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_xXAdRz3QDSkXt7bFH-x8A%3D%3D&gdpr=0&gdpr_consent=
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

16 KB
16 KB

32ms
31ms

Image
text/html

23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Protocol: H2
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:22 GMT
content-encoding: gzip
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=60767
accept-ranges: bytes
content-length: 5554
expires: Fri, 17 Mar 2023 09:44:09 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 404 qmap
sync.crwdcntrl.net/ Frame E410 49 B
265 B 50ms
40ms Image
image/gif 54.228.6.120
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=FF15C075-1CF7-4034-A45E-DEDB147FB1F0&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.228.6.120 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-228-6-120.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:22 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.13.109
content-length: 49
expires: 0

GET
H2

204

cr
cr.frontend.weborama.fr/ Frame E410
Redirect Chain

https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=
https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=&bounce=1&random=4042717554

0
45 B

30ms
29ms

Image
text/plain

34.111.129.221
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=&bounce=1&random=4042717554
Protocol: H2
Server: 34.111.129.221 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 221.129.111.34.bc.googleusercontent.com
Software: Weborama Collect Frontend /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:22 GMT
via: 1.1 google
last-modified: Thu, 16 Mar 2023 16:51:22 GMT
server: Weborama Collect Frontend
vary: Origin
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:22 GMT
via: 1.1 google
last-modified: Thu, 16 Mar 2023 16:51:22 GMT
server: Weborama Collect Frontend
vary: Origin
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
location: https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=&bounce=1&random=4042717554
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H/1.1

200

p
a.audrte.com/ Frame E410
Redirect Chain

https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=FF15C075-1CF7-4034-A45E-DEDB147FB1F0
https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_hm=ZGZteG1EcERoWS1TM0NFajA2cEhBZ0tQZw==&google_redir=https%3A%2F%2Fa.audrte.com%2Fddp%3Fred%3DeyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL...
https://a.audrte.com/ddp?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiYWRmb3JtIn1dfQ%3D%3D&gdpr=0&gdpr_consent=
https://dmp.adform.net/serving/cookie/match/?party=1003&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent=
https://a.audrte.com/a?adform_uid=5792934742258671007&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D
https://a.audrte.com/p

68 B
424 B

102ms
102ms

Image
image/png

52.0.191.77
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.audrte.com/p
Protocol: HTTP/1.1
Server: 52.0.191.77 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-191-77.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 16:51:23 GMT
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 68

Redirect headers

Date: Thu, 16 Mar 2023 16:51:23 GMT
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Origin: *
Location: https://a.audrte.com:443/p
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame E410
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RkYxNUMwNzUtMUNGNy00MDM0LUE0NUUtREVEQjE0N0ZCMUYw&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
95 B

84ms
35ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 16:51:22 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame E410
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJgcXjH91ZJ3H3IvDOFyS4Y&google_cver=1

42 B
302 B

85ms
37ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJgcXjH91ZJ3H3IvDOFyS4Y&google_cver=1
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 16:51:22 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJgcXjH91ZJ3H3IvDOFyS4Y&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame E410 43 B
611 B 102ms
28ms Image
image/gif 35.204.158.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.204.158.49 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

49.158.204.35.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:22 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Wed, 15 Mar 2023 16:51:22 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame E410
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=5792934742258671007

42 B
218 B

30ms
29ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=5792934742258671007
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 16:51:23 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=5792934742258671007
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame E410 70 B
264 B 49ms
46ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 16 Mar 2023 16:51:22 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 FF15C075-1CF7-4034-A45E-DEDB147FB1F0
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame E410 43 B
426 B 210ms
47ms Image
image/gif 2a05:d018:d29:3605:a9d9:70ca:81a8:3df3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/FF15C075-1CF7-4034-A45E-DEDB147FB1F0?gdpr=0&gdpr_consent=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3605:a9d9:70ca:81a8:3df3 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:23 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame E410
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=FF15C075-1CF7-4034-A45E-DEDB147FB1F0&redir=true&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=FF15C075-1CF7-4034-A45E-DEDB147FB1F0&redir=true&gdpr=0&gdpr_consent=&verify=true
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-WleX4rxE2uV6zhOqiWAKJq.zcA2rqzc-~A&gdpr=0

0
260 B

97ms
25ms

Image
text/plain

198.47.127.20
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-WleX4rxE2uV6zhOqiWAKJq.zcA2rqzc-~A&gdpr=0
Protocol: H2
Server: 198.47.127.20 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:21 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-WleX4rxE2uV6zhOqiWAKJq.zcA2rqzc-~A&gdpr=0
date: Thu, 16 Mar 2023 16:51:22 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame E410
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=09936530-f675-4fb6-a89f-fc86f59f5e40
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=09936530-f675-4fb6-a89f-fc86f59f5e40
https://x.bidswitch.net/sync?dsp_id=4&user_id=b3673a43-f105-41fe-b085-284c7b8209fa&ssp=pubmatic&expires=30&user_group=5&bsw_param=09936530-f675-4fb6-a89f-fc86f59f5e40
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=09936530-f675-4fb6-a89f-fc86f59f5e40&gdpr=&gdpr_consent=&gdpr_pd=

1 B
166 B

34ms
32ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=09936530-f675-4fb6-a89f-fc86f59f5e40&gdpr=&gdpr_consent=&gdpr_pd=
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Thu, 16 Mar 2023 16:51:23 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=09936530-f675-4fb6-a89f-fc86f59f5e40&gdpr=&gdpr_consent=&gdpr_pd=
date: Thu, 16 Mar 2023 16:51:23 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame E410 0
104 B 134ms
46ms Image
text/plain 2a02:fa8:8806:20::2040
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=FF15C075-1CF7-4034-A45E-DEDB147FB1F0&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:20::2040 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 16:51:23 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame E410 0
191 B 103ms
28ms Image
text/plain 98.98.134.241
ZEN-ECN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 98.98.134.241 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Thu, 16 Mar 2023 16:51:22 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame E410
Redirect Chain

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=1589370376627655599

42 B
95 B

30ms
30ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=1589370376627655599
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 16:51:23 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Thu, 16 Mar 2023 16:51:23 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 31.204.153.186; 31.204.153.186; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 8f21efab-0e87-43fb-9c68-d026a8d84fe9
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=1589370376627655599
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame E410
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3180553707082290188&gdpr=0&gdpr_consent=&us_privacy=

1 B
254 B

30ms
29ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3180553707082290188&gdpr=0&gdpr_consent=&us_privacy=
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Thu, 16 Mar 2023 16:51:23 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3180553707082290188&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Thu, 16 Mar 2023 16:51:22 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame E410
Redirect Chain

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:c0f55c4f-2258-4f9f-b2e8-7a07f907200e&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

42 B
95 B

29ms
29ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:c0f55c4f-2258-4f9f-b2e8-7a07f907200e&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 16:51:23 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:c0f55c4f-2258-4f9f-b2e8-7a07f907200e&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date: Thu, 16 Mar 2023 16:51:23 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

POST
H/1.1 204
No Content collect Show response
j.clarity.ms/ 0
290 B 252ms
252ms XHR
text/plain 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus2-d/s/0.7.2/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://shrinke.me/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://shrinke.me
Date: Thu, 16 Mar 2023 16:51:23 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame E410 0
128 B 26ms
24ms Script
text/plain 198.47.127.20
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=155495&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.20 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 16:51:23 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: api.rlcdn.com
URL: https://api.rlcdn.com/api/identity/envelope?pid=1258

Verdicts & Comments Add Verdict or Comment

266 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

102 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
shrinke.me/	1969-12-31 23:59:59	Name: AppSession Value: 9db3a194332fae1439ec2de85a2ef229
shrinke.me/	1969-12-31 23:59:59	Name: csrfToken Value: aa89c588826468f75350d5f93b2b7e5b3d8b1a380da5e22ae07c9e68f067dbf3fb65723a5eaf447be9b79f88a45944ffe6b8bbc12a3b10a35e34e9bfee127a57
akazginhapping.com/	1970-01-20 10:24:31	Name: GL_UI4 Value: eJw9TVlugzAUhJilUQrqSBwgR8ARVMln1UP0E3l5EDdgR8YN6u1rVWrnZ0azaJIk2TU10kfBwL5Ej2PbndWousspgkR7HmXL%2B4uS3auQ%2FUkp7M06BCFnChmeJ7LkjRqU01ThJUZ%2Fzs26zWbIpRdWV8iX2JgrlNK7bSXfMGRWLITi%2Fepd5HwRn86Dcc6jNjbqtMXOrQ2r9yg%2FjNVxWB%2Bw421dFQkO91mE0fllMLpIkU9eaEL6hiclAk3Of6PUtN6CuwNu1sN%2F%2F%2FeXbbxFoelhVDx34Ur%2BB7aESuI%3D
akazginhapping.com/	1970-01-20 10:24:31	Name: GL_GI10 Value: eJxNjMFKw0AURdOJhobUyAU%2FoD%2FgYIyKa3XRRclCoQs3Q0he24Fm3jB5FePXm7ZQ3R3O5dwoitRNDmU98rLQ93cPungsdfH8hHhDDFUtMWt47yQMxtUdIatIthR2tWt7JIE2lh3U5wLZiU3DLeGyWt7%2Bc8fy6oP3sp0veHeIcdFYGZC%2BswiFtu6QHsQpn4353xDb3iOz5Zt2JPMXvUI6guk9UYv0lYPnUAshP9vjSxJjanvjA38PyQTXYjv6YUeG1%2BueZFSTr0T9AmFqTZU%3D
pogothere.xyz/	1970-01-20 19:01:29	Name: csu Value: 859466768692968@1@1678985478
shrinke.me/	1969-12-31 23:59:59	Name: ab Value: 2
.shrinke.me/	1970-01-20 19:59:05	Name: _ga_D3PJV22VQR Value: GS1.1.1678985479.1.0.1678985479.0.0.0
.shrinke.me/	1970-01-20 19:59:05	Name: _ga Value: GA1.2.1684580923.1678985479
.shrinke.me/	1970-01-20 10:24:31	Name: _gid Value: GA1.2.1551814896.1678985479
.shrinke.me/	1970-01-20 10:23:05	Name: _gat_gtag_UA_137383949_1 Value: 1
.shrinke.me/	1970-01-20 11:06:17	Name: pbjs-pubCommonId Value: 074baf06-82d6-451f-96f5-fb41672572d5
www.clarity.ms/	1970-01-20 19:08:41	Name: CLID Value: 400f74b7848e4c9793204d9fb9b906e5.20230316.20240315
.shrinke.me/	1970-01-20 19:08:41	Name: _clck Value: 1bk5bg9\|1\|f9y\|0
.criteo.com/	1970-01-20 19:44:41	Name: uid Value: baa20add-8fd9-4dd4-a440-530d3263cd5c
.openx.net/	1970-01-20 19:08:41	Name: i Value: 906b979a-1903-4fea-b618-676e726329d4\|1678985479
.bing.com/	1970-01-20 19:44:41	Name: MUID Value: 399A5CDE2A89645609994E082B496501
.c.bing.com/	1970-01-20 10:33:10	Name: MR Value: 0
.c.bing.com/	1970-01-20 19:44:41	Name: SRM_B Value: 399A5CDE2A89645609994E082B496501
shrinke.me/	1970-01-20 11:49:29	Name: __ppIdCC Value: agribje_ne21078.8547..05
shrinke.me/	1970-01-20 19:44:41	Name: cto_bidid Value: u7uxIl9oTkdHZmNPakFCNWh0bGRDWVR1YVJySTZsQjRxUXJGeXIzczVZNm5ZcVdlSlhubkg0RnhlekVlM01iWWkyOUZ4T3A5S2dKdFQlMkJ6bUZtdlRkbyUyQnZZekElM0QlM0Q
shrinke.me/	1970-01-20 19:44:41	Name: cto_bundle Value: dAiI-19OalZ6c3l0VmVFWVhJSmc0UXpzJTJCNG1iU2hMVHExMzklMkZKRHViSm5QOEdwaXF5SkZ5JTJGV3MydkZzWWs3REVmNWxKY3B6VndsYTdVeW9JWGxWVU1nTVk3U0tlQlJOZEtDcnMlMkJtb0JmS3VJVjY5WmZaSjNZSHR3OHhzdFVuMjR6MDclMkY
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 19:44:41	Name: MUID Value: 399A5CDE2A89645609994E082B496501
.c.clarity.ms/	1970-01-20 10:33:10	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 10:23:06	Name: ANONCHK Value: 0
.doubleclick.net/	1970-01-20 19:44:41	Name: IDE Value: AHWqTUnQaw99E_kF45rwR3jTQ6QBXbKzXygSeYrwXHAG-MccpVC72Tm7Wdkl8oRB-Cc
.doubleclick.net/	1970-01-20 10:23:06	Name: test_cookie Value: CheckForPermission
.shrinke.me/	1970-01-20 10:24:31	Name: _clsk Value: a5ygp9\|1678985480351\|1\|1\|j.clarity.ms/collect
.shrinke.me/	1970-01-20 19:44:41	Name: __gads Value: ID=0fffdd8a5ed496ce:T=1678985479:S=ALNI_MaZRshtaB5SiT2-JZwHVP7YblTblw
.shrinke.me/	1970-01-20 19:44:41	Name: __gpi Value: UID=00000bc6b2627ecc:T=1678985479:RT=1678985479:S=ALNI_Mash6ebNCjzZ90eOqs1n-dl9-PD4A
shrinke.me/	1969-12-31 23:59:59	Name: AdskeeperStorage Value: %7B%220%22%3A%7B%22svspr%22%3A%22https%3A%2F%2Fshrinke.me%2FHannahOwoLeaked%22%2C%22svsds%22%3A1%7D%2C%22C994621%22%3A%7B%22page%22%3A1%2C%22time%22%3A1678985481177%7D%7D
shrinke.me/	1970-01-20 11:06:17	Name: _pbjs_userid_consent_data Value: 6683316680106290
shrinke.me/	1970-01-20 10:23:09	Name: _lr_retry_request Value: true
shrinke.me/	1970-01-20 11:06:17	Name: _lr_env_src_ats Value: false
shrinke.me/	1970-01-20 11:06:17	Name: id5_storage Value: %7B%22created_at%22%3A%222023-03-16T16%3A51%3A21.65038584Z%22%2C%22id5_consent%22%3Afalse%2C%22original_uid%22%3A%220%22%2C%22universal_uid%22%3A%220%22%2C%22link_type%22%3A0%2C%22cascade_needed%22%3Afalse%2C%22privacy%22%3A%7B%22jurisdiction%22%3A%22gdpr%22%2C%22id5_consent%22%3Afalse%7D%7D
shrinke.me/	1970-01-20 11:49:29	Name: pubmatic-unifiedid Value: %7B%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222023-03-16T16%3A51%3A21%22%7D
.shrinke.me/	1970-01-20 19:44:41	Name: cto_bundle Value: BqLZxV9EZXZlNVFla0xieXZVc2RyNXFCYVdnWGwxOGFGUXYxT0IlMkJMMk1RVXRScUFOWGVvWVliYkxnTXl1WmowTE9FbGFrRyUyRlZLajJ5QVIyeG41VVlUJTJGTXhXSnhkJTJGbWIxY2cxbTFXYVNvSEVVRVpLaWJhUkFHaUw0QnczaDVyM0YxMDNROEFyUVolMkJza3NuaSUyRmlVclpadG1VVUElM0QlM0Q
.shrinke.me/	1970-01-20 19:44:41	Name: cto_bidid Value: S8BqYF9oaHM3Zk5pMGxSJTJCUU9QaVYlMkJFSElSYTZLbCUyQk93ejFHeWo5dmltU0tJNU5jU0wyYkxNT3oyd0pDeFhBd280MHA1RiUyQm43YWczcG5ka0lZNEYyMGtNQWhCZkI2VDFwN0xBSkpuSEhWVjZiOHFZJTNE
.pubmatic.com/	1970-01-20 19:08:41	Name: KADUSERCOOKIE Value: FF15C075-1CF7-4034-A45E-DEDB147FB1F0
.pubmatic.com/	1970-01-20 12:32:41	Name: chkChromeAb67Sec Value: 1
.pubmatic.com/	1970-01-20 10:24:31	Name: pi Value: 155495:2
.pubmatic.com/	1970-01-20 12:32:41	Name: DPSync3 Value: 1680134400%3A245_241_235_201
.pubmatic.com/	1970-01-20 12:32:41	Name: SyncRTB3 Value: 1681516800%3A203%7C1679529600%3A15_223_2%7C1680134400%3A233_234_21_161_56_238_176_99_251_3_7_71_254_220_166_204_214_54_81_13_8_165_55_22%7C1680220800%3A35%7C1679788800%3A63
.adnxs.com/	1970-01-20 12:32:41	Name: uuid2 Value: 1589370376627655599
.quantserve.com/	1970-01-20 12:32:41	Name: d Value: EKsBCwHDKPijAA
.quantserve.com/	1970-01-20 19:53:19	Name: mc Value: 6413490a-d8aee-78969-d0610
.adfarm1.adition.com/	1970-01-20 12:32:41	Name: UserID1 Value: 7211187735677499542
.mathtag.com/	1970-01-20 19:49:00	Name: uuid Value: 3d396413-490b-4500-9b2b-6a91c6c82b14
.ctnsnet.com/	1970-01-20 19:08:41	Name: cid_ebc5ccf9b483401fb220505f1c4c8123 Value: 1
.simpli.fi/	1970-01-20 19:10:07	Name: suid Value: 243FDBFA69894C418E1E587745BBE049
.weborama.fr/	1970-01-20 19:49:00	Name: AFFICHE_W Value: hxtjCkiWOoKH37
.csync.loopme.me/	1970-01-20 12:35:34	Name: viewer_token Value: 25881a07-096b-47b8-af59-183d10c6f5c1
.de17a.com/	1970-01-20 19:01:29	Name: guid Value: 1.6904143572120196328
.yahoo.com/	1970-01-20 19:09:03	Name: A3 Value: d=AQABBApJE2QCEJfE7BPYe-zbRh62fxQcznQFEgEBAQGaFGQdZAAAAAAA_eMAAA&S=AQAAAsbUKpwmRfqfz81gLc-m094
.bidswitch.net/	1970-01-20 19:08:41	Name: tuuid Value: 09936530-f675-4fb6-a89f-fc86f59f5e40
.bidswitch.net/	1970-01-20 19:08:41	Name: c Value: 1678985482
.bidswitch.net/	1970-01-20 19:08:41	Name: tuuid_lu Value: 1678985482
.pubmatic.com/	1970-01-20 11:06:17	Name: KRTBCOOKIE_1101 Value: 23040-7211187735677499542&KRTB&23369-7211187735677499542
.pubmatic.com/	1970-01-20 11:06:17	Name: KRTBCOOKIE_27 Value: 16735-uid:3d396413-490b-4500-9b2b-6a91c6c82b14&KRTB&16736-uid:3d396413-490b-4500-9b2b-6a91c6c82b14&KRTB&23019-uid:3d396413-490b-4500-9b2b-6a91c6c82b14&KRTB&23114-uid:3d396413-490b-4500-9b2b-6a91c6c82b14
.pubmatic.com/	1970-01-20 11:06:17	Name: KRTBCOOKIE_57 Value: 22776-1589370376627655599&KRTB&23339-1589370376627655599
.analytics.yahoo.com/	1970-01-20 19:08:41	Name: IDSYNC Value: 18z8~2ajs
.pubmatic.com/	1970-01-20 11:06:17	Name: KRTBCOOKIE_153 Value: 1923-qss5WqjGOAixmzAI-ZolXqTGPlCxmzhfrc9z99ab&KRTB&19420-qss5WqjGOAixmzAI-ZolXqTGPlCxmzhfrc9z99ab&KRTB&22979-qss5WqjGOAixmzAI-ZolXqTGPlCxmzhfrc9z99ab&KRTB&23462-qss5WqjGOAixmzAI-ZolXqTGPlCxmzhfrc9z99ab
.pubmatic.com/	1970-01-20 11:06:17	Name: KRTBCOOKIE_80 Value: 16514-CAESEJgcXjH91ZJ3H3IvDOFyS4Y&KRTB&22987-CAESEJgcXjH91ZJ3H3IvDOFyS4Y&KRTB&23025-CAESEJgcXjH91ZJ3H3IvDOFyS4Y&KRTB&23386-CAESEJgcXjH91ZJ3H3IvDOFyS4Y
.pubmatic.com/	1970-01-20 11:06:17	Name: KRTBCOOKIE_336 Value: 5844-6904143572120196328
.bidr.io/	1970-01-20 19:51:39	Name: bito Value: AAUh8E7IJpIAACDaqZQA0A
.bidr.io/	1970-01-20 19:51:39	Name: bitoIsSecure Value: ok
ads.playground.xyz/	1970-01-20 10:32:35	Name: connect.sid Value: s%3AvDZHYao5w1oNbuslwD3jxETGGaEZ8VbC.T4uZrEN07pcjyIJaYy1cvO%2FVgW7TC1AN0QK0aFqrGKo
.pubmatic.com/	1970-01-20 11:06:17	Name: SPugT Value: 1678985481
.adsby.bidtheatre.com/	1970-01-20 10:33:10	Name: __kuid Value: c0f55c4f-2258-4f9f-b2e8-7a07f907200e.448199483
.everesttech.net/	1970-01-20 19:08:41	Name: everest_g_v2 Value: g_surferid~ZBNJCwAA1Wd30AAo
.adform.net/	1970-01-20 11:07:43	Name: C Value: 1
.turn.com/	1970-01-20 14:42:17	Name: uid Value: 3180553707082290188
.adform.net/	1970-01-20 11:49:29	Name: uid Value: 5792934742258671007
.amazon-adsystem.com/	1970-01-20 15:09:39	Name: ad-id Value: Awxnq24mzkhVkYowwVax6LI
.amazon-adsystem.com/	1970-01-20 19:59:05	Name: ad-privacy Value: 0
.1rx.io/	1970-01-20 19:08:41	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-00da8758-de9f-4251-8b82-51c35884e33d-003%22%2C%22nxtrdr%22%3Afalse%7D
.pubmatic.com/	1970-01-20 11:06:17	Name: KRTBCOOKIE_22 Value: 14911-3180553707082290188&KRTB&23150-3180553707082290188
.pubmatic.com/	1970-01-20 11:06:17	Name: PugT Value: 1678985483
.pubmatic.com/	1970-01-20 11:06:17	Name: KRTBCOOKIE_391 Value: 22924-5792934742258671007&KRTB&23263-5792934742258671007
.creative-serving.com/	1970-01-20 19:44:41	Name: tuuid Value: b3673a43-f105-41fe-b085-284c7b8209fa
.creative-serving.com/	1970-01-20 19:44:41	Name: c Value: 1678985483
.creative-serving.com/	1970-01-20 19:44:41	Name: tuuid_lu Value: 1678985483
sync.srv.stackadapt.com/	1970-01-20 19:08:41	Name: sa-user-id Value: s%3A0-65e31751-37f0-5e67-694b-3255a60dfb7c.wzq1ThUrPU1DGa36k75z5nlgqnFEPtP59uodwRWYvW0
sync.srv.stackadapt.com/	1970-01-20 19:08:41	Name: sa-user-id-v2 Value: s%3AZeMXUTfwXmdpSzJVpg37fB_Mmbo.jEB4cSMfzkzwrVi7JmsAYclr2w661tkPHlx4JGtYgpU
.srv.stackadapt.com/	1970-01-20 19:08:41	Name: sa-user-id-v2 Value: s%3AZeMXUTfwXmdpSzJVpg37fB_Mmbo.jEB4cSMfzkzwrVi7JmsAYclr2w661tkPHlx4JGtYgpU
.audrte.com/	1970-01-20 10:44:41	Name: arcki2 Value: dfmxmDpDhY-S3CEj06pHAgKPg!20220908!1678985483189!ip#31.204.153.186
.audrte.com/	1970-01-20 10:44:41	Name: arcki2_pubmatic Value: FF15C075-1CF7-4034-A45E-DEDB147FB1F0!20220908!1678985483193
.pubmatic.com/	1970-01-20 11:06:17	Name: KRTBCOOKIE_860 Value: 16335-ZeMXUTfwXmdpSzJVpg37fB_Mmbo&KRTB&23334-ZeMXUTfwXmdpSzJVpg37fB_Mmbo&KRTB&23417-ZeMXUTfwXmdpSzJVpg37fB_Mmbo&KRTB&23426-ZeMXUTfwXmdpSzJVpg37fB_Mmbo
.targeting.unrulymedia.com/	1970-01-20 19:08:41	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-00da8758-de9f-4251-8b82-51c35884e33d-003%22%7D
.tribalfusion.com/	1970-01-20 12:32:41	Name: ANON_ID Value: aQnsIHo0P8fCmTN83vUGvGhoMa0CoqZcv1bIFbwR9SuBaLbYTlZdRqJCsZc02DTBDwgJS9yK3ZacaCSpbPRFvaklgN2W
.pubmatic.com/	1970-01-20 11:06:17	Name: KRTBCOOKIE_594 Value: 17105-RX-00da8758-de9f-4251-8b82-51c35884e33d-003&KRTB&17107-RX-00da8758-de9f-4251-8b82-51c35884e33d-003
.pubmatic.com/	1970-01-20 11:06:17	Name: KRTBCOOKIE_466 Value: 16530-09936530-f675-4fb6-a89f-fc86f59f5e40
.audrte.com/	1970-01-20 10:44:41	Name: arcki2_ddp2 Value: dfmxmDpDhY-S3CEj06pHAgKPg!20220908!1678985483350
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: 937edc0b38ee2387
.gammaplatform.com/	1970-01-20 10:24:31	Name: _aGeoIp Value: US\|Muskegon
.gammaplatform.com/	1970-01-20 19:59:05	Name: _aUID Value: 1t0gtn5xbis9
.pubmatic.com/	1970-01-20 11:06:17	Name: KRTBCOOKIE_1310 Value: 23431-1t0gtn5xbis9&KRTB&23446-1t0gtn5xbis9&KRTB&23465-1t0gtn5xbis9
.audrte.com/	1970-01-20 10:44:41	Name: arcki2_adform Value: 5792934742258671007!20220908!1678985483510
.smartadserver.com/	1970-01-20 19:54:46	Name: pid Value: 66393876930835287
.smartadserver.com/	1970-01-20 19:54:46	Name: TestIfCookieP Value: ok
.smartadserver.com/	1970-01-20 19:10:07	Name: csync Value: 127:AAUh8E7IJpIAACDaqZQA0A
.pubmatic.com/	1970-01-20 11:06:17	Name: KRTBCOOKIE_699 Value: 22727-AAUh8E7IJpIAACDaqZQA0A

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://accounts.google.com/v3/signin/identifier?dsh=S1477441503%3A1678985478833125&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AWnogHcT6EFbUAW1zRWHG8mXo8L7iXQysBiPo8l2eQF8BtodWeIySKdgNNil0a3FUh-QysZBL_VBMQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://accounts.google.com/v3/signin/identifier?dsh=S-1156992828%3A1678985478865051&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AWnogHdhu3FGF453Cs3EQu6SCbVVSPoggiGGBn36TNh4rxRAEdYYp4T9E6inMJMLtwTTLKEPRIP2Dw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www.googletagmanager.com/gtag/js?id=GTM-NPLC9ST Message: Failed to load resource: the server responded with a status of 500 ()
javascript	error	URL: https://shrinke.me/HannahOwoLeaked Message: Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=1258' from origin 'https://shrinke.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://api.rlcdn.com/api/identity/envelope?pid=1258 Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=FF15C075-1CF7-4034-A45E-DEDB147FB1F0&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

49666cd046e264d1214d49f4f50baeb2.safeframe.googlesyndication.com
a.audrte.com
a.tribalfusion.com
aax-dtb-cf.amazon-adsystem.com
aax-eu.amazon-adsystem.com
accounts.google.com
acdn.adnxs.com
ad.turn.com
ads.creative-serving.com
ads.playground.xyz
ads.pubmatic.com
adservice.google.com
adservice.google.nl
akazginhapping.com
api.rlcdn.com
assets.vlitag.com
audit-tcfv2.quantcast.mgr.consensu.org
bcp.crwdcntrl.net
bh.contextweb.com
bidder.criteo.com
c.adskeeper.co.uk
c.amazon-adsystem.com
c.bing.com
c.clarity.ms
c1.adform.net
cdn.adskeeper.co.uk
cdn.adtrue.com
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.prod.uidapi.com
cm-supply-web.gammaplatform.com
cm.adgrx.com
cm.adskeeper.co.uk
cm.g.doubleclick.net
cms.quantserve.com
code.jquery.com
core.iprom.net
cr.frontend.weborama.fr
csync.loopme.me
d1r90st78epsag.cloudfront.net
d5p.de17a.com
denansgdfierc.com
dis.criteo.com
dmp.adform.net
dsp.adfarm1.adition.com
esp.rtbhouse.com
exchange.adtrue.com
fonts.googleapis.com
fonts.gstatic.com
gloaphoo.net
google-bidout-d.openx.net
gum.criteo.com
hbopenbid.pubmatic.com
ib.adnxs.com
id.crwdcntrl.net
id5-sync.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
imasdk.googleapis.com
invstatic101.creativecdn.com
ipac.ctnsnet.com
j.clarity.ms
jsc.adskeeper.co.uk
match.adsby.bidtheatre.com
match.adsrvr.org
match.prod.bidr.io
media.vlitag.com
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pogothere.xyz
pr-bh.ybp.yahoo.com
pubmatic-match.dotomi.com
px.vliplatform.com
quantcast.mgr.consensu.org
r5---sn-pouxga5o-vu2s.googlevideo.com
redirector.googlevideo.com
region1.google-analytics.com
rtb-csync.smartadserver.com
s-img.adskeeper.co.uk
s.tribalfusion.com
secure.adnxs.com
securepubads.g.doubleclick.net
servicer.adskeeper.co.uk
services.vlitag.com
shrinke.me
shrinkme.io
simage2.pubmatic.com
simage4.pubmatic.com
static.criteo.net
stats.g.doubleclick.net
supertruco.com
sync-tm.everesttech.net
sync.1rx.io
sync.crwdcntrl.net
sync.mathtag.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
tags.crwdcntrl.net
tags.orquideassp.com
test.quantcast.mgr.consensu.org
tpc.googlesyndication.com
track.adtrue.com
um.simpli.fi
ups.analytics.yahoo.com
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.google.com
www.google.nl
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.recaptcha.net
x.bidswitch.net
ydenknowled.com
api.rlcdn.com
108.138.4.10
13.225.78.97
13.32.106.197
13.32.118.110
134.122.57.34
139.45.197.239
151.101.194.49
151.101.65.108
162.19.138.120
172.217.18.2
172.64.172.27
173.231.180.197
178.250.1.11
178.250.1.9
18.66.97.109
185.29.132.241
185.64.189.112
185.64.190.78
185.64.190.80
185.86.139.101
185.89.210.244
185.89.211.116
188.114.97.3
192.0.78.146
195.5.165.20
198.148.27.139
198.47.127.20
20.85.30.134
2001:4860:4802:34::36
2001:4de0:ac18::1:a:2a
2001:678:cb4:bbbb::11
213.155.156.166
213.19.147.44
23.109.87.77
23.35.236.201
2600:9000:211e:ac00:9:46dc:4700:93a1
2600:9000:2250:ca00:a:e047:752:b361
2600:9000:225e:b400:3:a4cd:8380:93a1
2600:9000:2491:a200:2:e529:700:93a1
2606:4700:10::6816:3456
2606:4700:10::ac43:15e3
2606:4700:3037::ac43:9e3b
2606:4700::6810:5714
2606:4700::6812:19ad
2606:4700::6812:b14
2606:4700:e6::ac40:c914
2620:116:800d:21:de2e:c7b3:55c0:d5a0
2620:1ec:48:1::45
2620:1ec:c11::200
2a00:1450:4001:801::200e
2a00:1450:4001:806::2003
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::200d
2a00:1450:4001:80f::2001
2a00:1450:4001:813::2003
2a00:1450:4001:813::2008
2a00:1450:4001:828::200a
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::200a
2a00:1450:4001:830::2003
2a00:1450:4001:830::2004
2a00:1450:4001:831::2001
2a00:1450:4001:831::200e
2a00:1450:400c:c00::9d
2a00:ff0:1234:3::10
2a02:2638:3::7
2a02:2638::1c
2a02:2638::3
2a02:fa8:8806:20::2040
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:d018:d29:3605:a9d9:70ca:81a8:3df3
2a06:98c1:3120::3
2a06:98c1:3121::3
3.122.123.120
3.216.1.77
3.66.33.201
3.75.62.37
34.102.146.192
34.102.253.54
34.111.129.221
34.120.107.143
34.96.70.87
34.98.64.218
35.156.143.9
35.186.193.173
35.190.39.111
35.204.158.49
35.214.223.115
35.71.131.137
37.157.4.24
52.0.191.77
52.220.229.2
52.30.48.43
52.49.125.96
54.228.6.120
67.220.226.233
68.219.88.97
85.114.159.93
98.98.134.241
03fd7849ddf8ba76324176b14ad84ec584db5235a5b374c6a0e34b3ccea05534
0413c66952464f1ecd016f7bcaab521634a380fc3f9b1b907caa11cb70c2ebc5
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06ce81f9ad2a8606c8df3a6c5c3c991053078fdc193842c4bed2ace10e93cdf2
071f1ff840b366fa73e0788d03a12b453786cfd1a95d2c727beb4f766a19c03a
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e
0ab27ba1271c724d436f2eeb76d1cb2c84e4c95bf6d4d403c60a3516e8b4f09c
0afdfec0cc81ad101710150812834831dd21e1d766c380af5114509ff56b7eb1
122fac0ffbb44fb8bba0388baa11afc67faec3b223a06871a40dbcab4c6cc787
13461c7ee76a0d430b8fbfa265275c7f2e194ceba34e6e0f1958af651df76034
136814b62baec8b71e6990f9d809bc5c3e054aec601d11d6e623c7a8176cb89d
14857bf2362aefd80e0e544816ebe6e9598a2bb6c06549d16153e933281b8a85
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1916cf4455a526aadafd82710bf7304154905dcdf69dd9e0b516a63cc82e27e0
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3
1ca535fbe579ff94326f08fb5a1df1e019e4848e207502d6a1c32daffc0f52f8
1d82cdf12b1033aa1162d9e9a4f09a0d2fe2b53d93dc580275d174057b079e8c
20678c305b50c0988193d64cb34f41e2dcb6f2fa48353106436ea301e07ce70a
23bc1d893ce2d2f30b68e549aa3cb991c2a7b7dd87e3df67d9fbb6a8dd113bf8
25795c5164a6b299891cdaf8925dfb9b5e7961ac9f740667c3722e0111353986
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2728bcb7c0931c5ab7ecec254655741bed7d4161553ea42e8d2b2085af45d193
2817220ab714a7441b651264dd12444eedeb78ddb1833dc00d4a656a6a81194b
2a04078f9550381b5148170ceaf5b378a1b31ed8274c6d0094aeba6f599462cc
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e2d56cece389641b16dea99088a149ade31ad4dd2a3864f501c729dac4543e0
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
2f7278404edca136bf89b7f73199f14c662e1fd6468a4d4f72ec8bcfbfa3d84a
31370f14534e5bb78d3da68b6cf0e72369feea1bd68aaeac1b61d07094aa1deb
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3300cadb9447618dce059b872298b213f3d28e35f5654d696e5bac1642b4c936
339ef7570ef796934502d47991cbe776ef484da0b545b3f74f62a2db6ed978b0
3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb
34e44dd9475f0ea0056a85fae9c1b56132548eeb17711b60c74fc060d8d046dc
386dfbd4d0a0e248c9f9e2fc5c7ca4aa3a0035707b785e40a8e96a8737c2574b
3c1798ee0e6e7de78f91bb457e6670385951caea9fc9c97295ca303ec6fe49be
3d423720317ef6580e31c0f56b88d53811427deb2b2e1a2eec2662358af42d63
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
40c674b20f9f3e5db9cc7de45b85078b911be7ea93d421f39b3395e1f6b46c27
411d62ef464a15dc681097de1e4aae341b71840e791a54ad76c7b853db12db86
41f2d67bc7d54d1fc7714c567d05bc33b34173e8088bd52d521d3e8f3b506c9e
43bda1428a5263bac1077be4600446811177d2517529640d7cf560363d67a629
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27
44fa25bbc65c1c85100a51e6a2d97f7a23495dacbae0460e3a1e2c5751d6bc02
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46dde6dd5afd36e719cfe8c4146eb9608243dfca499da8b5387c02dae3ba2382
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4a935dd954795d7a6e5cf17eba098987baa2209bcce70338070d817089f3140f
4adf0d851914ad011619d23d0ae295717ac381df4769e6b3a3503819f20a3ae0
4f2d9c6b278dda055b9d33228e4250a12f20d74cf7d32c8b013648bc3c1c3e6d
4f3eb7fb2bc577c7f25710e755df951895a4898817ad9a56dcd6b1fa455d9c15
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
570ee0da7340f6b651253dd1f879b4b85971a7949042f9b8758f157a14d79cce
58272b48f5f41d2f7c22a249f811e921b513462c9cf047f2eaba2edadce51c86
587e2e7350886d6b5fd31e385638ffe5cf3331c82260e8fe76523f99cda27a42
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5b1546ae8f493de03b1ca99f9f955a20785679be18625354b363f2f8311f421b
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
5e0cd7c93caed8ff26db1c4ebd8e053f8a76e7127b9f4b036c2af89653e68737
609c486ab7ddbd090dcb92a95c410aa4a36fbc036253193f438d6af20ffb319f
60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda
61223d77604ce26c800a9d545aa6c31b5b407896d231e8ae588bbda539329763
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63695acfd5647a34642b083966f4d6c4c2c4112462f770b3acad663fe1dab344
645c745c972fa286538b481ff3da9a58bf2a8b2fba6b8a195853f6d221a4775e
6500f7835a2323775cb4c894af2f8c7506ab6266809823cd23c1de35e6b63e77
69574a5304488c5c9c074eb37f623ea48fc56cc9191169843072800ca00075a4
6b19c95e34beeabba7040eb71ff22d20e3db7603b26b5de791fe048449d759ff
709217a175f0d9b049be1cc3c9980b3e2b2e0417b0d939bc26224a18aad6de97
71fc1599035adc6bc34df2117b8631285905f97737ba730af28644ee6a0d8dde
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
75c8e005dfde33d8d3eb5f5b654ec66c76ffc16be7e4653e66e58aa2f7f2aed9
76aacba4eece592e3a3281e69a5762c6f10b527a29fbba5eae5ac091f47ae554
771df5dda42da6f4e3c59fa0c3ce94c8965f7d6a55c8086e1b122daa956ee97c
7a943d992d247c43230de87436532cc0bb1d928f203da4c8ee7bac8dbda739ee
7b19fa5010d728bedbca14a371d2f9a228213ae7cd6f5c1d51fd936afa296129
80a70a83b9ce7ec0fb482969a3ea21595462aeb854dd2a7db3d9c88bfc528e55
825d5cd71dbdd99c5c8181e2e88e24573f837019cc0b15a6a15fa98bdffc506e
82aaa19b1260ace98ecd491f21390250625bfea33fdb35e08d54040c7cf9ef36
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
852593ea1830ce3d6821822385a17af199442f4938b588ed7c84942c351d9f16
85a7b34dd31e8a3bcda73a5efa232fcdfd306898e1c4746c69fd9a45d564037a
85b15c55f6e922cdb0ccb02b9212a14b4b29ac100fa3b8cbcf5c79ac1f76a647
86a08433467787df0715172fc76c5e9016cd4493e2fd83b626f9ea05592b4db8
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
8ced814aab3b568fbc77d0cfe3a6672e67c9ed4fbac835823829cedf2f1a0937
8cfac324a64e03d5217540d6419692b2a5be8ebc86edf51bea6ffba1114e67d6
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8f9ab1689dc99d5f70e1dd243d70735981d0075292e2066b01cdfc47898c4f6c
94d58d4bdf0f3a3c068c75e43817b2391ff8450274f97e96629f7e408e18f31d
952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8
9777428de88c524584f0133c3c0d9becf5a3840597eb16dc873bbc29b9a0bf58
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
99b523edd72385876c466fc061393829b08dec3aa544963373b22a08fb97784f
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9d807c16e2160c2660ffd43bf8b8bc54eb39ecd044e823209c0ade70db965d5a
9da9304c96b175c53cad4ff2b23fe51f123d9caf250c3c4e4a5cfa1bbc3ab88d
9ef72d53e982b3804c42cd6d26b64c416fd85b5e4d02c5f4d71e8513d01c68a9
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a64d37ed16fe1c6e3386a64907cc4dfc15f0012e879ea4cf9e5b92313006a449
a7059195163a0606eed7449bcee87ee0d015eb28c781da6d37a7e75bf116a024
a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596
aaca148376c47136482c94aa6d86ab8ff42b84ec97892a3e27ad210314dd4664
ab1f7a9c4ad351a13d71fa6938003fe5309e3e81f798d121421d82fd29014158
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
aeb779d96af4bfa1b664c203d52fbd9ef573b84a31b34314668325fc784e1b13
aed5d72cb96a9f77dab08ca9a8c366553f2a801c96fff3d67d84ab702970ed0b
b386764e2b714f6fe617daaedd1946a7161fc2ae5f9bd0bf606f76287121ee1d
bb7d39384f8a58e23c5e8c78b974aabb9cd28238d451301a12b43c321783fe6c
bfa28f12f14801addd6b91fc2181129821f83468933c696c3d7c8fdb0e2eb579
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c7fc8dae04703101d705fac5268f8900d96149d6b2d3fdd6c1fac249ed16cf1b
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cd3fb9c39fddd8aba2e4c7af555aeb970686c92304fba3ff4850901ec3e1ff53
ce36f676ef8ce52a9213048f1a08b0bb84d9c42597d327d4844feb68f368ab44
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d42b37b91d5b471cf62ffb0e4828c9effa944edbc47d239b32fb165630878bfe
dbdd2ee2a6245e818664984007dd3ca9eb31dff1d18b626efe873639a4e9ea55
dd153a821cad21f4153ce3f3d99d458e6d3a77647adeacc9871310e7981f96d4
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dedd81f9590e4534677ed3e1801c27f37f3837af1843524d8923087ef6f20997
e1953a81c4ebfef03804c1a10ee75aa0576f5559fb47a947f85166dc121ae661
e1cbc0637dd5fdd8e2516ba95117b64b924bd1e14f3edbd666f8053e80e3e69c
e37071398d21f18dff2370ee0885f38811bb69bb465b398100ab3101fc521d6b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaedac048f51c664fc21681a841943a8c11d4481480df8589860014ba0b65655
eb2b4bf34c54d7f4b3479dc7cc24ba304d9f8561f65c6a5fa3734bd462f8e64f
eced69e931e3d6fbbb896aec7733312d0f897063880d3d73b1403c5ca82aba7a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f25d87e95c7b1d5d30c67f3ca11140afe8ab14835e91b2edc0a1c50b6e93dcff
f4e125313753d65db851e4b47334123f4f71ac3ee6e28f3c87ee5264a874da78
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
f979285e29b7738e79983b46d15f2c865f36ca1033937b4fd938af11798ef40f
ff73e899a03a207a8cf564d578c807f77066ed63b8135e879a7eb9b91b9f0174

shrinke.me Open in urlscan Pro 2a06:98c1:3120::3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

233 Requests

90 %HTTPS

43 %IPv6

74 Domains

119 Subdomains

78 IPs

12 Countries

4412 kBTransfer

10568 kBSize

102 Cookies

13 Outgoing links

Redirected requests

233 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

shrinke.me Open in urlscan Pro
2a06:98c1:3120::3 Public Scan

Screenshot
Live screenshot

Full Image

233
Requests

90 %
HTTPS

43 %
IPv6

74
Domains

119
Subdomains

78
IPs

12
Countries

4412 kB
Transfer

10568 kB
Size

102
Cookies

233 HTTP transactions
6 data transactions