rebelscum.com Open in urlscan Pro
104.156.250.80 Public Scan

URL:
http://rebelscum.com/
Submission: On April 30 via api (April 30th 2021, 10:07:51 am UTC) from SE

Summary HTTP 228 Redirects Links 46 Behaviour Indicators

Summary

This website contacted 27 IPs in 3 countries across 18 domains to perform 228 HTTP transactions. The main IP is 104.156.250.80, located in Piscataway, United States and belongs to AS-CHOOPA, US. The main domain is rebelscum.com.

This is the only time rebelscum.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
42	104.156.250.80 104.156.250.80	20473 (AS-CHOOPA) (AS-CHOOPA)
3	2606:4700:303... 2606:4700:3031::ac43:cab1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	51.77.64.70 51.77.64.70	16276 (OVH) (OVH)
3	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 6	3.124.9.99 3.124.9.99	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
19	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
1 2	13.224.193.39 13.224.193.39	16509 (AMAZON-02) (AMAZON-02)
3	18.158.159.61 18.158.159.61	16509 (AMAZON-02) (AMAZON-02)
31	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
64	2a00:1450:400... 2a00:1450:4001:811::2006	15169 (GOOGLE) (GOOGLE)
12 16	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
8 16	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
8 12	37.252.173.27 37.252.173.27	29990 (ASN-APPNEX) (ASN-APPNEX)
8	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba1a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 3	2606:4700::68... 2606:4700::6810:7aaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
228	27

42 104.156.250.80 (Piscataway, United States)

ASN20473 (AS-CHOOPA, US)
PTR: rebelscum.com

rebelscum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.rebelscum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3031::ac43:cab1 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.adligature.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.77.64.70 (France)

ASN16276 (OVH, FR)
PTR: de-fra-1.pro.ip-api.com

pro.ip-api.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8183:face:b00c:0:25de (United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.124.9.99 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-9-99.eu-central-1.compute.amazonaws.com

us.ads.justpremium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pre.ads.justpremium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.193.39 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-39.fra2.r.cloudfront.net

cdn.justpremium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.158.159.61 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-159-61.eu-central-1.compute.amazonaws.com

tracking.justpremium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

64 2a00:1450:4001:811::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 142.250.186.162 (United States) 12 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2.18.234.21 (Frankfurt am Main, Germany) 8 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 37.252.173.27 (Frankfurt am Main, Germany) 8 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:ba1a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:7aaf (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
64	2mdn.net s0.2mdn.net	1 MB
54	googlesyndication.com cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com ade.googlesyndication.com	225 KB
42	rebelscum.com rebelscum.com www.rebelscum.com	2 MB
35	doubleclick.net 12 redirects securepubads.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net	241 KB
16	casalemedia.com 8 redirects dsum-sec.casalemedia.com	15 KB
12	adnxs.com 8 redirects ib.adnxs.com	11 KB
11	justpremium.com 2 redirects us.ads.justpremium.com cdn.justpremium.com tracking.justpremium.com pre.ads.justpremium.com	81 KB
5	googletagservices.com www.googletagservices.com	169 KB
5	google.com adservice.google.com www.google.com	553 B
3	unpkg.com 2 redirects unpkg.com	2 KB
3	adligature.com cdn.adligature.com	137 KB
2	facebook.net connect.facebook.net	65 KB
2	google-analytics.com www.google-analytics.com	17 KB
2	cloudflare.com cdnjs.cloudflare.com	8 KB
1	createjs.com code.createjs.com	63 KB
1	google.at adservice.google.at	799 B
1	facebook.com www.facebook.com	211 B
1	ip-api.com pro.ip-api.com	153 B
228	18

	Domain	Requested by
64	s0.2mdn.net	rebelscum.com s0.2mdn.net cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
26	pagead2.googlesyndication.com	securepubads.g.doubleclick.net cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
25	rebelscum.com	rebelscum.com www.rebelscum.com
19	tpc.googlesyndication.com	securepubads.g.doubleclick.net cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com tpc.googlesyndication.com
17	www.rebelscum.com	rebelscum.com www.rebelscum.com
16	dsum-sec.casalemedia.com	8 redirects googleads.g.doubleclick.net
16	cm.g.doubleclick.net	12 redirects googleads.g.doubleclick.net
12	ib.adnxs.com	8 redirects googleads.g.doubleclick.net
8	googleads4.g.doubleclick.net	rebelscum.com
8	googleads.g.doubleclick.net	cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com rebelscum.com
5	www.googletagservices.com	securepubads.g.doubleclick.net cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
5	cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	ade.googlesyndication.com
4	www.google.com	cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
3	unpkg.com	2 redirects
3	pre.ads.justpremium.com	us.ads.justpremium.com cdn.justpremium.com
3	tracking.justpremium.com	rebelscum.com
3	us.ads.justpremium.com	1 redirects rebelscum.com us.ads.justpremium.com
3	securepubads.g.doubleclick.net	cdn.adligature.com securepubads.g.doubleclick.net
3	cdn.adligature.com	rebelscum.com cdn.adligature.com
2	cdn.justpremium.com	1 redirects rebelscum.com
2	connect.facebook.net	rebelscum.com connect.facebook.net
2	www.google-analytics.com	rebelscum.com
2	cdnjs.cloudflare.com	rebelscum.com
1	code.createjs.com	s0.2mdn.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.at	securepubads.g.doubleclick.net
1	www.facebook.com	rebelscum.com
1	pro.ip-api.com	cdn.adligature.com
228	29

This site contains links to these domains. Also see Links.

Domain
cookiesandyou.com
www.collectinghq.com
www.rebelscum.com
registry.rebelscum.com
euro.rebelscum.com
spanish.rebelscum.com
japan.rebelscum.com
www.theforce.net
www.forcecast.net
www.starwars.com
starwars.hasbro.com
www.hasbro.fr
www.cooltoyreview.com
www.officialpix.com
www.amazon.com
forum.rebelscum.com
www.youtube.com
www.entertainmentearth.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-01` - `2021-08-01`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-04-06` - `2021-07-03`	3 months	crt.sh
*.ip-api.com Sectigo RSA Domain Validation Secure Server CA	`2019-11-05` - `2021-11-04`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
tracking.justpremium.com Amazon	`2021-03-01` - `2022-03-30`	a year	crt.sh
*.google.at GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
justpremium.com Amazon	`2021-04-04` - `2022-05-03`	a year	crt.sh
www.google.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
tls.adobe.com DigiCert SHA2 Secure Server CA	`2020-06-01` - `2022-06-06`	2 years	crt.sh

This page contains 28 frames:

Primary Page: http://rebelscum.com/
Frame ID: DAE8D34A15F2E300B9CED6A404C7595B
Requests: 55 HTTP requests in this frame

Frame: http://www.rebelscum.com/ad.asp?h=379
Frame ID: 2C2AA2C96858AB94021CB8A81063ED57
Requests: 2 HTTP requests in this frame

Frame: http://www.rebelscum.com/ad.asp?h=384
Frame ID: E3C9566D63A6A78A9D0E218D12DEF6B8
Requests: 2 HTTP requests in this frame

Frame: http://www.rebelscum.com/ad.asp?h=380
Frame ID: 9E26828B3830C44176BFC1A2360E0C15
Requests: 2 HTTP requests in this frame

Frame: http://www.rebelscum.com/ad.asp?h=395
Frame ID: 59EA06B3A740CB2970D63C6E68EFB250
Requests: 2 HTTP requests in this frame

Frame: http://www.rebelscum.com/ad.asp?h=394
Frame ID: BDABA95B7C43531B9FC0FF815BF7249B
Requests: 2 HTTP requests in this frame

Frame: http://www.rebelscum.com/ad.asp?h=393
Frame ID: E8F5260F02E46E39D17899FF91927C0D
Requests: 2 HTTP requests in this frame

Frame: http://www.rebelscum.com/ir.asp?h=158
Frame ID: 1A81263551441B05AB16F40E04BBA275
Requests: 2 HTTP requests in this frame

Frame: http://www.rebelscum.com/ad.asp?h=204
Frame ID: D26F29EB685436B417A6510C2AC1FE39
Requests: 2 HTTP requests in this frame

Frame: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 0CE9378F800B1F5BA9DEE6E00C25E597
Requests: 16 HTTP requests in this frame

Frame: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E666C773EAA496A83BC63759DD879178
Requests: 16 HTTP requests in this frame

Frame: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 3068F0DB2AC54FFD620B342BDA3FEA5E
Requests: 16 HTTP requests in this frame

Frame: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E26EEB20FB70A616879B0403C4B63E8D
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmZKBCH0_e5AhihiMClATAB&v=APEucNXVIHLRs9Zq7FaKLJMUKizz2nwK86OpO95ICS0800x6HIsBB5bbCKRKul76i014PKKiy13owJozfKAuqZNYTP0gXG5-4K9xS9dKKGgpPs4OdmAQbonl59_wB1t8jJfF6ti43dcLRJicb9csDfNEy_-6zaS1yl0mbGuNhtCwWenX1cQAbJIXyOIPxOMbgzZsZR7itFa-fWLGTKs5GqlxQi0UYZE1ZQ
Frame ID: 48DFFBC92794B6914C67A7FC4A29AE32
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmZKBCH0_e5AhjNg8ClATAB&v=APEucNWkjXT4xnZpDbstOmrxTGtdGX0rsujDDRCxUrefIz4qqbzfPbkU_H_KNy6J3rB57zbfgdG4zMmUuYQnr8rRD9swnyNSPNlPR4V-tdnO9CLVepa_YsUXBqgg6hcoo1e9iopKqd2ilth7VReKwtUf1-Ok0ehiLlzgZP67xaMl_GSz14EwyUXdOdOl-tsh9LsfXdFi75iXsxwDl5dkOJfJUcgHlZdb7Q
Frame ID: 1BDFFCDCB9E891496E6D8C18A485AC06
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmZKBCH0_e5AhjchsClATAB&v=APEucNWMaBKux_6iaKhylq1e6_nYsDOausi7OMmnl1toe5OMM6oMdstBl8MWC5kiNlSYDXcXZRqzCP8KnvXnmWW42IBwQIw5k1iw8qv00uKM4GyQcPIq-rB4pkaTRImqu8kgJ9RYtJ4IZu0bZ_vgpe3w3ySQiQdG4xnEsrSDs9gt3yCZEcYdbJissxsm0A1fm2mMBkXorGkwnuujMJtxswZHGmErXGWxiQ
Frame ID: 67D6CC855A3B1B204AB5BDC0383F10FB
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICfxAEQ7KXQkAIYxbaHkgEwAQ&v=APEucNWYF4qH0W_bghPvfBkPahGcPLvpo3S8llU9qL66PJLK5PlZMK4fyced41nxao2yV8AOv10tipkAjhor-Xr38whX356874wjCVlWlWejMUAwhnsrHygvUFZApwqpPBRFaxbM4e3kjjqz1T_XYjJDcKAxxZdxHgqCl04W4O3sf7BOIzoSuI2sHqm5sIUWNRMFm2vM85MvVuqFuZnUaW1GM_QTYSlGsw
Frame ID: 4AD234921ADF70F010A734AAB04BBF66
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 6CD7311719C722A56ACC91FDD65BC517
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/10211492/1619696784694/index.html
Frame ID: 079FF1D894A7F00BBE58B5FD7F5B5BF8
Requests: 20 HTTP requests in this frame

Frame: https://s0.2mdn.net/10211492/1619696795972/index.html
Frame ID: BFA1471C0FFD9C32DAA86FACA311E7D7
Requests: 18 HTTP requests in this frame

Frame: https://s0.2mdn.net/10211492/1619696804644/index.html
Frame ID: 1205DAD393627DFF0DCA8EEBC263D6AD
Requests: 18 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 894E4568AA6C1274BC79003CF6DB4062
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B4D1937013861F864252D7A47A5325B2
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 92CE78A2C7820D8A21BE34A3CD470658
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 3663A8A08B142A7DE86B8130EB556202
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/10176009/1601280469250/index.html
Frame ID: 0C3653CF6BFE5BDB67338F8212895FE1
Requests: 8 HTTP requests in this frame

Frame: https://pre.ads.justpremium.com/v/1.0/t/sync
Frame ID: B177E36581AB90F37BAC9F7DCDB42931
Requests: 1 HTTP requests in this frame

Frame: http://tracking.justpremium.com/tracking.gif?rid=r-ce1e7b9e-d853-44af-a573-b760b622cae0-13818-421119405&sid=r-f733e4b6-c9a1-455f-aae5-7c199408394f-87546-707887410&uid=&vr=v2.17.393&ru=http%3A%2F%2Frebelscum.com%2F&tt=1619777255604&siw=1042&sh=1200&sw=1600&wh=1200&ww=1600&an=2.3.1&vn=eu-central-1&sd=&_c=a6pa8zn1619777255604&et=&aid=413732,413732,413732,413732,413732,439178,439178,439178,439178,439179,439179,439179,439179,439180,439180,439180,439180,439180,439181,439181,439181,439181,439181,439439,439439,439439,439439,439439,439439,421368,421368,421368,421368,421368&said=1057252,1057254,1057253,1057251,1192765,1173690,1173691,1173692,1173693,1173694,1173695,1173697,1173696,1173698,1173699,1173700,1173701,1195154,1173702,1173703,1173704,1173705,1195098,1174834,1174835,1174836,1174837,1174838,1195174,1134002,1093829,1093830,1093831,1143270&ei=22347399%2C430423%2C19900489%2C541193082%2C1192765%2C543897065%2C22443924%2C21028789%2C430429%2C543897066%2C22443925%2C430432%2C21028790%2C543897067%2C22443926%2C21028791%2C430436%2C1195154%2C543897068%2C22443927%2C21028792%2C430430%2C1195098%2C543897868%2C146753%2C22444623%2C21033772%2C430439%2C1195174%2C22406537%2C542319050%2C115840%2C20278754%2C430445&fc=wp,wp,wp,wp,wp,ca,ca,ca,ca,pd,pd,pd,pd,pa,pa,pa,pa,pa,sa,sa,sa,sa,sa,hv,hv,hv,hv,hv,hv,wv,wv,wv,wv,wv&sp=1,39,32,22,42,22,1,32,39,22,1,39,32,22,1,32,39,42,22,1,32,39,42,22,24,1,32,39,42,1,22,24,32,39&at=adserver&cid=&ist=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0&mg=&dl=&dlt=&ev=&vt=&zid=111507&dr=361&di=&pr=&cw=&ch=&nt=&st=&jp=%7B%22cls%22%3A%220.000%22%2C%22ph%22%3A5920%7D&ty=ex
Frame ID: 5959B7434FD9460510B09F94130A722A
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

IIS (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

228
Requests

80 %
HTTPS

58 %
IPv6

18
Domains

29
Subdomains

27
IPs

3
Countries

4175 kB
Transfer

6946 kB
Size

8
Cookies

46 Outgoing links

These are links going to different origins than the main page.

URL: http://cookiesandyou.com/
Title: Learn more

Search URL Search Domain Scan URL

URL: https://www.collectinghq.com/ir.asp?i=211&r=

Search URL Search Domain Scan URL

URL: http://www.rebelscum.com/
Title: HOME

Search URL Search Domain Scan URL

URL: https://registry.rebelscum.com/
Title: High-End Registry

Search URL Search Domain Scan URL

URL: https://www.collectinghq.com/pv.asp?c=229
Title: Probe Droid Polls

Search URL Search Domain Scan URL

URL: http://www.rebelscum.com/c-aunznews.asp/
Title: Rebelscum AU / NZ

Search URL Search Domain Scan URL

URL: https://euro.rebelscum.com/
Title: Rebelscum Euro

Search URL Search Domain Scan URL

URL: https://spanish.rebelscum.com/
Title: Rebelscum Spanish

Search URL Search Domain Scan URL

URL: https://japan.rebelscum.com/
Title: Rebelscum Japan

Search URL Search Domain Scan URL

URL: http://www.rebelscum.com/c-aunznews.asp
Title: Rebelscum AU / NZ

Search URL Search Domain Scan URL

URL: http://www.rebelscum.com/swlinks.asp
Title: All Links

Search URL Search Domain Scan URL

URL: https://www.theforce.net/
Title: TheForce.net

Search URL Search Domain Scan URL

URL: https://www.forcecast.net/
Title: ForceCast.net

Search URL Search Domain Scan URL

URL: https://www.starwars.com/
Title: Star Wars.com

Search URL Search Domain Scan URL

URL: https://starwars.hasbro.com/
Title: Hasbro (USA)

Search URL Search Domain Scan URL

URL: https://www.hasbro.fr/
Title: Hasbro (France)

Search URL Search Domain Scan URL

URL: https://www.cooltoyreview.com/
Title: Cool Toy Review

Search URL Search Domain Scan URL

URL: https://www.officialpix.com/
Title: Officialpix.com

Search URL Search Domain Scan URL

URL: https://www.collectinghq.com/ad.asp?i=524&g=379&r=
Title: BigBadToyStore.com

Search URL Search Domain Scan URL

URL: https://www.collectinghq.com/ad.asp?i=523&g=380&r=
Title: Entertainment Earth

Search URL Search Domain Scan URL

URL: https://www.collectinghq.com/ad.asp?i=525&g=381&r=
Title: Collectors Gallery

Search URL Search Domain Scan URL

URL: https://www.collectinghq.com/ad.asp?i=528&g=384&r=
Title: Official Pix

Search URL Search Domain Scan URL

URL: https://www.collectinghq.com/ad.asp?i=758&g=383&r=
Title: eBay

Search URL Search Domain Scan URL

URL: http://www.rebelscum.com/estore/categories.asp
Title: Rebelscum Store

Search URL Search Domain Scan URL

URL: http://www.rebelscum.com/estore/categories.asp?cat=8
Title: Product Displays

Search URL Search Domain Scan URL

URL: http://www.rebelscum.com/estore/categories.asp?cat=173
Title: Gentle Giant Stuff for Sale

Search URL Search Domain Scan URL

URL: http://www.rebelscum.com/estore/products.asp?cat=176
Title: Prop Replicas

Search URL Search Domain Scan URL

URL: https://www.amazon.com/gp/search?ie=UTF8&keywords=star%20wars&tag=rebelscumcom&index=books&linkCode=ur2&camp=1789&creative=9325
Title: Amazon

Search URL Search Domain Scan URL

URL: https://www.collectinghq.com/ad.asp?i=562&g=402&r=
Title: Gentle Giant

Search URL Search Domain Scan URL

URL: https://www.collectinghq.com/ad.asp?i=561&g=401&r=
Title: Anovos

Search URL Search Domain Scan URL

URL: https://www.collectinghq.com/ad.asp?i=563&g=403&r=
Title: QMX

Search URL Search Domain Scan URL

URL: https://www.collectinghq.com/ad.asp?i=565&g=405&r=
Title: eFX

Search URL Search Domain Scan URL

URL: https://forum.rebelscum.com/
Title: FORUMS

Search URL Search Domain Scan URL

URL: https://www.youtube.com/hasbropulse
Title: Hasbro Pulse's YouTube channel

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=jU1IRBw_9_c
Title: livestreaming

Search URL Search Domain Scan URL

URL: https://www.entertainmentearth.com/hitlist.asp?theme=Star+Wars&id=RE-108311290

Search URL Search Domain Scan URL

URL: http://www.rebelscum.com/star-wars-celebration-chicago-2019.asp

Search URL Search Domain Scan URL

URL: http://spanish.rebelscum.com/

Search URL Search Domain Scan URL

URL: https://forum.rebelscum.com/forum.php

Search URL Search Domain Scan URL

URL: https://forum.rebelscum.com/threads/el-cuarto-de-chateo.1086072/
Title: "El cuarto de chateo"

Search URL Search Domain Scan URL

URL: https://forum.rebelscum.com/threads/bo-katan-kryze-tm10.1145795/
Title: Bo Katan Kryze - #TM10

Search URL Search Domain Scan URL

URL: https://forum.rebelscum.com/threads/asajj-ventress.1145792/
Title: Asajj Ventress

Search URL Search Domain Scan URL

URL: https://forum.rebelscum.com/threads/new-retro-line.1141046/
Title: New Retro Line

Search URL Search Domain Scan URL

URL: https://forum.rebelscum.com/threads/gi-joe-classified-firefly-and-the-viper.1146173/
Title: GI joe Classified Firefly and the Viper

Search URL Search Domain Scan URL

URL: https://forum.rebelscum.com/threads/luke-skywalkers-x-wing-fighter.1142506/
Title: Luke Skywalker's X-Wing Fighter

Search URL Search Domain Scan URL

URL: https://forum.rebelscum.com/threads/is-this-a-legit-orange-hair-farm-boy-luke.1147201/
Title: Is this a legit orange hair farm boy luke?

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

http://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css

Request Chain 4

http://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js

Request Chain 23

http://www.google-analytics.com/ga.js HTTP 307
https://www.google-analytics.com/ga.js

Request Chain 25

http://connect.facebook.net/en_US/all.js HTTP 307
https://connect.facebook.net/en_US/all.js

Request Chain 36

http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=720795963&utmhn=rebelscum.com&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Rebelscum.com%3A%20Home%20Page&utmhid=857797694&utmr=-&utmp=%2F&utmht=1619777252519&utmac=UA-2973792-2&utmcc=__utma%3D133095309.1493116209.1619777253.1619777253.1619777253.1%3B%2B__utmz%3D133095309.1619777253.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=74307286&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 307
https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=720795963&utmhn=rebelscum.com&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Rebelscum.com%3A%20Home%20Page&utmhid=857797694&utmr=-&utmp=%2F&utmht=1619777252519&utmac=UA-2973792-2&utmcc=__utma%3D133095309.1493116209.1619777253.1619777253.1619777253.1%3B%2B__utmz%3D133095309.1619777253.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=74307286&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

Request Chain 54

http://us.ads.justpremium.com/adserve/js.php?zone=111507 HTTP 301
https://us.ads.justpremium.com/adserve/js.php?zone=111507

Request Chain 60

http://cdn.justpremium.com/js/v2.17.393/jpx.js HTTP 301
https://cdn.justpremium.com/js/v2.17.393/jpx.js

Request Chain 109

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1

Request Chain 110

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YIvW5qabWM60D7pR25JYFwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1

Request Chain 111

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOXkho1YpX108udyHW6e5jQ&google_cver=1

Request Chain 112

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTY3ODQzMzE5NDk1OTA3MzQxNA%3D%3D

Request Chain 113

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1

Request Chain 114

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YIvW5qabWM60D7pR25JYFwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1

Request Chain 115

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOXkho1YpX108udyHW6e5jQ&google_cver=1

Request Chain 116

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTY3ODQzMzE5NDk1OTA3MzQxNA%3D%3D

Request Chain 118

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1

Request Chain 119

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YIvW5qabWM60D7pR25JYFwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1

Request Chain 120

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOXkho1YpX108udyHW6e5jQ&google_cver=1

Request Chain 121

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTY3ODQzMzE5NDk1OTA3MzQxNA%3D%3D

Request Chain 122

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1

Request Chain 123

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YIvW5qabWM60D7pR25JYFwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1

Request Chain 124

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOXkho1YpX108udyHW6e5jQ&google_cver=1

Request Chain 125

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTY3ODQzMzE5NDk1OTA3MzQxNA%3D%3D

Request Chain 220

https://unpkg.com/web-vitals HTTP 302
https://unpkg.com/web-vitals@1.1.1 HTTP 302
https://unpkg.com/web-vitals@1.1.1/dist/web-vitals.umd.js

228 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set / Show response
rebelscum.com/ 52 KB
12 KB 476ms
460ms Document
text/html 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 5c93fda3e16aa6a1cb5a3b643f576564c0b8e91a2cfabe54a42152e292ee5658

Request headers

Host: rebelscum.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Cache-Control: private
Content-Type: text/html
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ; path=/
X-Powered-By: ASP.NET
Date: Fri, 30 Apr 2021 10:07:31 GMT
Content-Length: 12402

GET
H/1.1 200
OK v3-style.css
rebelscum.com/ 22 KB
5 KB 125ms
114ms Stylesheet
text/css 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: http://rebelscum.com/v3-style.css
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 985859f8de08c975344385e2beb2075b3308ecc0226611e3e787ade5d883c250

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rebelscum.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://rebelscum.com/
Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ
Connection: keep-alive
Cache-Control: no-cache
Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:31 GMT
Content-Encoding: gzip
Last-Modified: Thu, 28 May 2020 04:16:18 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "09528bca634d61:0"
Vary: Accept-Encoding
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 4349

GET
H/1.1 200
OK V3-global.js Show response
rebelscum.com/template/ 124 B
544 B 234ms
218ms Script
application/javascript 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: http://rebelscum.com/template/V3-global.js
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 2ca9e241922969ebee8b557e27c164591e208cc6b44e4e1bed559006a8f435e6

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rebelscum.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://rebelscum.com/
Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ
Connection: keep-alive
Cache-Control: no-cache
Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:31 GMT
Content-Encoding: gzip
Last-Modified: Tue, 23 May 2017 00:42:23 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "f1605d715dd3d21:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 236

GET
H2 200 rules.js Show response
cdn.adligature.com/rs/prod/ 17 KB
3 KB 148ms
130ms Script
application/javascript 2606:4700:3031::ac43:cab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/rs/prod/rules.js
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:cab1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87a5b478b0ae921eb014499f444e7b150baac04f6ffb06d6f3a7d5b66d01c968

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=HQYiXQ==, md5=KM88Giee7zHeHY7BeK0RAQ==
date: Fri, 30 Apr 2021 10:07:32 GMT
content-encoding: br
cf-cache-status: REVALIDATED
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-polished: origSize=33005
x-guploader-uploadid: ABg5-UzMIjh2V1gV6cp0jQi7xOIsnbPSr2QQMGO5FtqeQGApEOpmLmMC8kQrvLi_SiNXEfbCUOnhTkQCaxe4ID8jvhwhbPGnaQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09c3d8838200001f21a1baa000000001
last-modified: Tue, 20 Apr 2021 14:47:01 GMT
server: cloudflare
etag: W/"28cf3c1a279eef31de1d8ec178ad1101"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=iFKsQD8KGpklLIC6rOQvddX0CQa4vLXM7VILMBABy5b46KOQcoghbvR7omsOTAMfmpVDfGGI8f%2BYsMKMWBIVkJpzQCYpM1K33saO2kCSCdddhDYC4BFGhqmO9aKjHjM%3D"}],"group":"cf-nel"}
x-goog-generation: 1618930021470829
content-type: application/javascript
cache-control: public, max-age=1800, s-maxage=600, must-revalidate
x-goog-stored-content-length: 33005
cf-ray: 647ff6b26c291f21-FRA
expires: Fri, 30 Apr 2021 10:17:32 GMT

GET
H2

200

cookieconsent.min.css
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css
https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css

4 KB
1 KB

47ms
32ms

Stylesheet
text/css

2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css

Requested by

Host: rebelscum.com
URL: http://rebelscum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:07:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 1346201
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 948
cf-request-id: 09c3d8838000004e86d51d4000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-f62"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=FP9uiCdziwHW%2FKqQ00eMNw7rw9GD0jgpLx2eCTZAuT6CV8dQSSy%2BQm7lyYS0fDSzSlsgJufwQ8arkIFFARohU5Ked%2BhSkT72444nW2d8a7B41pOI4X6J5dhBzcH6tBB2Vw%3D%3D"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 647ff6b26a3c4e86-FRA
expires: Wed, 20 Apr 2022 10:07:32 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css
Non-Authoritative-Reason: HSTS

GET
H2

200

cookieconsent.min.js Show response
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js
https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js

19 KB
6 KB

32ms
18ms

Script
application/javascript

2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js

Requested by

Host: rebelscum.com
URL: http://rebelscum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:07:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 1847392
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5676
cf-request-id: 09c3d8838000004e868a996000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-4d5a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=GmJH06VubJHQfw895VwSb%2Brdv3jc%2BwD7wJB%2FnF02qERk0nlv5xapAgMT3UhEXJ7%2F1OLNIszUCtwJuMikl42MFdBk%2BFv1G2%2F6ijjo%2FkYJnI%2FerbBcHCqXNIKVh2dx3YERkw%3D%3D"}]}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 647ff6b26a404e86-FRA
expires: Wed, 20 Apr 2022 10:07:32 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK header-default-txt.png
rebelscum.com/images/v3/ 3 KB
3 KB 115ms
115ms Image
image/png 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://rebelscum.com/images/v3/header-default-txt.png
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: bddea1985c717af31c09bad8ea0d16a391737286d10035b627fdc603e27133d1

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rebelscum.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://rebelscum.com/
Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ
Connection: keep-alive
Cache-Control: no-cache
Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:31 GMT
Last-Modified: Mon, 22 May 2017 12:29:57 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "d81fa81ff7d2d21:0"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 3280

GET
H/1.1 200
OK 00.png
rebelscum.com/images/v3/ 10 KB
10 KB 117ms
116ms Image
image/png 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://rebelscum.com/images/v3/00.png
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ebdc0a6cf024c74b0c7255efd7d9072ef08c97ebdf4bff060464fb4a9de5c12a

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rebelscum.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://rebelscum.com/
Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ
Connection: keep-alive
Cache-Control: no-cache
Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Mon, 22 May 2017 12:30:02 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "ec9cac22f7d2d21:0"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 9776

GET
H/1.1 200
OK bbtssw-526x197.jpg
www.rebelscum.com/2020/ 50 KB
50 KB 235ms
214ms Image
image/jpeg 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rebelscum.com/2020/bbtssw-526x197.jpg
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 3e9b4ea5e439c4fa32c3ff2af4521ac999197a97600eeab8e3dcc6ed43834184

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Thu, 04 Jun 2020 14:18:42 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "f43de7c7b3ad61:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 50710

GET
H/1.1 200
OK fft.jpg
rebelscum.com/2021/ 62 KB
62 KB 121ms
116ms Image
image/jpeg 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://rebelscum.com/2021/fft.jpg
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: dacf3e7ed7324d92588604cac83b5bd3352725a89188cff29c4194769e553ef5

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rebelscum.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://rebelscum.com/
Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ
Connection: keep-alive
Cache-Control: no-cache
Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Tue, 27 Apr 2021 19:44:35 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "80d320c09d3bd71:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 63418

GET
H/1.1 200
OK snoke-header.jpg
rebelscum.com/2021/ 135 KB
135 KB 229ms
210ms Image
image/jpeg 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://rebelscum.com/2021/snoke-header.jpg
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d5bcdf835acdc9da83e51b359b1dd348c814f6f72e769cfa98389cd34391eca1

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rebelscum.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://rebelscum.com/
Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ
Connection: keep-alive
Cache-Control: no-cache
Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Mon, 26 Apr 2021 20:57:38 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "6779bcade3ad71:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 137822

GET
H/1.1 200
OK Marvel-Logo-large.jpg
www.rebelscum.com//2020/ 50 KB
50 KB 234ms
214ms Image
image/jpeg 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rebelscum.com//2020/Marvel-Logo-large.jpg
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 7663b57b20f1b9c59a7424b6e781f3d335a26decf13182609194cc27149a6dc3

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Wed, 08 Jul 2020 12:05:28 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "e39059122055d61:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 50752

GET
H/1.1 200
OK header.jpg
rebelscum.com/2021/LFL50-CW-official/ 83 KB
83 KB 233ms
214ms Image
image/jpeg 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://rebelscum.com/2021/LFL50-CW-official/header.jpg
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 431a21c5d7f84abde0abb7814de27832b5dc9c2cd7edff76260ef41e973f5b9e

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rebelscum.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://rebelscum.com/
Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ
Connection: keep-alive
Cache-Control: no-cache
Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Tue, 20 Apr 2021 17:02:56 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "0a02e2736d71:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 85064

GET
H/1.1 200
OK header2.jpg
rebelscum.com/2021/lfl50-cw/ 70 KB
71 KB 229ms
210ms Image
image/jpeg 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://rebelscum.com/2021/lfl50-cw/header2.jpg
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 42a5231261ae07794968a052e99facaf6c2f4d1d4b37a932525b07236365c60d

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rebelscum.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://rebelscum.com/
Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ
Connection: keep-alive
Cache-Control: no-cache
Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Tue, 20 Apr 2021 14:41:36 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "050b543f335d71:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 71982

GET
H/1.1 200
OK fanfestgallery.jpg
rebelscum.com/2021/ 64 KB
64 KB 115ms
115ms Image
image/jpeg 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://rebelscum.com/2021/fanfestgallery.jpg
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d94910b9ee34d16facb975f24fa1f7b60de2af4049a5e5264ead646522082b23

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rebelscum.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://rebelscum.com/
Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ
Connection: keep-alive
Cache-Control: no-cache
Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Fri, 09 Apr 2021 21:02:44 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "0f28daf832dd71:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 65199

GET
H/1.1 200
OK epurge.jpg
rebelscum.com/2021/ 66 KB
66 KB 160ms
112ms Image
image/jpeg 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://rebelscum.com/2021/epurge.jpg
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 9e60eb2449c9b84596b0dc6843fbe6c742caed8999ce1142f9a4b7faf44bdae7

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rebelscum.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://rebelscum.com/
Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ; __utma=133095309.1493116209.1619777253.1619777253.1619777253.1; __utmc=133095309; __utmz=133095309.1619777253.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=133095309.1.10.1619777253; AdvallyUserLocation=AT,9
Connection: keep-alive
Cache-Control: no-cache
Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Fri, 09 Apr 2021 20:49:02 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "0b39ac5812dd71:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 67791

GET
H/1.1 200
OK ffr.jpg
rebelscum.com/2021/ 64 KB
64 KB 136ms
113ms Image
image/jpeg 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://rebelscum.com/2021/ffr.jpg
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 165568a60ccfd2f174077e909c913ab1a9a232e302db1c6b50b7275a341a754d

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rebelscum.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://rebelscum.com/
Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ; __utma=133095309.1493116209.1619777253.1619777253.1619777253.1; __utmc=133095309; __utmz=133095309.1619777253.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=133095309.1.10.1619777253; AdvallyUserLocation=AT,9
Connection: keep-alive
Cache-Control: no-cache
Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Fri, 09 Apr 2021 19:17:34 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "05b80fe742dd71:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 65525

GET
H/1.1 200
OK fanfest2.jpg
rebelscum.com/2021/ 44 KB
45 KB 125ms
116ms Image
image/jpeg 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://rebelscum.com/2021/fanfest2.jpg
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 78f13abe0833bee3658550941eeeac5bc62e1e16fa1aa1b624595593c37b7bb8

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rebelscum.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://rebelscum.com/
Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ; __utma=133095309.1493116209.1619777253.1619777253.1619777253.1; __utmc=133095309; __utmz=133095309.1619777253.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=133095309.1.10.1619777253; AdvallyUserLocation=AT,9
Connection: keep-alive
Cache-Control: no-cache
Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Fri, 09 Apr 2021 16:28:12 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "0367a555d2dd71:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 45524

GET
H/1.1 200
OK gentle-giant-ltd-death-watch-mandalorian-mini-bust-header.jpg
rebelscum.com/2021/ 46 KB
47 KB 125ms
116ms Image
image/jpeg 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://rebelscum.com/2021/gentle-giant-ltd-death-watch-mandalorian-mini-bust-header.jpg
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 1b4e4ff98116528683dee1bf5916708d81813fc3bff5f7fc789097c0bf2a65a2

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rebelscum.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://rebelscum.com/
Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ; __utma=133095309.1493116209.1619777253.1619777253.1619777253.1; __utmc=133095309; __utmz=133095309.1619777253.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=133095309.1.10.1619777253; AdvallyUserLocation=AT,9
Connection: keep-alive
Cache-Control: no-cache
Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Thu, 08 Apr 2021 02:43:06 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "cef6b0e7202cd71:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 47378

GET
H/1.1 200
OK gentle-giant-ltd-tessek-mini-bust-finish-product-first-look-header.jpg
rebelscum.com/2021/ 906 KB
907 KB 134ms
118ms Image
image/jpeg 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://rebelscum.com/2021/gentle-giant-ltd-tessek-mini-bust-finish-product-first-look-header.jpg
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 1f510b21533556df763d49d52c9b69e85d24bc78bc1144168597dbb1b449fe9e

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rebelscum.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://rebelscum.com/
Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ; __utma=133095309.1493116209.1619777253.1619777253.1619777253.1; __utmc=133095309; __utmz=133095309.1619777253.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=133095309.1.10.1619777253; AdvallyUserLocation=AT,9
Connection: keep-alive
Cache-Control: no-cache
Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Wed, 07 Apr 2021 01:52:39 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "b4dce7b0502bd71:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 928121

GET
H/1.1 200
OK ee-173x90.gif
rebelscum.com/ads/ 8 KB
8 KB 446ms
115ms Image
image/gif 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://rebelscum.com/ads/ee-173x90.gif
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: f8425cfcb137778595ddfbd149589821be274befe06bbeabf991fada54ba4354

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rebelscum.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://rebelscum.com/
Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ; __utma=133095309.1493116209.1619777253.1619777253.1619777253.1; __utmc=133095309; __utmz=133095309.1619777253.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=133095309.1.10.1619777253
Connection: keep-alive
Cache-Control: no-cache
Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Tue, 14 May 2019 19:24:03 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "66cdf6968aad51:0"
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 7849

GET
H/1.1 200
OK Celebration-Chicago-2019-tn.jpg
rebelscum.com/2019-Star-Wars-Celebration/ 83 KB
83 KB 357ms
117ms Image
image/jpeg 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://rebelscum.com/2019-Star-Wars-Celebration/Celebration-Chicago-2019-tn.jpg
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 1bdcde5969df6f57f5e1b16b2a7d422071c7cc3929bfd1f47c6cc98fb7ebb3e0

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rebelscum.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://rebelscum.com/
Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ; __utma=133095309.1493116209.1619777253.1619777253.1619777253.1; __utmc=133095309; __utmz=133095309.1619777253.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=133095309.1.10.1619777253
Connection: keep-alive
Cache-Control: no-cache
Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Sun, 30 Jun 2019 18:27:48 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "46e83185712fd51:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 84931

GET
H/1.1 200
OK rs-spanish2018.gif
rebelscum.com/2018/ 2 KB
3 KB 455ms
116ms Image
image/gif 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://rebelscum.com/2018/rs-spanish2018.gif
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ac462b7e2edb2f4614f9d1c0dac65ad68fbc67db07cb09a59afb1d9ba425c814

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rebelscum.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://rebelscum.com/
Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ; __utma=133095309.1493116209.1619777253.1619777253.1619777253.1; __utmc=133095309; __utmz=133095309.1619777253.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=133095309.1.10.1619777253
Connection: keep-alive
Cache-Control: no-cache
Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Sat, 04 Aug 2018 17:04:58 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "2127446152cd41:0"
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 2463

GET
H/1.1 200
OK forum-bucket-hdr.gif
rebelscum.com/images/v3/ 2 KB
3 KB 368ms
115ms Image
image/gif 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://rebelscum.com/images/v3/forum-bucket-hdr.gif
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4b373d76db2878ff482a9b1a65111560310ca89d267cc43d46fddd1ce5439403

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rebelscum.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://rebelscum.com/
Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ; __utma=133095309.1493116209.1619777253.1619777253.1619777253.1; __utmc=133095309; __utmz=133095309.1619777253.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=133095309.1.10.1619777253
Connection: keep-alive
Cache-Control: no-cache
Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Mon, 22 May 2017 12:29:57 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "5ebda51ff7d2d21:0"
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 2398

GET
H2

200

ga.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/ga.js
https://www.google-analytics.com/ga.js

45 KB
17 KB

6ms
6ms

Script
text/javascript

2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/ga.js

Requested by

Host: rebelscum.com
URL: http://rebelscum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 3966
date: Fri, 30 Apr 2021 09:01:26 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Fri, 30 Apr 2021 11:01:26 GMT

Redirect headers

Location: https://www.google-analytics.com/ga.js
Non-Authoritative-Reason: HSTS

GET
H3-29 200 advally-4.1.1.js Show response
cdn.adligature.com/rules.js/ 85 KB
21 KB 36ms
21ms Script
application/javascript 2606:4700:3031::ac43:cab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/rs/prod/rules.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:cab1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90c9aedece0fa2103d1922ce78181d681729306be45d18b0e6d21fec19e1512a

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=PGZZkQ==, md5=US4GrndfuOhKm+dX3IqSDQ==
date: Fri, 30 Apr 2021 10:07:32 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 4979
cf-polished: origSize=144539
x-guploader-uploadid: ABg5-UwAZBjQdVUgMNRt42hjqPCBxUBTZDFK8k4T96uWyXq4bwgl39UtzWqQgMN3kTGrCNKuZ3Brvt-T6j2WXE50IZFYgYMOGg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09c3d8847300004eb5e13c7000000001
last-modified: Mon, 19 Apr 2021 14:49:02 GMT
server: cloudflare
etag: W/"512e06ae775fb8e84a9be757dc8a920d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Da7X6SF5ZqjVMhqMH2wMJFWSVt7TEUP7aeCyHOSGyY8JSVvyHG0rklJQ4inpZUxKJRWeiktEOLxSNPDqsDGJbsUJJ6uXA4Z3RV9QZl3crGn%2Be%2Brx13ujOu4nE4By%2FoY%3D"}],"max_age":604800}
x-goog-generation: 1618843742474715
content-type: application/javascript
cache-control: public, max-age=7200, s-maxage=7200, must-revalidate
x-goog-stored-content-length: 144539
cf-ray: 647ff6b3ec004eb5-FRA
expires: Fri, 30 Apr 2021 10:44:33 GMT

GET
H2

200

all.js Show response
connect.facebook.net/en_US/
Redirect Chain

http://connect.facebook.net/en_US/all.js
https://connect.facebook.net/en_US/all.js

3 KB
2 KB

7ms
6ms

Script
application/x-javascript

2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: rebelscum.com
URL: http://rebelscum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ad6ddae3b0bee6b6d4ac01839cf25f68f0805079a7762ba930b4093a24f5331e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: sKLVV6dD+NBmk5SnJhZXpQ==
cross-origin-resource-policy: cross-origin
expires: Fri, 30 Apr 2021 10:21:52 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1780
x-fb-rlafr: 0
x-fb-debug: /eNOXXTOaC+oErtHJf4Y94bnfA+3n1G2jHnuA2CewvrqKutML+g3fSvnIe/F1FXQYb6O62JqT1m3ivyRy/oaHQ==
x-fb-trip-id: 686109401
x-fb-content-md5: 6057e78db73a32618bc58fdc00ff1514
date: Fri, 30 Apr 2021 10:07:32 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "ca30bdc1eb8c1cd89c360c785aef58ce"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

Redirect headers

Location: https://connect.facebook.net/en_US/all.js#xfbml=1
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK Cookie set ad.asp Show response
www.rebelscum.com/ Frame 2C2A 328 B
648 B 245ms
229ms Document
text/html 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: http://www.rebelscum.com/ad.asp?h=379
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 973dc29ddae88a5a064eda575754839f8486b0540c45c1c0328149767fb8aa6c

Request headers

Host: www.rebelscum.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://rebelscum.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://rebelscum.com/

Response headers

Cache-Control: private
Content-Type: text/html
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: ASPSESSIONIDQQBDBRBQ=ACBBIFNBIBIOPEDBAJKFPFMB; path=/
X-Powered-By: ASP.NET
Date: Fri, 30 Apr 2021 10:07:32 GMT
Content-Length: 357

GET
H/1.1 200
OK Cookie set ad.asp Show response
www.rebelscum.com/ Frame E3C9 325 B
645 B 258ms
242ms Document
text/html 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: http://www.rebelscum.com/ad.asp?h=384
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: c345cc68ba35ffa3252a80f00edd374ba46103aab9bbdce8f3cfe3b211f07263

Request headers

Host: www.rebelscum.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://rebelscum.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://rebelscum.com/

Response headers

Cache-Control: private
Content-Type: text/html
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: ASPSESSIONIDQQBDBRBQ=BCBBIFNBIMKHNHFNLNOJEPBO; path=/
X-Powered-By: ASP.NET
Date: Fri, 30 Apr 2021 10:07:32 GMT
Content-Length: 354

GET
H/1.1 200
OK Cookie set ad.asp Show response
www.rebelscum.com/ Frame 9E26 341 B
660 B 254ms
238ms Document
text/html 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: http://www.rebelscum.com/ad.asp?h=380
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 6e2b382d798fdad058ab0c7fd8efcd7e7eb7aae61e56c9ad5105f8ab4fb2593c

Request headers

Host: www.rebelscum.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://rebelscum.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://rebelscum.com/

Response headers

Cache-Control: private
Content-Type: text/html
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: ASPSESSIONIDQQBDBRBQ=CCBBIFNBMIMABACGNEIAKJLJ; path=/
X-Powered-By: ASP.NET
Date: Fri, 30 Apr 2021 10:07:32 GMT
Content-Length: 369

GET
H/1.1 200
OK top-header-bgrnd.gif
rebelscum.com/images/v3/ 8 KB
8 KB 194ms
117ms Image
image/gif 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://rebelscum.com/images/v3/top-header-bgrnd.gif
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/v3-style.css
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 5338f3cb3e2733c24d559b5c265245e2f5d33ee57b540baa0997df8e831f8495

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rebelscum.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://rebelscum.com/v3-style.css
Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ
Connection: keep-alive
Cache-Control: no-cache
Referer: http://rebelscum.com/v3-style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Mon, 22 May 2017 12:29:56 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "d74e331ff7d2d21:0"
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 8193

GET
H/1.1 200
OK top-menu-bgrnd.png
rebelscum.com/images/v3/ 1021 B
1 KB 313ms
116ms Image
image/png 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://rebelscum.com/images/v3/top-menu-bgrnd.png
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/v3-style.css
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: a0ed07cdccf293276355d35858b942e7615a3aef67d598add7dcbf1c6b537435

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rebelscum.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://rebelscum.com/v3-style.css
Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ
Connection: keep-alive
Cache-Control: no-cache
Referer: http://rebelscum.com/v3-style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Mon, 22 May 2017 12:29:56 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "d74e331ff7d2d21:0"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 1021

GET
H/1.1 200
OK btn-fullstory.gif
rebelscum.com/images/v3/ 273 B
521 B 315ms
115ms Image
image/gif 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://rebelscum.com/images/v3/btn-fullstory.gif
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/v3-style.css
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 71d3cbad060831c5d25685a643d211e5b5da3abd4149c0acead41197775f3cda

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rebelscum.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://rebelscum.com/v3-style.css
Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ
Connection: keep-alive
Cache-Control: no-cache
Referer: http://rebelscum.com/v3-style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Mon, 22 May 2017 12:29:59 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "71c3ee20f7d2d21:0"
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 273

GET
H3-29 200 all.js Show response
connect.facebook.net/en_US/ 211 KB
63 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=8d8a528c52439a9f0b0faa7879f75dba&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: http://connect.facebook.net/en_US/all.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f799114ad04d837e3f41c505a269dafaf09a50e1b2a09690776289d51d7d7060

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: http://rebelscum.com
Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: WowqlmYAIdBfL6z+yPXymg==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 64879
x-fb-rlafr: 0
x-fb-debug: hiYg0EbOgw6s58d6GYZyab+3QcERrJCPXD3tRJQ70yb91FqCp0B7ZlKB8gYn6fAM0rQfODjLh/YCJjWSuVCVTw==
x-fb-content-md5: 5e67bdcf24c74a8d9c2eb66b9a5cce75
x-frame-options: DENY
date: Fri, 30 Apr 2021 10:07:32 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "38f39ff2012da378fa6f12467a7d207d"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 30 Apr 2022 08:21:36 GMT

GET
H/1.1 200
OK / Show response
pro.ip-api.com/csv/ 5 B
153 B 88ms
27ms XHR
text/plain 51.77.64.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://pro.ip-api.com/csv/?key=ZxSSLwZtxrKxQbv&fields=countryCode,region
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.77.64.70 , France, ASN16276 (OVH, FR),
Reverse DNS: de-fra-1.pro.ip-api.com
Software: /
Resource Hash: 98c1a89b4842b7324c43c2f6becac3431778be30764bcb4cd0aaf42a057e6b40

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 30 Apr 2021 10:07:32 GMT
Content-Length: 5
Content-Type: text/plain; charset=utf-8

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 61 KB
21 KB 109ms
39ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

2a74b8527952879d073560bfa205ca1c458b36c7c188de94044ca6bdd67150b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:07:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "857 / 524 of 1000 / last-modified: 1619775531"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21185
x-xss-protection: 0
expires: Fri, 30 Apr 2021 10:07:32 GMT

GET
H/1.1 200
OK prebid-4.12.0.js Show response
cdn.adligature.com/prebid/ 357 KB
113 KB 23ms
17ms Script
application/javascript 2606:4700:3031::ac43:cab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.adligature.com/prebid/prebid-4.12.0.js
Requested by: Host: cdn.adligature.com
URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js
Protocol: HTTP/1.1
Server: 2606:4700:3031::ac43:cab1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4679ad6cd5721a39be373aff0e3539cc7b6d66b985bcb66d4b375f52e1b1ee91

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=Z/X3Ag==, md5=QfFBAoJIWksPcw6AOPUCLw==
Date: Fri, 30 Apr 2021 10:07:32 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"max_age":604800,"report_to":"cf-nel"}
Age: 446
Cf-Polished: origSize=365632
Transfer-Encoding: chunked
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-guploader-uploadid: ABg5-UxwS2Q9lnoSRdfUBQeGL7YvrHOnvqSP7s4UY2fXtnWMigxED2fi2dAyjLqUiALw_P619taXrb4E5nZEqjHrthbLECxryA
x-goog-stored-content-encoding: identity
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09c3d884a400004a983785f000000001
last-modified: Tue, 30 Mar 2021 15:47:29 GMT
Server: cloudflare
etag: W/"41f1410282485a4b0f730e8038f5022f"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=CIA0s80A1LkkKchrkz3DJeJDdXTG%2FiuE34eAevdTOPvduNLBpSMEmEPJlqBLjAd2XU8gM2PqcktXNfrKZ4m2aBwCWmhrEvsgH0Fsz5C3wangREwi2UFkQf8X5GIKxCs%3D"}],"max_age":604800,"group":"cf-nel"}
content-language: en
x-goog-generation: 1617119249016548
Content-Type: application/javascript
expires: Fri, 30 Apr 2021 10:10:06 GMT
cache-control: public, max-age=1800, s-maxage=600, must-revalidate
x-goog-stored-content-length: 365632
CF-RAY: 647ff6b43f0c4a98-FRA
Cf-Bgj: minify

GET
H3-29

200

__utm.gif
www.google-analytics.com/r/
Redirect Chain

http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=720795963&utmhn=rebelscum.com&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=R...
https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=720795963&utmhn=rebelscum.com&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=...

35 B
54 B

13ms
13ms

Image
image/gif

2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=720795963&utmhn=rebelscum.com&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Rebelscum.com%3A%20Home%20Page&utmhid=857797694&utmr=-&utmp=%2F&utmht=1619777252519&utmac=UA-2973792-2&utmcc=__utma%3D133095309.1493116209.1619777253.1619777253.1619777253.1%3B%2B__utmz%3D133095309.1619777253.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=74307286&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

Requested by

Host: rebelscum.com
URL: http://rebelscum.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=720795963&utmhn=rebelscum.com&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Rebelscum.com%3A%20Home%20Page&utmhid=857797694&utmr=-&utmp=%2F&utmht=1619777252519&utmac=UA-2973792-2&utmcc=__utma%3D133095309.1493116209.1619777253.1619777253.1619777253.1%3B%2B__utmz%3D133095309.1619777253.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=74307286&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK Cookie set ad.asp Show response
www.rebelscum.com/ Frame 59EA 317 B
640 B 240ms
225ms Document
text/html 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: http://www.rebelscum.com/ad.asp?h=395
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 2898b915e0d25e937e9a772c72be75f6f2c2460343c716124e606b808c4bdd6e

Request headers

Host: www.rebelscum.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://rebelscum.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Cookie: __utma=133095309.1493116209.1619777253.1619777253.1619777253.1; __utmc=133095309; __utmz=133095309.1619777253.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=133095309.1.10.1619777253
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://rebelscum.com/

Response headers

Cache-Control: private
Content-Type: text/html
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: ASPSESSIONIDQQBDBRBQ=DCBBIFNBLBHGHCHIKOEMMHEI; path=/
X-Powered-By: ASP.NET
Date: Fri, 30 Apr 2021 10:07:32 GMT
Content-Length: 349

GET
H/1.1 200
OK Cookie set ad.asp Show response
www.rebelscum.com/ Frame BDAB 346 B
665 B 302ms
135ms Document
text/html 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: http://www.rebelscum.com/ad.asp?h=394
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4aac31009b03c4ac57baabc79a6134359837ddd079f402969c9353459206268b

Request headers

Host: www.rebelscum.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://rebelscum.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Cookie: __utma=133095309.1493116209.1619777253.1619777253.1619777253.1; __utmc=133095309; __utmz=133095309.1619777253.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=133095309.1.10.1619777253
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://rebelscum.com/

Response headers

Cache-Control: private
Content-Type: text/html
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: ASPSESSIONIDQQBDBRBQ=ECBBIFNBIOIGFIEJJBFIACKE; path=/
X-Powered-By: ASP.NET
Date: Fri, 30 Apr 2021 10:07:32 GMT
Content-Length: 374

GET
H/1.1 200
OK Cookie set ad.asp Show response
www.rebelscum.com/ Frame E8F5 319 B
642 B 316ms
139ms Document
text/html 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: http://www.rebelscum.com/ad.asp?h=393
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 87db2cdba7ffeb72c22d15d6d89a2121181a0f743167db2d717182029b752764

Request headers

Host: www.rebelscum.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://rebelscum.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Cookie: __utma=133095309.1493116209.1619777253.1619777253.1619777253.1; __utmc=133095309; __utmz=133095309.1619777253.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=133095309.1.10.1619777253
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://rebelscum.com/

Response headers

Cache-Control: private
Content-Type: text/html
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: ASPSESSIONIDQQBDBRBQ=FCBBIFNBDFGOFHGPLHAAIALO; path=/
X-Powered-By: ASP.NET
Date: Fri, 30 Apr 2021 10:07:32 GMT
Content-Length: 351

GET
H/1.1 200
OK Cookie set ir.asp Show response
www.rebelscum.com/ Frame 1A81 348 B
648 B 314ms
135ms Document
text/html 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: http://www.rebelscum.com/ir.asp?h=158
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 7a3ab8388e665a28e1528aede8a0ce31dba2d9653dac1362d6c5458365af172f

Request headers

Host: www.rebelscum.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://rebelscum.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Cookie: __utma=133095309.1493116209.1619777253.1619777253.1619777253.1; __utmc=133095309; __utmz=133095309.1619777253.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=133095309.1.10.1619777253
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://rebelscum.com/

Response headers

Cache-Control: private
Content-Type: text/html
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: ASPSESSIONIDQQBDBRBQ=GCBBIFNBNGHHAHOIACAKLFLA; path=/
X-Powered-By: ASP.NET
Date: Fri, 30 Apr 2021 10:07:32 GMT
Content-Length: 357

GET
H/1.1 200
OK Cookie set ad.asp Show response
www.rebelscum.com/ Frame D26F 324 B
643 B 372ms
134ms Document
text/html 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: http://www.rebelscum.com/ad.asp?h=204
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 6854c4e7d31f9501ddedc8ebf890bb029fab7d968a504fb2d324a8c037e4dc52

Request headers

Host: www.rebelscum.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://rebelscum.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Cookie: __utma=133095309.1493116209.1619777253.1619777253.1619777253.1; __utmc=133095309; __utmz=133095309.1619777253.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=133095309.1.10.1619777253
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://rebelscum.com/

Response headers

Cache-Control: private
Content-Type: text/html
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: ASPSESSIONIDQQBDBRBQ=HCBBIFNBOABCPOOIPOHDGEMD; path=/
X-Powered-By: ASP.NET
Date: Fri, 30 Apr 2021 10:07:32 GMT
Content-Length: 352

GET
H/1.1 200
OK feature-bgrnd.gif
rebelscum.com/images/v3/ 5 KB
5 KB 437ms
112ms Image
image/gif 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://rebelscum.com/images/v3/feature-bgrnd.gif
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/v3-style.css
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: bd21da47bc7158674cc565e6e77bc9b5b48a854a6d5be236ea84f655d93d07d7

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rebelscum.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://rebelscum.com/v3-style.css
Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ; __utma=133095309.1493116209.1619777253.1619777253.1619777253.1; __utmc=133095309; __utmz=133095309.1619777253.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=133095309.1.10.1619777253
Connection: keep-alive
Cache-Control: no-cache
Referer: http://rebelscum.com/v3-style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Mon, 22 May 2017 12:29:58 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "aa452b20f7d2d21:0"
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 5288

GET
H/1.1 200
OK tfn-bucket-bgrnd.gif
rebelscum.com/images/v3/ 9 KB
9 KB 336ms
116ms Image
image/gif 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://rebelscum.com/images/v3/tfn-bucket-bgrnd.gif
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/v3-style.css
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 02038af3f655f46885996206a23943836d5ec2a106dc45878be0c295ef58b857

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rebelscum.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://rebelscum.com/v3-style.css
Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ; __utma=133095309.1493116209.1619777253.1619777253.1619777253.1; __utmc=133095309; __utmz=133095309.1619777253.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=133095309.1.10.1619777253
Connection: keep-alive
Cache-Control: no-cache
Referer: http://rebelscum.com/v3-style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Mon, 22 May 2017 12:29:57 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "a6fc621ff7d2d21:0"
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 9175

GET
H2 200 scribe_endpoint.php
www.facebook.com/common/ 67 B
211 B 39ms
38ms Image
image/png 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/common/scribe_endpoint.php?c=jssdk_error&m=%7B%22error%22%3A%22LOAD%22%2C%20%22extra%22%3A%20%7B%22name%22%3A%22Error%22%2C%22line%22%3A%22undefined%22%2C%22script%22%3A%22undefined%22%2C%22stack%22%3A%22Error%3A%20Module%20FB%20has%20not%20been%20defined%0A%20%20%20%20at%20j%20(https%3A%2F%2Fconnect.facebook.net%2Fen_US%2Fall.js%3Fhash%3D8d8a528c52439a9f0b0faa7879f75dba%26ua%3Dmodern_es6%3A24%3A295)%0A%20%20%20%20at%20k%20(https%3A%2F%2Fconnect.facebook.net%2Fen_US%2Fall.js%3Fhash%3D8d8a528c52439a9f0b0faa7879f75dba%26ua%3Dmodern_es6%3A24%3A977)%0A%20%20%20%20at%20Object.%3Canonymous%3E%20(https%3A%2F%2Fconnect.facebook.net%2Fen_US%2Fall.js%3Fhash%3D8d8a528c52439a9f0b0faa7879f75dba%26ua%3Dmodern_es6%3A47%3A61)%0A%20%20%20%20at%20j%20(https%3A%2F%2Fconnect.facebook.net%2Fen_US%2Fall.js%3Fhash%3D8d8a528c52439a9f0b0faa7879f75dba%26ua%3Dmodern_es6%3A24%3A793)%0A%20%20%20%20at%20k%20(https%3A%2F%2Fconnect.facebook.net%2Fen_US%2Fall.js%3Fhash%3D8d8a528c52439a9f0b0faa7879f75dba%26ua%3Dmodern_es6%3A24%3A977)%0A%20%20%20%20at%20Object.n%20%5Bas%20__d%5D%20(https%3A%2F%2Fconnect.facebook.net%2Fen_US%2Fall.js%3Fhash%3D8d8a528c52439a9f0b0faa7879f75dba%26ua%3Dmodern_es6%3A24%3A1294)%0A%20%20%20%20at%20Object.%3Canonymous%3E%20(https%3A%2F%2Fconnect.facebook.net%2Fen_US%2Fall.js%3Fhash%3D8d8a528c52439a9f0b0faa7879f75dba%26ua%3Dmodern_es6%3A47%3A1)%0A%20%20%20%20at%20https%3A%2F%2Fconnect.facebook.net%2Fen_US%2Fall.js%3Fhash%3D8d8a528c52439a9f0b0faa7879f75dba%26ua%3Dmodern_es6%3A189%3A452%0A%20%20%20%20at%20https%3A%2F%2Fconnect.facebook.net%2Fen_US%2Fall.js%3Fhash%3D8d8a528c52439a9f0b0faa7879f75dba%26ua%3Dmodern_es6%3A189%3A467%22%2C%22revision%22%3A%221003714230%22%2C%22namespace%22%3A%22FB%22%2C%22message%22%3A%22Module%20FB%20has%20not%20been%20defined%22%7D%7D

Requested by

Host: rebelscum.com
URL: http://rebelscum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com data: blob: 'self';script-src .facebook.com .fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com: attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: br
x-content-type-options: nosniff
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: 9vK9PD5CXsoD49voz9mkHVRrU4Rg7nreMn9y4elAv4UTEpaHM6STas+dWmqvH2dvnp2LVsrnE0Otki855JVcSw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 30 Apr 2021 10:07:32 GMT
strict-transport-security: max-age=15552000; preload
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: image/png
vary: Accept-Encoding
cache-control: private, no-store, no-cache, must-revalidate
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 pubads_impl_2021042701.js Show response
securepubads.g.doubleclick.net/gpt/ 301 KB
106 KB 339ms
38ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042701.js?31060938

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

2153bfd5d9e4c4a96b2e193d68e9a326dd0b568fe26df1b0805a7ca365e7a2f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:07:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 27 Apr 2021 08:39:48 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 108684
x-xss-protection: 0
expires: Fri, 30 Apr 2021 10:07:32 GMT

GET
H/1.1 200
OK bbts-sw-square-120-1-31.gif
www.rebelscum.com/2021/ Frame 2C2A 84 KB
84 KB 248ms
114ms Image
image/gif 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rebelscum.com/2021/bbts-sw-square-120-1-31.gif
Requested by: Host: www.rebelscum.com
URL: http://www.rebelscum.com/ad.asp?h=379
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: a3a6e816921e852de8d83dce290cf10a658b65df3e172c4ebb63904bcad03661

Request headers

Referer: http://www.rebelscum.com/ad.asp?h=379
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Sun, 31 Jan 2021 18:56:05 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "73d12eba2f8d61:0"
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 85948

GET
H/1.1 200
OK ee-120x60_aff_galactichunters.gif
rebelscum.com/2015/ Frame 9E26 23 KB
23 KB 325ms
115ms Image
image/gif 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://rebelscum.com/2015/ee-120x60_aff_galactichunters.gif
Requested by: Host: www.rebelscum.com
URL: http://www.rebelscum.com/ad.asp?h=380
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: c2ef93df138786baabfa6582b5266b17fc194100ec7cba3d70a55da87f109b71

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rebelscum.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.rebelscum.com/
Cookie: ASPSESSIONIDQQBDBRBQ=JBBBIFNBANOBABNGFNMGEFKJ; __utma=133095309.1493116209.1619777253.1619777253.1619777253.1; __utmc=133095309; __utmz=133095309.1619777253.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=133095309.1.10.1619777253; AdvallyUserLocation=AT,9
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Sat, 20 May 2017 05:57:15 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "cbace7ee2dd1d21:0"
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 23517

GET
H/1.1 200
OK opxban-120x60.jpg
www.rebelscum.com/2015/ Frame E3C9 12 KB
12 KB 246ms
117ms Image
image/jpeg 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rebelscum.com/2015/opxban-120x60.jpg
Requested by: Host: www.rebelscum.com
URL: http://www.rebelscum.com/ad.asp?h=384
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 913ba9c6f499eb2a48c6284c7a8d1d62a7369c404d8fc38824221a6818c50461

Request headers

Referer: http://www.rebelscum.com/ad.asp?h=384
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Sat, 20 May 2017 05:54:52 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "431483992dd1d21:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 11868

GET
H/1.1 200
OK famlink1-fc1.gif
www.rebelscum.com/images/v3/ Frame 59EA 4 KB
4 KB 191ms
117ms Image
image/gif 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rebelscum.com/images/v3/famlink1-fc1.gif
Requested by: Host: www.rebelscum.com
URL: http://www.rebelscum.com/ad.asp?h=395
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: a568210933597958e0bce2589bf17029dd221656429b4781fe0b1590b339a9b5

Request headers

Referer: http://www.rebelscum.com/ad.asp?h=395
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Wed, 06 Sep 2017 02:54:49 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "1eeb7281bb26d31:0"
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 3615

GET
H/1.1 200
OK famlink1-tfn.gif
www.rebelscum.com/images/v3/ Frame BDAB 2 KB
2 KB 162ms
115ms Image
image/gif 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rebelscum.com/images/v3/famlink1-tfn.gif
Requested by: Host: www.rebelscum.com
URL: http://www.rebelscum.com/ad.asp?h=394
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 8afc76752db2505a46809d85c99ade981967be459bb49cbac8fa408a8b62d081

Request headers

Referer: http://www.rebelscum.com/ad.asp?h=394
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Sat, 28 Apr 2018 15:25:23 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "a7fe6f205dfd31:0"
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 2047

GET
H/1.1 200
OK 2019-The-Vintage-Collection-Reissues.jpg
www.rebelscum.com/2019/ Frame 1A81 59 KB
59 KB 149ms
114ms Image
image/jpeg 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rebelscum.com/2019/2019-The-Vintage-Collection-Reissues.jpg
Requested by: Host: www.rebelscum.com
URL: http://www.rebelscum.com/ir.asp?h=158
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 041b38cadafef1731935d904a727493a3a68bb12ef723b7ed5e1fcf75fd60750

Request headers

Referer: http://www.rebelscum.com/ir.asp?h=158
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Wed, 22 May 2019 06:26:33 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "cee4b4d6710d51:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 60048

GET
H/1.1 200
OK famlink1-ctr.gif
www.rebelscum.com/images/v3/ Frame E8F5 2 KB
2 KB 169ms
114ms Image
image/gif 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rebelscum.com/images/v3/famlink1-ctr.gif
Requested by: Host: www.rebelscum.com
URL: http://www.rebelscum.com/ad.asp?h=393
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 7245bc102bb700aa253cc153564c23e3b06283694de4ccbbea3a1879b0dc2304

Request headers

Referer: http://www.rebelscum.com/ad.asp?h=393
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Sun, 03 Jun 2018 04:13:47 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "86c5b644f1fad31:0"
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 1699

GET
H/1.1 200
OK opx-160x600.jpg
www.rebelscum.com/2018/ Frame D26F 127 KB
128 KB 175ms
117ms Image
image/jpeg 104.156.250.80
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rebelscum.com/2018/opx-160x600.jpg
Requested by: Host: www.rebelscum.com
URL: http://www.rebelscum.com/ad.asp?h=204
Protocol: HTTP/1.1
Server: 104.156.250.80 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: rebelscum.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: a7f4211fb51359de3e3c8b9e4ec93de11082429a3a0a959de8725678407abb5a

Request headers

Referer: http://www.rebelscum.com/ad.asp?h=204
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:32 GMT
Last-Modified: Thu, 20 Dec 2018 17:01:32 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "89745ea88598d41:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 130487

GET
H2

200

js.php Show response
us.ads.justpremium.com/adserve/
Redirect Chain

http://us.ads.justpremium.com/adserve/js.php?zone=111507
https://us.ads.justpremium.com/adserve/js.php?zone=111507

9 KB
4 KB

97ms
37ms

Script
text/javascript

3.124.9.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://us.ads.justpremium.com/adserve/js.php?zone=111507
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.9.99 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-9-99.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 28c059297991bf5351bba4d9a18ca205b006722ad7c28871291c0cd480acd2ee

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:07:33 GMT
content-encoding: gzip
cache-control: public, no-cache, no-store, must-revalidate
content-type: text/javascript; charset=utf-8

Redirect headers

Location: https://us.ads.justpremium.com:443/adserve/js.php?zone=111507
Date: Fri, 30 Apr 2021 10:07:33 GMT
Server: awselb/2.0
Connection: keep-alive
Content-Length: 134
Content-Type: text/html

GET
H2 200 integrator.js Show response
adservice.google.at/adsid/ 107 B
799 B 42ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.at/adsid/integrator.js?domain=rebelscum.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042701.js?31060938

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 30 Apr 2021 10:07:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 35ms
14ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=rebelscum.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042701.js?31060938

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 30 Apr 2021 10:07:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 53 KB
18 KB 688ms
687ms XHR
text/plain 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1086839181719248&correlator=2833710315153417&output=ldjh&impl=fifs&eid=31060520%2C31060790%2C31060938%2C21068030&vrg=2021042701&ptt=17&sc=0&sfv=1-0-38&ecs=20210430&iu_parts=1093718%2CRebelscum.com%2CTop_Leaderboard%2CSKY_SIDEBAR%2CMPU_SIDEBAR_1%2CMPU_SIDEBAR_2&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3%2C%2F0%2F1%2F4%2C%2F0%2F1%2F5&prev_iu_szs=728x90%2C160x600%2C300x250%7C300x600%2C300x250%7C300x600&eri=1&cookie_enabled=1&bc=23&abxe=1&lmt=1619777253&dt=1619777253075&dlt=1619777252203&idt=825&frm=20&biw=1600&bih=1200&oid=3&adxs=279%2C281%2C1019%2C1015&adys=172%2C524%2C268%2C1648&adks=134564259%2C2198091605%2C376301205%2C1193361684&ucis=1%7C2%7C3%7C4&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Frebelscum.com%2F&vis=1&scr_x=0&scr_y=0&psz=733x4744%7C166x878%7C300x250%7C306x1726&msz=733x-1%7C162x-1%7C300x250%7C306x250&ga_vid=1493116209.1619777253&ga_sid=1619777253&ga_hid=857797694&ga_fc=true&fws=0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042701.js?31060938

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

f883074bad2de014352ccc54acef718c2495bc0ed31e9f817597dd47833be513

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:07:33 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18385
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://rebelscum.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 59ms
13ms Other
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042701.js?31060938
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-38/html/ 0
0 27ms
6ms Other
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042701.js?31060938
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2

200

jpx.js Show response
cdn.justpremium.com/js/v2.17.393/
Redirect Chain

http://cdn.justpremium.com/js/v2.17.393/jpx.js
https://cdn.justpremium.com/js/v2.17.393/jpx.js

291 KB
68 KB

89ms
32ms

Script
text/javascript

13.224.193.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.justpremium.com/js/v2.17.393/jpx.js
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-39.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f0a26ac1372b140acbd917b34cbed7de161ca67fa9803ed9d25758e2f9a26bd6

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 09:05:13 GMT
content-encoding: gzip
last-modified: Thu, 29 Apr 2021 08:42:07 GMT
server: AmazonS3
age: 90141
etag: W/"b405c86984413469d837fde66691c8f1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000, s-maxage=2592000
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: g9WwLdzWHQl14r9qMpuQQ_ZGwuGUZMJlLT5RT-9hUcb81BqdPRqtlg==

Redirect headers

Date: Fri, 30 Apr 2021 10:07:33 GMT
Via: 1.1 59d92388a3a66e5f245f384a437fa025.cloudfront.net (CloudFront)
Server: CloudFront
X-Amz-Cf-Pop: FRA2-C1
X-Cache: Redirect from cloudfront
Content-Type: text/html
Location: https://cdn.justpremium.com/js/v2.17.393/jpx.js
Connection: keep-alive
Content-Length: 183
X-Amz-Cf-Id: Q1edgOFV3vLb8YgaIPWrTHblJGBpxe5QzvB3k4RJJdUJDw-6OcGbBQ==

GET
H/1.1 200
OK tracking.gif
tracking.justpremium.com/ 43 B
332 B 65ms
43ms Image
image/gif 18.158.159.61
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://tracking.justpremium.com/tracking.gif?rid=r-ce1e7b9e-d853-44af-a573-b760b622cae0-13818-421119405&sid=r-0df4a7e7-5335-4ae8-b445-4fad8b6fc46c-13818-421140763&uid=r-602fe072-f6d1-473a-ba50-5c3f56eb2d4e-13818-421158999&vr=v2.17.393&ru=http%3A%2F%2Frebelscum.com%2F&tt=1619777253201&siw=0&sh=1200&sw=1600&wh=1200&ww=1600&an=2.3.1&vn=canary-eu-central-1&sd=&_c=1616386520&et=&aid=&said=&ei=&fc=&sp=&at=adserver&cid=0&ist=&mg=&dl=&dlt=&ev=&vt=&zid=111507&dr=0&di=&pr=&cw=&ch=&nt=&st=&jp=%7B%22ias%22%3A%7B%22riskIP%22%3A%22%22%2C%22riskHref%22%3A%5B%5D%2C%22content%22%3A%5B%22IAB_FAMILY%22%2C%22IAB_HOBBIES%22%5D%7D%7D&ty=ta
Requested by: Host: rebelscum.com
URL: http://rebelscum.com/
Protocol: HTTP/1.1
Server: 18.158.159.61 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-159-61.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:33 GMT
Last-Modified: Wed, 24 Mar 2021 10:16:38 GMT
Server: nginx
ETag: "605b1186-2b"
Content-Type: image/gif
Cache-Control: public, no-cache, no-store, must-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43

GET
H3-29 200 container.html Show response
cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0CE9 6 KB
3 KB 22ms
8ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042701.js?31060938

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://rebelscum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://rebelscum.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Fri, 30 Apr 2021 10:07:33 GMT
expires: Sat, 30 Apr 2022 10:07:33 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E666 6 KB
3 KB 18ms
8ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042701.js?31060938

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://rebelscum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://rebelscum.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Fri, 30 Apr 2021 10:07:33 GMT
expires: Sat, 30 Apr 2022 10:07:33 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3068 6 KB
3 KB 12ms
6ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042701.js?31060938

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://rebelscum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://rebelscum.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Fri, 30 Apr 2021 10:07:33 GMT
expires: Sat, 30 Apr 2022 10:07:33 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 35ms
13ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042701.js?31060938

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c76a6cc9369273b7e5f07285be49006b00775eefeefd725334e4235c4c29c9cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:07:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1619631702402874"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28201
x-xss-protection: 0
expires: Fri, 30 Apr 2021 10:07:33 GMT

GET
H3-29 200 container.html Show response
cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E26E 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042701.js?31060938

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://rebelscum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://rebelscum.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Fri, 30 Apr 2021 10:07:33 GMT
expires: Sat, 30 Apr 2022 10:07:33 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 9 KB
7 KB 38ms
17ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021042701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042701.js?31060938

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d9d16bcd29b32b59e482383e254b0e16df4945c1d41a20934853353a28188f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 30 Apr 2021 10:07:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6888
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 48DF 624 B
611 B 19ms
19ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmZKBCH0_e5AhihiMClATAB&v=APEucNXVIHLRs9Zq7FaKLJMUKizz2nwK86OpO95ICS0800x6HIsBB5bbCKRKul76i014PKKiy13owJozfKAuqZNYTP0gXG5-4K9xS9dKKGgpPs4OdmAQbonl59_wB1t8jJfF6ti43dcLRJicb9csDfNEy_-6zaS1yl0mbGuNhtCwWenX1cQAbJIXyOIPxOMbgzZsZR7itFa-fWLGTKs5GqlxQi0UYZE1ZQ

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CMmZKBCH0_e5AhihiMClATAB&v=APEucNXVIHLRs9Zq7FaKLJMUKizz2nwK86OpO95ICS0800x6HIsBB5bbCKRKul76i014PKKiy13owJozfKAuqZNYTP0gXG5-4K9xS9dKKGgpPs4OdmAQbonl59_wB1t8jJfF6ti43dcLRJicb9csDfNEy_-6zaS1yl0mbGuNhtCwWenX1cQAbJIXyOIPxOMbgzZsZR7itFa-fWLGTKs5GqlxQi0UYZE1ZQ
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 30 Apr 2021 10:07:33 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure IDE=AHWqTUkAdPsXgcuE4VL0E99Vj_4qeq8bA4rNGWAL9l5mJWRYchYJ7peSEGmRbErN; expires=Wed, 25-May-2022 10:07:33 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 30 Apr 2021 10:07:33 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3068 56 KB
23 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AehaKQquO82sMDDKiLc8lZ584gDgpsfXl7ImnWrei8PNBW_WUIoHBJyGxKPYYxzKXszPIWAJhEqL6OVNdjvL-J-ao6P7_hzJESEwgh7ZB-QxERzqeiTb4Bb5buQC-JXdJjzddCEn_e4sdg_UTaa0F3-lp4dA&dbm_d=AKAmf-AiA2UfLu-oMISFO6XpLGtisE4xX7kCZ9WYYwZxTbM4G43n9D0PjCPvaN_I2j6u5-oGEvJumAPhYPtoTthBHI0EWoUMBxbSJbItncZkhpzmgiCof_sr6nA24xS2D2zGaLHxoTsJcNghPZDZHmIx5KlH9jwZMQSokFklOkoYEx6CVmE5Sd31krXaLdJrMzsSKPua7UWWcLyr2y0GW-vwkdBeVDRNm1c5YQ95Le1WO5v3sGs54nHKEDNa2FKrNnvVZtovZ2VMkGNaYOcTkOUWXSMLBP79yG_3LD16YTHO7abUZJPBn79qYeIzUaZLhkfTRbT0VzpnSmfq8DuP2aCe0N1yF93ltPb_xY6FR-bZKrVjxM5Q94zJ-M9RYbVD_JyMWtuw61kgU5UxrMCyCx668qusqY0kFLAhZInOMZkl0dKfvX6nrWudmarPnksXTU716Lsg0fv57ZzNZ5xbEn92GDNYoKWQMjBVhlXkaHz1y-3JGy6Y9EWFwArpMOZShJ3AHMeR6KFTx5UXKi8lFqITiPO2j3tJBatgVz6Rk2rp7E5dE_BglsTTB87U0YRBTJy_aWuuuzMd2WWVzA6GKswfg8US-T2o79A7paf69ldvV1_dpgOHO-ndDMIbrqH3KX0H6uI8AmwPxkKfmy7hITbqtpYx8LVQlSDMYKJa7FJVvfpSpJiOG95SGHDxkKtbygaoS6Dt24Gg5JTABTeo8Z_lVvRjdC9hX1dtT_dM6drwNxGLLd4_hweuVK945cZYdNh1M5d98XtUO1_Vkh6L_gP-cLwlsgiAJkbasy7aq9M10towGIYfkIunVN976ZpmCSzqZrGyex5vywILdXXMX3a40CTWXUy8-CSctyap1pZaWxN0QZjZ7PMC3xPBx_tU1t30mcy7w7vcKZlYSZeWKykcQV1R3Rt6s_tUjGnLGtUqXCfRJetFEJLECZGo7yxlUZyhaAczc-3oAnd6b-sLEdiP5t_RYAeNsIdCzKAZs2fIT1zluqqac6nYNirYcPmAEgsedBFE2x32q8mZFV54OebQtcpNn_53clArzEjzkS4KbGDmFkjClvCarAck9RlDGwQVe8CosRf-1FpgV17LrAsa2vsDuWGeqiWph59j0vS8em-nUhs7nHkM75_iWj_Gb6x5zP-e4a1eb7XmhERcCTulvTOA2s-85xM-owCynwTuzsmus8D-hKQSyqlC_cxF4ZFxbdt6tREESIsM9eNXZVCNa--jRLPPtOyLYzGgPgcseweI9weefntIfNwNJeSmmgK4xsMkbCkMr8uWu2zSsZv-d1qWgUMUqTzz-ZD981I_Y0tTdgjQ5LN4WxadSj6WOnTRpfjGh610BeQqs4upozlmZnRc3P-OZ8xUu_6BLJgy9YTDCR46Ezs93BlTMuKPJQZH9qGHW4xN2Xp3LYrHk8JEyjliUp3_QB-5gfcR-PIOH49QHozY6AKVMCA3uYFU0AZ1bWCVhYmWuwTDGh6ErJJLPwaK-dmvYdu78ehkf8GrJHd4lJCwmUN4qUsoeISWxhAxdwEXyvkUhDdZpRFpN-pV8LiFBja04f84-qEx3ulcBikHXXiQSIkyU2bCwKEbdxl6LU896IKStmq0q6LWbzwy8SGPRsDHOErpAn_12l6HiKg09kJRmGGxXp_S5T6SkCLqLr639a_YMpF5UbOh2kzP9jPS_8sYUVWtDpME0Y4o8r0fV4EewPT7ifwAVh6G0xK8SI_2oCS5CebIQmkrtol7mFTgD5oHPMKNSrDUVVC6Q9wdURpRtAtQq33StGTgdr-6fx7d9Sxwsx6w4O-bITwuyONlTpOn7_Q7KmwGF82HKi-mU08jnzmbqaPcYrTK4Uk_XqngPZDprUS-NO97j-ERTje70G8djq8bYTc8jqMbYKY6_-A15543v7OZs32XSdMOJYQo66QJeZbyHZTlpL-e29AO26xRI27AcuKxkWe11Na-VrlOmyVM2kziBPop7Ml3wwRJuXN5lQe2uxzgTJ-o5wHsGNIavFn8h3_uEnQjyqFLxSZ28nhJtKTuqmFKULlTJvwJpW07H05Xk43AZQ-TK1ej5KY9DFsYzwu4L1zULJx_Bo3EWzBYMektjH59Hh0xxkiioWYpFINVq_WV4D1ukQIRlGwFq1kRL0D6BEkdnJQGDohSSHrZenaqxj4DXlCASc5M1gW1Y_8YRSJBNQhXfqI5AiDTws40TcJwasmiwXRfDcVkk_kIBM8wkUPOBSbhDLOHlSBRiS8NX79bxdgswCCvpV3ltZWYR8VxKb-Dy3E2C-QwfVdRxo5lPxuqwMpN5rxf69Ua7CZCpOneVzdMdtFek-qHmum3rRXy1AktU5sQfOEPQfG3KOBXs0fB-doJCkX-jIdsxRhNLCrB8Q8cznEEuqvd3rk3FLOn3t8-2YrU6LsWUmlvQLJ5_EOLl-uAKSc0FZk67-J2aKneTeAGYHMaJa5QE3s5QmSve71sum90lwLld5qgifzA2eb5jlmDFpptTW7xLceJ2JgagOfoFkVYk3wU6LuEKNwvqgasOjOsLV8nQYnqxAeDkvahoXE0YIZK-PPHphkYNCwU4rzJPXmdEuv5Igpz0NeE7p11Bl8JjUESQyCM1hyXwLa8ZqqxcwC9gBfmwiYLo-cjXeB_buBHcsb3h79PqGjXNy6JNN-JxPOXCDibL8Gm0PubrymIBOZ9JhXp623KR16L3f92qHvTrAqrG55dDasAb3LB81_L8Zh2yKEpeRoi6UXCLI0lxJ3SsME9DXACsXQD4D2y0MinpTOSEpp2-Ksyen-0tSkusiz54AGIlmcl0zdn4YeCO8QS7feZiOVOBurSVk5i_A0cnpiWK4xc9YUVJUVP1OZQvMreKUDLwVYCH7WNinCzAtx-_29SKxgKniJzoyzxpPMYAAo1RtLjwdjHVp9ruT_XZwjccWg0YmO66D-EV5x_AS6iozsT9ieZ--6mW_eCIs5tQ5cPbpzjkywBhCrt4-z-mg-D8O7gbFxzX-6IKnfEeyndnMqk5FP_tIu_TWoiSj9r39CPpEpEWv6J-gy5RpiLia-td34UTCY4bX1MhWz2WUWCeXKDrWbdBfaY7vSO3xYVic98SOmFE5kvYs4ZHMuT-uZNtDk&cid=CAASPeRosZN-5GEnPr9X7oqbQBZ75WMKBD9EAW1o-E9iIP4ky_jC9ADsnf-N2Xc1sh2AoIwmH0zGNK3eM3pG2vQ&rfl=1%2Chttp%253A%252F%252Frebelscum.com%252F%240

Requested by

Host: rebelscum.com
URL: http://rebelscum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9563e5d6f2ce33661b2d800cd6f79bcd2f32b83eb95db849700042ced49e96c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23009
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3068 42 B
317 B 40ms
38ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C-7X8r8PJ5wC3Pk9F1L_1edZqkhHoyvaNNJq1uh6tnc5zcnbqGtFwgARKWNPWmwVGZOcJfyHc5_QdltZS85iIxn-3tAkZ9Wq7R6hQzdyAI0i3h-so

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210428/r20110914/client/ Frame 3068 2 KB
1 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210428/r20110914/client/window_focus_fy2019.js

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 09:57:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 630
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 May 2021 09:57:03 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3068 116 KB
35 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

258467714b990f7336f9d25902acb907cdb0cc27261bb2645e862d547b2198da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:07:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1619631691980669"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36080
x-xss-protection: 0
expires: Fri, 30 Apr 2021 10:07:33 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210428/r20110914/client/ Frame 3068 13 KB
5 KB 27ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210428/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

439ab67fa3c312bb442bed574ea79be834dbd92f3bd7d2288b6f3fce4d0afb0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:01:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 344
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5604
x-xss-protection: 0
server: cafe
etag: 2846967340006788112
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 May 2021 10:01:49 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 3068 0
0 14ms
13ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRXuRKS4QMEETwncAISUb1Z9eAOqGvQrRxE2CSSE2Fdeamj--TqQbphYPpOoM5S1k7s7cLu
Requested by: Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 1BDF 624 B
560 B 21ms
20ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmZKBCH0_e5AhjNg8ClATAB&v=APEucNWkjXT4xnZpDbstOmrxTGtdGX0rsujDDRCxUrefIz4qqbzfPbkU_H_KNy6J3rB57zbfgdG4zMmUuYQnr8rRD9swnyNSPNlPR4V-tdnO9CLVepa_YsUXBqgg6hcoo1e9iopKqd2ilth7VReKwtUf1-Ok0ehiLlzgZP67xaMl_GSz14EwyUXdOdOl-tsh9LsfXdFi75iXsxwDl5dkOJfJUcgHlZdb7Q

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CMmZKBCH0_e5AhjNg8ClATAB&v=APEucNWkjXT4xnZpDbstOmrxTGtdGX0rsujDDRCxUrefIz4qqbzfPbkU_H_KNy6J3rB57zbfgdG4zMmUuYQnr8rRD9swnyNSPNlPR4V-tdnO9CLVepa_YsUXBqgg6hcoo1e9iopKqd2ilth7VReKwtUf1-Ok0ehiLlzgZP67xaMl_GSz14EwyUXdOdOl-tsh9LsfXdFi75iXsxwDl5dkOJfJUcgHlZdb7Q
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 30 Apr 2021 10:07:33 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure IDE=AHWqTUmERWZFMc03NgXgr2Egk6BRVMCVO0Qkvq3mOVMjWmKrQv3tz7kKvfpi3rhM; expires=Wed, 25-May-2022 10:07:33 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 30 Apr 2021 10:07:33 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame E666 56 KB
23 KB 49ms
47ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CL9apIr0ogQQvlJqEnoCtLjVpHMER0POwdcLSF5YgH8-oHdf3046WoFZwi0vugEpP5hQQ6k4fttoL5LrSBIkkyRZKFvFTzsmo145PmIUGVmJfuCnECVkbREBj3xwVk0P5s6i5X2Mn3Mk57ZH32suQan-3uHg&dbm_d=AKAmf-Cd8idXmyCr67z8_p7skXmcGFbEOVLPwbfxy0K0bJZThyNiqNKeyWBOyrfojLtuV78EaRtfbptAYRZzw86mUv-wxMpya0ceZn97CYg5Ism0jQD3XXGul71pbcospJwjJ-Bw1zcz-DCrS2vRGCZNqVQpkvIbRf5Fx8hC5hCz7VdyOVKnKo1mtnS9j9ovqSeI5Wl90ba5TyqO0lUoM5vLO9VykmzRmyjVpYrw1jhEy7awXYY13UxQUv7kp4udz_kcJ1AC58Rgru4QWJqxOq1PiWx92PdQoVEjNgAOap3aGXS_g8KAK8wt4AOX6G6VNSqsddcYZMjnwi7-8xrmTSOckwAQLIdJx5oLmd8TrtPpqiiJNbWyzVZehRVBb8125jL16zA0YnzbJdfbe_IyjSAua6TBq6mHY1KZIoqQs-hJvRjDpupFXEGHP9MZTgkdKiJeJjQKFbCafko5K-HhUfg-tO3so3c41-lN4g8ksBGWeAViUTc6ny3g2dQzItqoL8g1D-xPYdtnJpjgkV8bwbfagUbhuFzKT73scaOmJQKPUg0AXM7cn6GJyD3nhqaTFECkGJy5QxvFafaQRp6oVH24g6pMPXV_VG_riUKIyTR8EfHwK07j7r7PJ7yYx6XsLEqvFllpbwvy0WC4_F3nF_Bbg1ySows2MBlbnB-Era4fMTNs93_Pya7-39tvUsHJTsYSwEoo4LJScaz66S7qqHZF4duZAvlnb1iQ6z5lWCuKEixbCIP_iOzD4g6Q79h_X5YP2GQ_z1-ML6qW_PnY2P49_09EKRZMv3g4cuttuo0E_dGzhXpmKOlrF6a-9g7F1CmAeUx5HFZXu6RJ-6fwiLEVVuZdtwH_P7d_d_j8iU2H_VynZ2jUD68GA96MBBCfzPClh0BnIrBQgv5GSnSrYqRd_2yzOy43tuaLntAUxE212QrHZ4n4i1qNW1zOGO7r3IsQwaB10ZKmPb71rUibfxdfT-VqSsmWnirgv_4uikXpsYYFG4YxJQ9ckhnI4LnJBP1JJnN3RPWrhDyB21l3Wwyu-pc3lNkilRLIWM5Kjdr-5rgYlTVNEMhmSwaHIHEr_tmrRkexHiYwB6hcD885DVfQP6bfezIar_t8_bjPkafGBH5pCawRjG765uSd4N0IydQ8pXUSDcc8euX8-zpL7l1z30JoBgXw-0vDbY9fjnOfH-i5XhqBJpOK20iqSPjpEXicaIOO07GMO1E6e1tf3e03ff99NoQ4t1l7ptZRg5vFo1w2RuyeY1zjhHzjMm5YRXeGIoLbjk2VD32UnGT0Qto2S_YWNh2guuvj7Nyr2oec_tM5_-bl2Crwi1RmWH_l-esoxLl7RR-LgnTzj9CXBntUmmypr3U0zHAfzDm19WGUA_gSHPeNPH4RLzMl_fPq8Pw0ZuvKbwV9cvszph1lcH5gI3ob-130k-Xwj7Mc0LhA0TTb57FbFfrbD-ZKs-q9TkyZ0K2CKuPRDkCjo6C09eFErQFE2FXCjXyK6T6PgYijfm9hnUV8L3Axj2PiidqxXI9o8fnv14byj_HMNVG5o4AEzlGm0C9LKr2A-DffjqrfIFpralTOx8SAfhrflfu9m33q7dRtiXW2sNXleUyvjqWQoBFnUFnedsIusILlaO748rOJS9QaLFjTC-0aZbjFgsNdzzuB9QhDX6gGHHkKl8Ou8gPyF4XGIdDOPMgtweQ_nKGrGobM4_XhFQSyleaRKV1BQpOaurW4KaaSVvwDh2LCHGo_PYeeLXg2JG9zqWWcuSR8vVEKfbhCi0V5qxMhwUTshY9nB_bV9L-DlL5Pdo5KdMxp23QU5vHFJ10Rhfcp8vwWKSEYr2cHPlVirl1cTs2SLPxVgGWUOqsxOD9yrnrRc6K7DNq9u2Kv0mSbi9v6xPBSYqi4g8Mwep7x0BbbnJCoAv6J-sUzOmmZKhpbsRczZbFfCxx7rpi6LJORocTyi0l1CO_vANEMkv4TULRzwk8sL70HdESKQbYKf4buT4qkYHvvu0Dko7R-eEfVo1S7Jj9aj_g3eKjKMJ4KcVcHbpby2i_8XlaqJdD3gKszq9aQwYK4duny03AWj6QQQvkF79V966S-XcolQGNG6Z9o8enYtdmO2vyy76ZL5j0Ad7D75NQfIwbVlhyn-1cko1AV2XQU57Gv8OMs1FkPk6z0AnR85t1S9HDE0CeKDE8nw6thX_eXCmV_4nrYzqHg4JEqBjgkQNbxXdeuOsF5efriqmSOe3xpOs1RZdlwqyKyxdNPNwlBxB---TbgiSf6-Y6u3hqw61Z228qnZ2zn9nR-bT8IUWXicwh1qQ6ZMSUuZ1iXaOK3llFgiUu3ONi_oNHx6j-Srqmi9NodD4r0yl2jdhiV4qHvgqxzP4a9FFBiBPgJnJr17V8vTAmvj5VLQ3w1mw24wfAsfFVy2WlURHxUUDizEfwoYCHb1xICgAd3lTmWRdp5hbXrrT2CFix-y5xn7NS4kU5E8i88MiPptOKYVY9K-1IdUvdYtjvgb2TWvYhtSpZg8CZEjQwg80fABXX48Qz0zK7R23zYATX_k0S9ZLtiHpS7_tMBKMVKG4O1tn1oEjH-9fzivQxJVSyAlkIZ4QvONSrXUxVY0bJ_NTR-ugiFB9KLjeZ3AzOIfUkkLlI8uozF6sfXqrN3DBFwnz3SSUq9xSlFTiNgOK444dyonB9BJXDgCeV-S6xPrmv46rgCh987UAZDjzhBUia-WoHmmPpGdIMx894gjuf2CQs_hhKk9zb5zFwVu_CK5Aw6M9MNassEUNv0eRdOPRJceQTtcyWiEafB4hyLvKVwqZb7oISEzdyWa8W1ENGXEqu8t9coLCxclRQhDRRxiklANyDzjXaJ6lpELWe-NBpePzzer8Ba-ZdN5a3Z0mQZZsZDhhzpr8zr4WC_W1Gk27USVh8lrVXhm8jzXcYyWXBv6ZjrfZymHp_Z_wEL0yRY9tJalF9RLbo8agbXs2V670maCNWc2TxBJcfdlwv11owJlb8Nlw1HfdahRP8EFkvhgESs0BySKzsumVh8NxhYjw7BM0rUp4iaPiNninrUoGguL9Ew4uTaEb6wtzPCUfbdMIhn5DBkF55R5_qvQtkcuLMSXy_zr9kNwCyV_D0&cid=CAASPeRoLCyC183I4KKqQ39YSzr2W8WG_cVmLzYANoRCd_axnDmI389cWaIgMLtXPosOrz1rOQyfWg84aYy9tC4&rfl=1%2Chttp%253A%252F%252Frebelscum.com%252F%240

Requested by

Host: rebelscum.com
URL: http://rebelscum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1842d27ae2b2c18d1cb2cac7051368aaaa834085cf97e095b23661670879e3ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23028
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame E666 42 B
107 B 40ms
38ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DiUpHVGO9vT4czJkVqHLi2rGdWTEk4SqwlalLAs9fIkjbJd6jceG3_84Ec-grQKxyhyE2mHLBU3mGkf8BZKt2755TO1oRqkhEGrQaWb4ipEMsgaag

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210428/r20110914/client/ Frame E666 2 KB
1 KB 24ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210428/r20110914/client/window_focus_fy2019.js

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 09:57:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 630
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 May 2021 09:57:03 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E666 116 KB
35 KB 34ms
16ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

258467714b990f7336f9d25902acb907cdb0cc27261bb2645e862d547b2198da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:07:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1619631691980669"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36080
x-xss-protection: 0
expires: Fri, 30 Apr 2021 10:07:33 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210428/r20110914/client/ Frame E666 13 KB
5 KB 25ms
9ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210428/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

439ab67fa3c312bb442bed574ea79be834dbd92f3bd7d2288b6f3fce4d0afb0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:01:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 344
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5604
x-xss-protection: 0
server: cafe
etag: 2846967340006788112
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 May 2021 10:01:49 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame E666 0
0 14ms
14ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRlFwrsCwtQGgmxXd7kuQ_AarhHtQ6-NUqfu4vK7Nz9Tuyq0zOJsXszM9sjKefWdhi3nTHI
Requested by: Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 67D6 624 B
558 B 45ms
45ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmZKBCH0_e5AhjchsClATAB&v=APEucNWMaBKux_6iaKhylq1e6_nYsDOausi7OMmnl1toe5OMM6oMdstBl8MWC5kiNlSYDXcXZRqzCP8KnvXnmWW42IBwQIw5k1iw8qv00uKM4GyQcPIq-rB4pkaTRImqu8kgJ9RYtJ4IZu0bZ_vgpe3w3ySQiQdG4xnEsrSDs9gt3yCZEcYdbJissxsm0A1fm2mMBkXorGkwnuujMJtxswZHGmErXGWxiQ

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CMmZKBCH0_e5AhjchsClATAB&v=APEucNWMaBKux_6iaKhylq1e6_nYsDOausi7OMmnl1toe5OMM6oMdstBl8MWC5kiNlSYDXcXZRqzCP8KnvXnmWW42IBwQIw5k1iw8qv00uKM4GyQcPIq-rB4pkaTRImqu8kgJ9RYtJ4IZu0bZ_vgpe3w3ySQiQdG4xnEsrSDs9gt3yCZEcYdbJissxsm0A1fm2mMBkXorGkwnuujMJtxswZHGmErXGWxiQ
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 30 Apr 2021 10:07:33 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure IDE=AHWqTUmsTbMZfpd1OMAfth0btgEIAc6zbxVsWEEju8ryvsPNPaE4ja4WLNE9Pthy; expires=Wed, 25-May-2022 10:07:33 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 30 Apr 2021 10:07:33 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0CE9 56 KB
23 KB 52ms
50ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B6T6Xz-yrj9Pz1D4VtgL706ygGi6wcHggCPqCGKMAD9gho8pbP3deENRKOm0Aq-_GZaFvSKIUmbgW9SMQcd22h3N-R3CapfTR1SBl5ueNV4OyH6Q8nVskEY8HY0qQ37gG39Mxk7n5eBplnx0VeWguc0LoF2Q&dbm_d=AKAmf-B9MOO18DA9ymJOo61wnxt7o5X8353-AKEnjsSvd706EHA3HfBKxJo70Gzjm_G4x2zGK_9pQqXPfyLZj1gRwBtE8wOEQyf5qgc-nbJed5MT-gDz0svo3luWwfALX_9JdAhqmRjYR5AzkE6XSMybTh4YS0IuqD27Cv4vnhytxNX8mEEhIuNQq0DyKTV1DMimTh3F-zPEB8APTak4k-GusGHBMve4AUruzd8fMdf3-daRjlZoSlXtcD6JoDfidQy6phgKeSEjD1htaCiPnfzu1duRTK0NKYYxQ4Zye24KLb_1dFLaOiPpxfazjq73GOaKLRtCBSxaErkml-6qdaQsO8GDaS5c54mwQmPPqhJiRcSdAJV8tfkNEVDMzR_b7WV9lRPi8IZfPViCOfl9ZUvpBHs6dBQAZ_Qh2_Dr78hi3L3TlQs43ORVgV12orexb0twakizqy57z4ESEOWag90r3tbowBinpM7P7ke7wIwplFMEg39VimLuxQ138ETovRjdCQnfhFzF-Qa0huc9-ocurbUCuJ4gxnfkzO4Z0VFbl9pTPfOOcSfuClnaSSXfvE0bSWqQXurhyuv6aRf_IJvfrsh8KNLG1GZ-nlLUyrnUJoxzMeJeBkL08cfyOHrlyHakG-sywMRTG8Tohos9RZVcKzmbksYEYFXpev8diPMPODQpwKOJuDt9EwK65bp0NUl7QGNeyn_V9KJiJMqQhVFYV0IfBr5b-qgePJg0pXCkLBxx5e2BBj_f8iN43dcOceeyAHe89L10PZWngi4cj7YXQ9IzJMkJMIy-gcxCcFRJVeIYPCaei2bCoQCAJaOQbtQtjPD1ws8vTX67JnUYVFdzJKkZwcUAKQQvPQip1q-KsLMbAOC-Pu6QgbEMkdxn2oyheuy5Q-7JDsRNyvZf4i-3LI--jHtUYj5rQHFbwv9G57WjjFMeHcKPznKmZIbiWwfGcRlCnbG0Xpj9wpZkNEdKumKa3POAZgbJqz8avSATvU_ADOg-OTBiPtSOk1ueESJCxH16zbhIp5ieoffQJkjJ053heHnV1c69_nUjTjcgivFxmPaIRW3sVw9cOvvT996XY0SmsEQgj6faC_EQi2rQggULaXgg6HusQFf6PHXXAWDJXZxEBqYW2l4iJr9BPWzscZgotLUOZRPxbM-bucZxSrGWbNLeoCruoQT8f__Tm_oEude4ROrlaLBXlTtC1PoE1i_MiJIu2cOxDNhHxlXxaSn5mh6-BFv8jRBHtgF4eJhC5da1ykZCEAW06c5e8Q7mGUJ4XBioq-hzqEkyUVyLuCkxsfQtsnIMcqKpQdTitciEk8iTzxkDJYiEga1vZnt4O_-vDrNQz9A94Mu1IBwF454r47DwCeZdyh40R5Zhs-qJ86fwupdjIGmPIWoc5RYs6Faq5yVE_jEivxAlCY1Vz-asQqtWG7qeyT3VegVj36wk2QQUibwlCfRFNIcCOf8VPEL8X7BRxvKWwnp-QxrasG8ZfoBOEytBweCX-fOAf8FpEkVLmZjoD9Oah_O37etRtb512BuPYrhrI4UZ51ty0lHsOQsce7TY_d_itOEmhv1QUnoJ_QKhTSof0ECdLCCNXhm185dMtYYIfRMy-geaQhiHDMjPP6fwnYsWozBztODXy478y-2x-X6KkNwJOb6JOkWfWnejuKJQCcSvK_j-HhE1obYWS2H523q9XJJgwmjBiIVA-MmxmLcQ5q-UWtjunQjftP-32vWklLOdZlDUI26m0dS0ckPzDh0aXPBDhyOeJFSxGW_rroCjygTsUYQ7hzJPGwiL927xdk_N4tAWjaVPg_rSqP2wV85hjbKw_4J0PiODFTV3HqxJ8Fwg8toi8zO7COgjzn0sZ8gDa82jkE8asGPKBNGfQNtKODZD6TKi1E2tKkmv_zJMAecwxeqiOWhe2SLBxBPpjhXtbIESvIIvr-RGh2D4OLrSiFbaxZsuEEuo7AxmMlOhFdZ41AV7xKvsWqwscFyWcyCICtNZM4gHGDdhyAjLOVDVQ1vE96vMZdt1Omh03tC7QWEoalfjRgjkvJede_N8ctvrUE214dFCJIF56xS_zgv5riOc1Hs2TJ4ZdzpEluEDPT0rhi9GXqEs64n5XqayRhPlXssTmFlCRrMNUZuc-mXVODWnH1-gjiRFc-56P5WsQPZutc94FRBEj8L5AGya1nn2U9xxW3BykRyC_8SHjELYbay9-qikRZSyM70U_3kvwKFJELPJGNCKIi8efSviBOQyV1vcMs1_IaNx_vJR4fXXQGqA3GJOO4kRXGHKDDltBiG_KnRbfSOWAlzmoVOLakQwaCh83lvgtKBqzQQdA88zPXJwncbfklz-m2CY49Xv6SnIGYMrBjad-ecNXqOu_CSEV_bnRR65mrkkF1x1p0t9v6p_x8zUZr0HpOzDY3S6_gh0wbaFA_P-7qRN2slXRGbwP8i0gNhvA1Ev-gtfjIqhnudcCPxYwLZ5or18AbssEe5BzZGrh1GHBFIS3WHu3R91C1W_OkQKIudnmJ9EmlFJ6o-uJLt3WcwAklnlXVyI0ox0Vl3DtHFDY2Az7aIxu12B82NwlS-UO422bgFPKSWzhykaCfKe_BY4kdBMLye7hHvNikYIQ3Yqh6j4CB5svqoptgxF6Z2G1tPEtkJ9AaWhsLtZYoLZ3Uubw9lq8PMRfl7qPZmWacIyVuiG1Isp9nk7838SWt_kgpn9DWFJ52N4EE358AECIN4NREgW28sbBoactkL0j3yiJyzFk6_rab60Zh9roPtt49m3P9Ea7pkACTuyGXABnT0JELmJ5Hs1k7oWmN9dXVrGPgm9jZP2dT04Bxm-Q5iWg-ZiV_HlYzDcpW-Eg5GdpYdOaX95XNGrMK8MFNDeA61GTCXuk7A4NoOGV5w497s-M8IXlJ3maW_lEXz-ekKg_wadvRNuKGzGe3oPOsR3HWOWdmwgIyNc1TSAhBvREUQEYEA1jcbr2Km1Aga1zk-ZI6YWg6RW7GvqaC_gYTlHtDX61VTAGl_030c9rDKgZ4p29vyKnXS41YYag0i-pICYd7Qj0Z_i_A8ou9BU_trC0YoHl01TCd-uMyC6nsf9dX8se51BPg&cid=CAASPeRomiMyiicHT1qjF-d3-DrGPShitRKvAkYyuZIVVG8TsXEJF2y8kXCe879nGiXUEPa9vtU0P9qW-buLr88&rfl=1%2Chttp%253A%252F%252Frebelscum.com%252F%240

Requested by

Host: rebelscum.com
URL: http://rebelscum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb3d6ed3ee87f90dd4521eac5417659e3589f11f29c2efd99f5aa6018ea2bb58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22981
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0CE9 42 B
107 B 39ms
38ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CpBA4pVUaLVxHICGkojeJZfj51xuAlo3GM7sYoxKiSFEtONC71wgA1g5Hafby_0fyI2QkFECCqtPtRN8Tehklj28XCon0JHjO_xo6bwa1pJh-F4DQ

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210428/r20110914/client/ Frame 0CE9 2 KB
1 KB 21ms
8ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210428/r20110914/client/window_focus_fy2019.js

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 09:57:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 630
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 May 2021 09:57:03 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0CE9 116 KB
35 KB 27ms
14ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

258467714b990f7336f9d25902acb907cdb0cc27261bb2645e862d547b2198da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:07:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1619631691980669"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36080
x-xss-protection: 0
expires: Fri, 30 Apr 2021 10:07:33 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210428/r20110914/client/ Frame 0CE9 13 KB
5 KB 22ms
9ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210428/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

439ab67fa3c312bb442bed574ea79be834dbd92f3bd7d2288b6f3fce4d0afb0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:01:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 344
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5604
x-xss-protection: 0
server: cafe
etag: 2846967340006788112
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 May 2021 10:01:49 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 0CE9 0
0 15ms
14ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRG_ciwF7Tr7RkjYlht5fgldABRfO4by6YpRjrItNwcCUqChst2lk1_ZN4ZfYqPYp51ZAiR
Requested by: Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4AD2 624 B
559 B 54ms
46ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CICfxAEQ7KXQkAIYxbaHkgEwAQ&v=APEucNWYF4qH0W_bghPvfBkPahGcPLvpo3S8llU9qL66PJLK5PlZMK4fyced41nxao2yV8AOv10tipkAjhor-Xr38whX356874wjCVlWlWejMUAwhnsrHygvUFZApwqpPBRFaxbM4e3kjjqz1T_XYjJDcKAxxZdxHgqCl04W4O3sf7BOIzoSuI2sHqm5sIUWNRMFm2vM85MvVuqFuZnUaW1GM_QTYSlGsw

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CICfxAEQ7KXQkAIYxbaHkgEwAQ&v=APEucNWYF4qH0W_bghPvfBkPahGcPLvpo3S8llU9qL66PJLK5PlZMK4fyced41nxao2yV8AOv10tipkAjhor-Xr38whX356874wjCVlWlWejMUAwhnsrHygvUFZApwqpPBRFaxbM4e3kjjqz1T_XYjJDcKAxxZdxHgqCl04W4O3sf7BOIzoSuI2sHqm5sIUWNRMFm2vM85MvVuqFuZnUaW1GM_QTYSlGsw
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 30 Apr 2021 10:07:33 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure IDE=AHWqTUmmH06aQ7sNtZVKAqXvmLynpY0OspDXHWEzXBZs9L0srr6WrJQ-NsRjphjF; expires=Wed, 25-May-2022 10:07:33 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 30 Apr 2021 10:07:33 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame E26E 56 KB
23 KB 53ms
44ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CbjKVIvUqmfYiPr5UDJg7Dd45jOG7Vx4b0DMFqlxdU81_pj-w6zCJCEhOpV7hto6VEhHn2nZE_oFQZKkCBxAWiPGZ8SJrhPtltl6ufglDHAYRObRs0dywaKV8-OfM9sOTFXdEePepsOZo5NsuwYS89SNlQAg&dbm_d=AKAmf-AM8PqtAu1dpkZwxIWN1WVqoXdEV7NZdQqADZdLLvksgKKcW3cA3WQB4EBHhwYQnLdnrb7UgXjSfatkHKxTKzSD7JWcK-faBeytfU2H6MkbDoFOmv68RBG2hJomB-nDKLEZhpe16RIiE-6O60icrNlJ-X4GYrkBa5sDIsFANOmY5bALMRwfS--uJY_r3JLou-fNM2QBKRtKiTdoqOa99NNJCaDtQenTAvVKsX1rcTMV1JYVTb7tOThbwfmJZF2_rGgm_T7OC5xJTaA4LeynvpCoJNMC6SDsNqQ3krmPupOpXRCkDXbb-rS1EJ4d6odizFNlu0fVV6Hh_RSQNtRBeH80daJwUvv7AjKXfxIrlo5-gJLXPiDPWdfdJxWw5u4ZRneG0WVxG4_WPMWbvO5HVbi2lQg0BpVqMClPfDFX31qipz2eGuJ7lPoZq2cKCw6sFWKZanPgDMydW7NpTDaWeYB7P0VI2B1K0eWXA5BdwcQjSwBZcwt98xpdUDuZL4e9OqIOMC5iC0X48YxeRDEjtS-A-y0rsTI4W8-CGfO2iKG1D7CWkbASK4AwX4amY6XhloAtIb45KourrsgbJmSXG8lhR2-aw6HVa-aHK8PAOkJZrQEDGlpKezYDi6ddyUQfAMGX5ei3kUzQApeRY-ZxhDkpo6ZHO-68LEH9kEg_NzUNGPu7tszEKHfSxJJNflvJU5FNzeazldsS5XWpZVU1smS6JB6FM-56vTKZpDa9RkewQCU-DkVSi1-2nYsJfqjDazucB5XkoIgoZfYRUiRhVAcaKo1RgJ4Zsu8eWkHv8o8mYVLzzJCU3ig-5xmknyLBsrBR3MmgRrY82gW_BkKni5dCNd5OEFmTBt3qoQfucvuNigOTzti6AjcwmlYlsMs4q4_A4AtIfdWdmol-9jZarLH8FNYywXcD4ZiR05GC7EztAeeHMssqfn5LJezOilb3h1PeG4j4ZJ-gGuxxvNKc4fIwd_MyTKfbFZ9pJTX-pE-D7q3wL0fD9PybAYb1hPfXjzgb6DKmBPvwCCY78t0QS-YaYFPMPBNBhQYABDSR53xhVO2n578yca1bqWnpHqZMQlwuXwjGZ7DPOjTuOFRmorAAbpfYHhT8rlJg0O_M7jksgJPeFh6DhxgdswC_KrYtZNz5KfZhFlwCIe6LhuYCyfnj9Sr2JIlLJUxXE4mMsyPDJwKa7p5s5yMD6H-Srv6NPCPwq7lMB7N6ZFogsEGcInl6jTrP4g7rUWj7pnEc7JgF0AsW4pFO7_0YkjIwmXVOgQXDMjaLxtORpRlN3M6xNCmTlTJm82_utPhB8PQHSnqCNScd1Ku3vzhbaIB4A_8zRTwtMHL0Kh_nVDi8_VvcLdHb1Raebljpfufue4hsHkP-VzvUmq5UTH_o2xJ5xbCR1sZTo87VTZXpSmasvTXaEvBP2SqX0d6aIWfz-LwYWoAvmXwraRYTsDFAYEYn3PrUDGdmq4VZtebF4dBf_eMs750gAhrmTkL42TkXIQIk7j3O1NP9SnU27yb0OYoviBrFqUt-H7BM1r5fnoib91Xrt1rJnnOkShdbXZHbYhpNZP4NxuOraE3gDToMQo6Ntc6AKNmj-Xl45K_5lfwJg9OTWnBYgjMX851D8iSkadIlbm7liSD4QNv9coB6jsiYmQIPwW8QjiZ1x8yjMZBnCEskhShpj142pb9lLiv_ifO84NtzPlyQ5i8Z1n_-mpOc-xM1kh5fnbN4R1AbNMZVXlrbaFH-YZWJxj3iiiLYpbB6s2ganbsg0KKKYJ40db86gR2y6CsqESuHE8efS1wgKaj5WyvOllFWiYGFZwB17FaLcCa5y4zSealIlDxo5xmfELOBpF3KerLo9qzDerPweTRG9GZxFd8SW1I9gzDAd0SxGL3rESESDJIU7eycz4URMa7hzGEiTfiJn3X3RoNQcdaRWZ4IIaJcQDquGK9iujROS2HLzDiOZ7SKDZhSiGM5hCmPUf6eqZ0d69YswxTktFion_BFdX3aFeGWKCMUy47MwQsIAtxs9N5TU_KMEL0v1sXSB2PvEixhCElFUJyLiNHBtpUuQriILmhA4UfpmZysqhbIVRSjTDsIyb7Z-ZvinFRB3jNi4HIjT0HK9U3JoutwVNwHe7arvbP90ae4bs1Bo7gwduUHNkxHrj34YJcNAOUuunD8Nwo2C1InSTFbVTSHwS2EkGof2kPWb38zABohGC2oNS2uSRC4_ZJmbrCYzvq6KLostgpUqKY1i9rPhCr67SdTGt7QXnJOrgQyKjwWIs3SdiNNXCW9fEdvKdmhasLL8eL-Tf0gaDkwp0zaaqsLEhN3RtiE-G5MsDITeR2kV0uERBEMbnpV5Znca54w8lTRLsHUsXnBGqW7KxDwqX5lb8JS1GnjkECOmmR9hSRi4kTY6tNAmB6wa-acb0NoAmAj3ygqdP8dtR-vzz2hi9BKZJdFX4qo3qBrRTyH746sdkKYaxkRbXlRBm4CifxiXFyAjdFZg5IWd3LqvAakKI6W-Ms5gfZNRnhVjKIDTvLsJS8WU7iQI1FbdD0kvEOuYQtX9JXpWI1LE6BhX3MbQomv--X2yFYJ5xOSTakjAd9RVILobvO5rAQzdK2PoK_62-cArqKh4HRbUdi8FBuEClgO1u8K7M2GADRCOCAFmsgQXqZ14NLsmPy2sMH4Morg_O8Yk4vOGV8R9E9i5WhXzsvQn7ITVk7oGKn-6UwlWJp2ag59OW7rhK_RdwXF0hOJqf9_7sZ-107Pcrvr10ROrrcpcnCUJLnzGEfINsv0flKx4jlq35sWhRPUcEKhpZdw51LgZr2qHfYh8lgE10ZRUluJPWFApeXFMxB69dTUd9qgBZVkys18_4dxnnFd8VmGjFfeUGHFerucnwLmV2vWLkrgAPDF5lU9goVJ7Tq3A1yUXHkF9yl6xDjoPxW0cwLPLSYwwcXEnTbDkDj7E1s8wisHXaHBFwHOTQOVI2qyXqYh7b5zEfs8wWbFfa5H9KwKfgP32BnQKU80&cid=CAASPeRouM5YQPR81Gl8YGh4RD5dDSudzUscHSmfECHYyv2PIt2nGMVs5pu42haf6jD3WMJOwFI85X9B7EOsfPQ&rfl=1%2Chttp%253A%252F%252Frebelscum.com%252F%240

Requested by

Host: rebelscum.com
URL: http://rebelscum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

453caa8a4e7c62b20abe500571bf0fe5ed7ea6f2d6c494a5d5ec318c63eec0ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23039
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame E26E 42 B
63 B 49ms
38ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BuImYZSrz09drv_OTavpGuuDCxTIFxAXbh_81zugWEL5G-8_cPfNRFX3DoGOSaxNW5H6FgHgEGH2Ky4la8AIQUhaZB_MSh_vv5tT6PYmV-eaLIYQM

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210428/r20110914/client/ Frame E26E 2 KB
1 KB 16ms
10ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210428/r20110914/client/window_focus_fy2019.js

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 09:57:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 630
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 May 2021 09:57:03 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E26E 116 KB
35 KB 23ms
20ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

258467714b990f7336f9d25902acb907cdb0cc27261bb2645e862d547b2198da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:07:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1619631691980669"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36080
x-xss-protection: 0
expires: Fri, 30 Apr 2021 10:07:33 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210428/r20110914/client/ Frame E26E 13 KB
5 KB 11ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210428/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

439ab67fa3c312bb442bed574ea79be834dbd92f3bd7d2288b6f3fce4d0afb0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:01:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 344
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5604
x-xss-protection: 0
server: cafe
etag: 2846967340006788112
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 May 2021 10:01:49 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame E26E 0
0 18ms
14ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSMa33kpgNc4fHZ9d7SipzafgxfQMmEyRrRiuCvztc-cGq2nMSuT4DLaMkoWT8J_oJYJtMm
Requested by: Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042701.js?31060938

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:07:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Fri, 30 Apr 2021 10:07:33 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame E666 111 KB
39 KB 39ms
6ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Host: rebelscum.com
URL: http://rebelscum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 18:19:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56856
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Apr 2021 18:19:57 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210428/r20110914/elements/html/ Frame E666 8 KB
3 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210428/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CL9apIr0ogQQvlJqEnoCtLjVpHMER0POwdcLSF5YgH8-oHdf3046WoFZwi0vugEpP5hQQ6k4fttoL5LrSBIkkyRZKFvFTzsmo145PmIUGVmJfuCnECVkbREBj3xwVk0P5s6i5X2Mn3Mk57ZH32suQan-3uHg&dbm_d=AKAmf-Cd8idXmyCr67z8_p7skXmcGFbEOVLPwbfxy0K0bJZThyNiqNKeyWBOyrfojLtuV78EaRtfbptAYRZzw86mUv-wxMpya0ceZn97CYg5Ism0jQD3XXGul71pbcospJwjJ-Bw1zcz-DCrS2vRGCZNqVQpkvIbRf5Fx8hC5hCz7VdyOVKnKo1mtnS9j9ovqSeI5Wl90ba5TyqO0lUoM5vLO9VykmzRmyjVpYrw1jhEy7awXYY13UxQUv7kp4udz_kcJ1AC58Rgru4QWJqxOq1PiWx92PdQoVEjNgAOap3aGXS_g8KAK8wt4AOX6G6VNSqsddcYZMjnwi7-8xrmTSOckwAQLIdJx5oLmd8TrtPpqiiJNbWyzVZehRVBb8125jL16zA0YnzbJdfbe_IyjSAua6TBq6mHY1KZIoqQs-hJvRjDpupFXEGHP9MZTgkdKiJeJjQKFbCafko5K-HhUfg-tO3so3c41-lN4g8ksBGWeAViUTc6ny3g2dQzItqoL8g1D-xPYdtnJpjgkV8bwbfagUbhuFzKT73scaOmJQKPUg0AXM7cn6GJyD3nhqaTFECkGJy5QxvFafaQRp6oVH24g6pMPXV_VG_riUKIyTR8EfHwK07j7r7PJ7yYx6XsLEqvFllpbwvy0WC4_F3nF_Bbg1ySows2MBlbnB-Era4fMTNs93_Pya7-39tvUsHJTsYSwEoo4LJScaz66S7qqHZF4duZAvlnb1iQ6z5lWCuKEixbCIP_iOzD4g6Q79h_X5YP2GQ_z1-ML6qW_PnY2P49_09EKRZMv3g4cuttuo0E_dGzhXpmKOlrF6a-9g7F1CmAeUx5HFZXu6RJ-6fwiLEVVuZdtwH_P7d_d_j8iU2H_VynZ2jUD68GA96MBBCfzPClh0BnIrBQgv5GSnSrYqRd_2yzOy43tuaLntAUxE212QrHZ4n4i1qNW1zOGO7r3IsQwaB10ZKmPb71rUibfxdfT-VqSsmWnirgv_4uikXpsYYFG4YxJQ9ckhnI4LnJBP1JJnN3RPWrhDyB21l3Wwyu-pc3lNkilRLIWM5Kjdr-5rgYlTVNEMhmSwaHIHEr_tmrRkexHiYwB6hcD885DVfQP6bfezIar_t8_bjPkafGBH5pCawRjG765uSd4N0IydQ8pXUSDcc8euX8-zpL7l1z30JoBgXw-0vDbY9fjnOfH-i5XhqBJpOK20iqSPjpEXicaIOO07GMO1E6e1tf3e03ff99NoQ4t1l7ptZRg5vFo1w2RuyeY1zjhHzjMm5YRXeGIoLbjk2VD32UnGT0Qto2S_YWNh2guuvj7Nyr2oec_tM5_-bl2Crwi1RmWH_l-esoxLl7RR-LgnTzj9CXBntUmmypr3U0zHAfzDm19WGUA_gSHPeNPH4RLzMl_fPq8Pw0ZuvKbwV9cvszph1lcH5gI3ob-130k-Xwj7Mc0LhA0TTb57FbFfrbD-ZKs-q9TkyZ0K2CKuPRDkCjo6C09eFErQFE2FXCjXyK6T6PgYijfm9hnUV8L3Axj2PiidqxXI9o8fnv14byj_HMNVG5o4AEzlGm0C9LKr2A-DffjqrfIFpralTOx8SAfhrflfu9m33q7dRtiXW2sNXleUyvjqWQoBFnUFnedsIusILlaO748rOJS9QaLFjTC-0aZbjFgsNdzzuB9QhDX6gGHHkKl8Ou8gPyF4XGIdDOPMgtweQ_nKGrGobM4_XhFQSyleaRKV1BQpOaurW4KaaSVvwDh2LCHGo_PYeeLXg2JG9zqWWcuSR8vVEKfbhCi0V5qxMhwUTshY9nB_bV9L-DlL5Pdo5KdMxp23QU5vHFJ10Rhfcp8vwWKSEYr2cHPlVirl1cTs2SLPxVgGWUOqsxOD9yrnrRc6K7DNq9u2Kv0mSbi9v6xPBSYqi4g8Mwep7x0BbbnJCoAv6J-sUzOmmZKhpbsRczZbFfCxx7rpi6LJORocTyi0l1CO_vANEMkv4TULRzwk8sL70HdESKQbYKf4buT4qkYHvvu0Dko7R-eEfVo1S7Jj9aj_g3eKjKMJ4KcVcHbpby2i_8XlaqJdD3gKszq9aQwYK4duny03AWj6QQQvkF79V966S-XcolQGNG6Z9o8enYtdmO2vyy76ZL5j0Ad7D75NQfIwbVlhyn-1cko1AV2XQU57Gv8OMs1FkPk6z0AnR85t1S9HDE0CeKDE8nw6thX_eXCmV_4nrYzqHg4JEqBjgkQNbxXdeuOsF5efriqmSOe3xpOs1RZdlwqyKyxdNPNwlBxB---TbgiSf6-Y6u3hqw61Z228qnZ2zn9nR-bT8IUWXicwh1qQ6ZMSUuZ1iXaOK3llFgiUu3ONi_oNHx6j-Srqmi9NodD4r0yl2jdhiV4qHvgqxzP4a9FFBiBPgJnJr17V8vTAmvj5VLQ3w1mw24wfAsfFVy2WlURHxUUDizEfwoYCHb1xICgAd3lTmWRdp5hbXrrT2CFix-y5xn7NS4kU5E8i88MiPptOKYVY9K-1IdUvdYtjvgb2TWvYhtSpZg8CZEjQwg80fABXX48Qz0zK7R23zYATX_k0S9ZLtiHpS7_tMBKMVKG4O1tn1oEjH-9fzivQxJVSyAlkIZ4QvONSrXUxVY0bJ_NTR-ugiFB9KLjeZ3AzOIfUkkLlI8uozF6sfXqrN3DBFwnz3SSUq9xSlFTiNgOK444dyonB9BJXDgCeV-S6xPrmv46rgCh987UAZDjzhBUia-WoHmmPpGdIMx894gjuf2CQs_hhKk9zb5zFwVu_CK5Aw6M9MNassEUNv0eRdOPRJceQTtcyWiEafB4hyLvKVwqZb7oISEzdyWa8W1ENGXEqu8t9coLCxclRQhDRRxiklANyDzjXaJ6lpELWe-NBpePzzer8Ba-ZdN5a3Z0mQZZsZDhhzpr8zr4WC_W1Gk27USVh8lrVXhm8jzXcYyWXBv6ZjrfZymHp_Z_wEL0yRY9tJalF9RLbo8agbXs2V670maCNWc2TxBJcfdlwv11owJlb8Nlw1HfdahRP8EFkvhgESs0BySKzsumVh8NxhYjw7BM0rUp4iaPiNninrUoGguL9Ew4uTaEb6wtzPCUfbdMIhn5DBkF55R5_qvQtkcuLMSXy_zr9kNwCyV_D0&cid=CAASPeRoLCyC183I4KKqQ39YSzr2W8WG_cVmLzYANoRCd_axnDmI389cWaIgMLtXPosOrz1rOQyfWg84aYy9tC4&rfl=1%2Chttp%253A%252F%252Frebelscum.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:06:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 May 2021 10:06:31 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210428/r20110914/ Frame E666 22 KB
8 KB 19ms
6ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210428/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86d901e0a6ee217d1d01c25901304e01ab4f7a705b0542b8db7b69d79b1371b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:06:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8608
x-xss-protection: 0
server: cafe
etag: 13470574408442207528
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 May 2021 10:06:21 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame 3068 111 KB
38 KB 31ms
14ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Host: rebelscum.com
URL: http://rebelscum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 18:19:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56856
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Apr 2021 18:19:57 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210428/r20110914/elements/html/ Frame 3068 8 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210428/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AehaKQquO82sMDDKiLc8lZ584gDgpsfXl7ImnWrei8PNBW_WUIoHBJyGxKPYYxzKXszPIWAJhEqL6OVNdjvL-J-ao6P7_hzJESEwgh7ZB-QxERzqeiTb4Bb5buQC-JXdJjzddCEn_e4sdg_UTaa0F3-lp4dA&dbm_d=AKAmf-AiA2UfLu-oMISFO6XpLGtisE4xX7kCZ9WYYwZxTbM4G43n9D0PjCPvaN_I2j6u5-oGEvJumAPhYPtoTthBHI0EWoUMBxbSJbItncZkhpzmgiCof_sr6nA24xS2D2zGaLHxoTsJcNghPZDZHmIx5KlH9jwZMQSokFklOkoYEx6CVmE5Sd31krXaLdJrMzsSKPua7UWWcLyr2y0GW-vwkdBeVDRNm1c5YQ95Le1WO5v3sGs54nHKEDNa2FKrNnvVZtovZ2VMkGNaYOcTkOUWXSMLBP79yG_3LD16YTHO7abUZJPBn79qYeIzUaZLhkfTRbT0VzpnSmfq8DuP2aCe0N1yF93ltPb_xY6FR-bZKrVjxM5Q94zJ-M9RYbVD_JyMWtuw61kgU5UxrMCyCx668qusqY0kFLAhZInOMZkl0dKfvX6nrWudmarPnksXTU716Lsg0fv57ZzNZ5xbEn92GDNYoKWQMjBVhlXkaHz1y-3JGy6Y9EWFwArpMOZShJ3AHMeR6KFTx5UXKi8lFqITiPO2j3tJBatgVz6Rk2rp7E5dE_BglsTTB87U0YRBTJy_aWuuuzMd2WWVzA6GKswfg8US-T2o79A7paf69ldvV1_dpgOHO-ndDMIbrqH3KX0H6uI8AmwPxkKfmy7hITbqtpYx8LVQlSDMYKJa7FJVvfpSpJiOG95SGHDxkKtbygaoS6Dt24Gg5JTABTeo8Z_lVvRjdC9hX1dtT_dM6drwNxGLLd4_hweuVK945cZYdNh1M5d98XtUO1_Vkh6L_gP-cLwlsgiAJkbasy7aq9M10towGIYfkIunVN976ZpmCSzqZrGyex5vywILdXXMX3a40CTWXUy8-CSctyap1pZaWxN0QZjZ7PMC3xPBx_tU1t30mcy7w7vcKZlYSZeWKykcQV1R3Rt6s_tUjGnLGtUqXCfRJetFEJLECZGo7yxlUZyhaAczc-3oAnd6b-sLEdiP5t_RYAeNsIdCzKAZs2fIT1zluqqac6nYNirYcPmAEgsedBFE2x32q8mZFV54OebQtcpNn_53clArzEjzkS4KbGDmFkjClvCarAck9RlDGwQVe8CosRf-1FpgV17LrAsa2vsDuWGeqiWph59j0vS8em-nUhs7nHkM75_iWj_Gb6x5zP-e4a1eb7XmhERcCTulvTOA2s-85xM-owCynwTuzsmus8D-hKQSyqlC_cxF4ZFxbdt6tREESIsM9eNXZVCNa--jRLPPtOyLYzGgPgcseweI9weefntIfNwNJeSmmgK4xsMkbCkMr8uWu2zSsZv-d1qWgUMUqTzz-ZD981I_Y0tTdgjQ5LN4WxadSj6WOnTRpfjGh610BeQqs4upozlmZnRc3P-OZ8xUu_6BLJgy9YTDCR46Ezs93BlTMuKPJQZH9qGHW4xN2Xp3LYrHk8JEyjliUp3_QB-5gfcR-PIOH49QHozY6AKVMCA3uYFU0AZ1bWCVhYmWuwTDGh6ErJJLPwaK-dmvYdu78ehkf8GrJHd4lJCwmUN4qUsoeISWxhAxdwEXyvkUhDdZpRFpN-pV8LiFBja04f84-qEx3ulcBikHXXiQSIkyU2bCwKEbdxl6LU896IKStmq0q6LWbzwy8SGPRsDHOErpAn_12l6HiKg09kJRmGGxXp_S5T6SkCLqLr639a_YMpF5UbOh2kzP9jPS_8sYUVWtDpME0Y4o8r0fV4EewPT7ifwAVh6G0xK8SI_2oCS5CebIQmkrtol7mFTgD5oHPMKNSrDUVVC6Q9wdURpRtAtQq33StGTgdr-6fx7d9Sxwsx6w4O-bITwuyONlTpOn7_Q7KmwGF82HKi-mU08jnzmbqaPcYrTK4Uk_XqngPZDprUS-NO97j-ERTje70G8djq8bYTc8jqMbYKY6_-A15543v7OZs32XSdMOJYQo66QJeZbyHZTlpL-e29AO26xRI27AcuKxkWe11Na-VrlOmyVM2kziBPop7Ml3wwRJuXN5lQe2uxzgTJ-o5wHsGNIavFn8h3_uEnQjyqFLxSZ28nhJtKTuqmFKULlTJvwJpW07H05Xk43AZQ-TK1ej5KY9DFsYzwu4L1zULJx_Bo3EWzBYMektjH59Hh0xxkiioWYpFINVq_WV4D1ukQIRlGwFq1kRL0D6BEkdnJQGDohSSHrZenaqxj4DXlCASc5M1gW1Y_8YRSJBNQhXfqI5AiDTws40TcJwasmiwXRfDcVkk_kIBM8wkUPOBSbhDLOHlSBRiS8NX79bxdgswCCvpV3ltZWYR8VxKb-Dy3E2C-QwfVdRxo5lPxuqwMpN5rxf69Ua7CZCpOneVzdMdtFek-qHmum3rRXy1AktU5sQfOEPQfG3KOBXs0fB-doJCkX-jIdsxRhNLCrB8Q8cznEEuqvd3rk3FLOn3t8-2YrU6LsWUmlvQLJ5_EOLl-uAKSc0FZk67-J2aKneTeAGYHMaJa5QE3s5QmSve71sum90lwLld5qgifzA2eb5jlmDFpptTW7xLceJ2JgagOfoFkVYk3wU6LuEKNwvqgasOjOsLV8nQYnqxAeDkvahoXE0YIZK-PPHphkYNCwU4rzJPXmdEuv5Igpz0NeE7p11Bl8JjUESQyCM1hyXwLa8ZqqxcwC9gBfmwiYLo-cjXeB_buBHcsb3h79PqGjXNy6JNN-JxPOXCDibL8Gm0PubrymIBOZ9JhXp623KR16L3f92qHvTrAqrG55dDasAb3LB81_L8Zh2yKEpeRoi6UXCLI0lxJ3SsME9DXACsXQD4D2y0MinpTOSEpp2-Ksyen-0tSkusiz54AGIlmcl0zdn4YeCO8QS7feZiOVOBurSVk5i_A0cnpiWK4xc9YUVJUVP1OZQvMreKUDLwVYCH7WNinCzAtx-_29SKxgKniJzoyzxpPMYAAo1RtLjwdjHVp9ruT_XZwjccWg0YmO66D-EV5x_AS6iozsT9ieZ--6mW_eCIs5tQ5cPbpzjkywBhCrt4-z-mg-D8O7gbFxzX-6IKnfEeyndnMqk5FP_tIu_TWoiSj9r39CPpEpEWv6J-gy5RpiLia-td34UTCY4bX1MhWz2WUWCeXKDrWbdBfaY7vSO3xYVic98SOmFE5kvYs4ZHMuT-uZNtDk&cid=CAASPeRosZN-5GEnPr9X7oqbQBZ75WMKBD9EAW1o-E9iIP4ky_jC9ADsnf-N2Xc1sh2AoIwmH0zGNK3eM3pG2vQ&rfl=1%2Chttp%253A%252F%252Frebelscum.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:06:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 May 2021 10:06:31 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210428/r20110914/ Frame 3068 22 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210428/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86d901e0a6ee217d1d01c25901304e01ab4f7a705b0542b8db7b69d79b1371b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:06:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8608
x-xss-protection: 0
server: cafe
etag: 13470574408442207528
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 May 2021 10:06:21 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame 0CE9 111 KB
38 KB 37ms
20ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Host: rebelscum.com
URL: http://rebelscum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 18:19:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56856
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Apr 2021 18:19:57 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210428/r20110914/elements/html/ Frame 0CE9 8 KB
3 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210428/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B6T6Xz-yrj9Pz1D4VtgL706ygGi6wcHggCPqCGKMAD9gho8pbP3deENRKOm0Aq-_GZaFvSKIUmbgW9SMQcd22h3N-R3CapfTR1SBl5ueNV4OyH6Q8nVskEY8HY0qQ37gG39Mxk7n5eBplnx0VeWguc0LoF2Q&dbm_d=AKAmf-B9MOO18DA9ymJOo61wnxt7o5X8353-AKEnjsSvd706EHA3HfBKxJo70Gzjm_G4x2zGK_9pQqXPfyLZj1gRwBtE8wOEQyf5qgc-nbJed5MT-gDz0svo3luWwfALX_9JdAhqmRjYR5AzkE6XSMybTh4YS0IuqD27Cv4vnhytxNX8mEEhIuNQq0DyKTV1DMimTh3F-zPEB8APTak4k-GusGHBMve4AUruzd8fMdf3-daRjlZoSlXtcD6JoDfidQy6phgKeSEjD1htaCiPnfzu1duRTK0NKYYxQ4Zye24KLb_1dFLaOiPpxfazjq73GOaKLRtCBSxaErkml-6qdaQsO8GDaS5c54mwQmPPqhJiRcSdAJV8tfkNEVDMzR_b7WV9lRPi8IZfPViCOfl9ZUvpBHs6dBQAZ_Qh2_Dr78hi3L3TlQs43ORVgV12orexb0twakizqy57z4ESEOWag90r3tbowBinpM7P7ke7wIwplFMEg39VimLuxQ138ETovRjdCQnfhFzF-Qa0huc9-ocurbUCuJ4gxnfkzO4Z0VFbl9pTPfOOcSfuClnaSSXfvE0bSWqQXurhyuv6aRf_IJvfrsh8KNLG1GZ-nlLUyrnUJoxzMeJeBkL08cfyOHrlyHakG-sywMRTG8Tohos9RZVcKzmbksYEYFXpev8diPMPODQpwKOJuDt9EwK65bp0NUl7QGNeyn_V9KJiJMqQhVFYV0IfBr5b-qgePJg0pXCkLBxx5e2BBj_f8iN43dcOceeyAHe89L10PZWngi4cj7YXQ9IzJMkJMIy-gcxCcFRJVeIYPCaei2bCoQCAJaOQbtQtjPD1ws8vTX67JnUYVFdzJKkZwcUAKQQvPQip1q-KsLMbAOC-Pu6QgbEMkdxn2oyheuy5Q-7JDsRNyvZf4i-3LI--jHtUYj5rQHFbwv9G57WjjFMeHcKPznKmZIbiWwfGcRlCnbG0Xpj9wpZkNEdKumKa3POAZgbJqz8avSATvU_ADOg-OTBiPtSOk1ueESJCxH16zbhIp5ieoffQJkjJ053heHnV1c69_nUjTjcgivFxmPaIRW3sVw9cOvvT996XY0SmsEQgj6faC_EQi2rQggULaXgg6HusQFf6PHXXAWDJXZxEBqYW2l4iJr9BPWzscZgotLUOZRPxbM-bucZxSrGWbNLeoCruoQT8f__Tm_oEude4ROrlaLBXlTtC1PoE1i_MiJIu2cOxDNhHxlXxaSn5mh6-BFv8jRBHtgF4eJhC5da1ykZCEAW06c5e8Q7mGUJ4XBioq-hzqEkyUVyLuCkxsfQtsnIMcqKpQdTitciEk8iTzxkDJYiEga1vZnt4O_-vDrNQz9A94Mu1IBwF454r47DwCeZdyh40R5Zhs-qJ86fwupdjIGmPIWoc5RYs6Faq5yVE_jEivxAlCY1Vz-asQqtWG7qeyT3VegVj36wk2QQUibwlCfRFNIcCOf8VPEL8X7BRxvKWwnp-QxrasG8ZfoBOEytBweCX-fOAf8FpEkVLmZjoD9Oah_O37etRtb512BuPYrhrI4UZ51ty0lHsOQsce7TY_d_itOEmhv1QUnoJ_QKhTSof0ECdLCCNXhm185dMtYYIfRMy-geaQhiHDMjPP6fwnYsWozBztODXy478y-2x-X6KkNwJOb6JOkWfWnejuKJQCcSvK_j-HhE1obYWS2H523q9XJJgwmjBiIVA-MmxmLcQ5q-UWtjunQjftP-32vWklLOdZlDUI26m0dS0ckPzDh0aXPBDhyOeJFSxGW_rroCjygTsUYQ7hzJPGwiL927xdk_N4tAWjaVPg_rSqP2wV85hjbKw_4J0PiODFTV3HqxJ8Fwg8toi8zO7COgjzn0sZ8gDa82jkE8asGPKBNGfQNtKODZD6TKi1E2tKkmv_zJMAecwxeqiOWhe2SLBxBPpjhXtbIESvIIvr-RGh2D4OLrSiFbaxZsuEEuo7AxmMlOhFdZ41AV7xKvsWqwscFyWcyCICtNZM4gHGDdhyAjLOVDVQ1vE96vMZdt1Omh03tC7QWEoalfjRgjkvJede_N8ctvrUE214dFCJIF56xS_zgv5riOc1Hs2TJ4ZdzpEluEDPT0rhi9GXqEs64n5XqayRhPlXssTmFlCRrMNUZuc-mXVODWnH1-gjiRFc-56P5WsQPZutc94FRBEj8L5AGya1nn2U9xxW3BykRyC_8SHjELYbay9-qikRZSyM70U_3kvwKFJELPJGNCKIi8efSviBOQyV1vcMs1_IaNx_vJR4fXXQGqA3GJOO4kRXGHKDDltBiG_KnRbfSOWAlzmoVOLakQwaCh83lvgtKBqzQQdA88zPXJwncbfklz-m2CY49Xv6SnIGYMrBjad-ecNXqOu_CSEV_bnRR65mrkkF1x1p0t9v6p_x8zUZr0HpOzDY3S6_gh0wbaFA_P-7qRN2slXRGbwP8i0gNhvA1Ev-gtfjIqhnudcCPxYwLZ5or18AbssEe5BzZGrh1GHBFIS3WHu3R91C1W_OkQKIudnmJ9EmlFJ6o-uJLt3WcwAklnlXVyI0ox0Vl3DtHFDY2Az7aIxu12B82NwlS-UO422bgFPKSWzhykaCfKe_BY4kdBMLye7hHvNikYIQ3Yqh6j4CB5svqoptgxF6Z2G1tPEtkJ9AaWhsLtZYoLZ3Uubw9lq8PMRfl7qPZmWacIyVuiG1Isp9nk7838SWt_kgpn9DWFJ52N4EE358AECIN4NREgW28sbBoactkL0j3yiJyzFk6_rab60Zh9roPtt49m3P9Ea7pkACTuyGXABnT0JELmJ5Hs1k7oWmN9dXVrGPgm9jZP2dT04Bxm-Q5iWg-ZiV_HlYzDcpW-Eg5GdpYdOaX95XNGrMK8MFNDeA61GTCXuk7A4NoOGV5w497s-M8IXlJ3maW_lEXz-ekKg_wadvRNuKGzGe3oPOsR3HWOWdmwgIyNc1TSAhBvREUQEYEA1jcbr2Km1Aga1zk-ZI6YWg6RW7GvqaC_gYTlHtDX61VTAGl_030c9rDKgZ4p29vyKnXS41YYag0i-pICYd7Qj0Z_i_A8ou9BU_trC0YoHl01TCd-uMyC6nsf9dX8se51BPg&cid=CAASPeRomiMyiicHT1qjF-d3-DrGPShitRKvAkYyuZIVVG8TsXEJF2y8kXCe879nGiXUEPa9vtU0P9qW-buLr88&rfl=1%2Chttp%253A%252F%252Frebelscum.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:06:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 May 2021 10:06:31 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210428/r20110914/ Frame 0CE9 22 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210428/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86d901e0a6ee217d1d01c25901304e01ab4f7a705b0542b8db7b69d79b1371b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:06:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8608
x-xss-protection: 0
server: cafe
etag: 13470574408442207528
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 May 2021 10:06:21 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame E26E 111 KB
38 KB 35ms
22ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Host: rebelscum.com
URL: http://rebelscum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 18:19:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56856
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Apr 2021 18:19:57 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210428/r20110914/elements/html/ Frame E26E 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210428/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CbjKVIvUqmfYiPr5UDJg7Dd45jOG7Vx4b0DMFqlxdU81_pj-w6zCJCEhOpV7hto6VEhHn2nZE_oFQZKkCBxAWiPGZ8SJrhPtltl6ufglDHAYRObRs0dywaKV8-OfM9sOTFXdEePepsOZo5NsuwYS89SNlQAg&dbm_d=AKAmf-AM8PqtAu1dpkZwxIWN1WVqoXdEV7NZdQqADZdLLvksgKKcW3cA3WQB4EBHhwYQnLdnrb7UgXjSfatkHKxTKzSD7JWcK-faBeytfU2H6MkbDoFOmv68RBG2hJomB-nDKLEZhpe16RIiE-6O60icrNlJ-X4GYrkBa5sDIsFANOmY5bALMRwfS--uJY_r3JLou-fNM2QBKRtKiTdoqOa99NNJCaDtQenTAvVKsX1rcTMV1JYVTb7tOThbwfmJZF2_rGgm_T7OC5xJTaA4LeynvpCoJNMC6SDsNqQ3krmPupOpXRCkDXbb-rS1EJ4d6odizFNlu0fVV6Hh_RSQNtRBeH80daJwUvv7AjKXfxIrlo5-gJLXPiDPWdfdJxWw5u4ZRneG0WVxG4_WPMWbvO5HVbi2lQg0BpVqMClPfDFX31qipz2eGuJ7lPoZq2cKCw6sFWKZanPgDMydW7NpTDaWeYB7P0VI2B1K0eWXA5BdwcQjSwBZcwt98xpdUDuZL4e9OqIOMC5iC0X48YxeRDEjtS-A-y0rsTI4W8-CGfO2iKG1D7CWkbASK4AwX4amY6XhloAtIb45KourrsgbJmSXG8lhR2-aw6HVa-aHK8PAOkJZrQEDGlpKezYDi6ddyUQfAMGX5ei3kUzQApeRY-ZxhDkpo6ZHO-68LEH9kEg_NzUNGPu7tszEKHfSxJJNflvJU5FNzeazldsS5XWpZVU1smS6JB6FM-56vTKZpDa9RkewQCU-DkVSi1-2nYsJfqjDazucB5XkoIgoZfYRUiRhVAcaKo1RgJ4Zsu8eWkHv8o8mYVLzzJCU3ig-5xmknyLBsrBR3MmgRrY82gW_BkKni5dCNd5OEFmTBt3qoQfucvuNigOTzti6AjcwmlYlsMs4q4_A4AtIfdWdmol-9jZarLH8FNYywXcD4ZiR05GC7EztAeeHMssqfn5LJezOilb3h1PeG4j4ZJ-gGuxxvNKc4fIwd_MyTKfbFZ9pJTX-pE-D7q3wL0fD9PybAYb1hPfXjzgb6DKmBPvwCCY78t0QS-YaYFPMPBNBhQYABDSR53xhVO2n578yca1bqWnpHqZMQlwuXwjGZ7DPOjTuOFRmorAAbpfYHhT8rlJg0O_M7jksgJPeFh6DhxgdswC_KrYtZNz5KfZhFlwCIe6LhuYCyfnj9Sr2JIlLJUxXE4mMsyPDJwKa7p5s5yMD6H-Srv6NPCPwq7lMB7N6ZFogsEGcInl6jTrP4g7rUWj7pnEc7JgF0AsW4pFO7_0YkjIwmXVOgQXDMjaLxtORpRlN3M6xNCmTlTJm82_utPhB8PQHSnqCNScd1Ku3vzhbaIB4A_8zRTwtMHL0Kh_nVDi8_VvcLdHb1Raebljpfufue4hsHkP-VzvUmq5UTH_o2xJ5xbCR1sZTo87VTZXpSmasvTXaEvBP2SqX0d6aIWfz-LwYWoAvmXwraRYTsDFAYEYn3PrUDGdmq4VZtebF4dBf_eMs750gAhrmTkL42TkXIQIk7j3O1NP9SnU27yb0OYoviBrFqUt-H7BM1r5fnoib91Xrt1rJnnOkShdbXZHbYhpNZP4NxuOraE3gDToMQo6Ntc6AKNmj-Xl45K_5lfwJg9OTWnBYgjMX851D8iSkadIlbm7liSD4QNv9coB6jsiYmQIPwW8QjiZ1x8yjMZBnCEskhShpj142pb9lLiv_ifO84NtzPlyQ5i8Z1n_-mpOc-xM1kh5fnbN4R1AbNMZVXlrbaFH-YZWJxj3iiiLYpbB6s2ganbsg0KKKYJ40db86gR2y6CsqESuHE8efS1wgKaj5WyvOllFWiYGFZwB17FaLcCa5y4zSealIlDxo5xmfELOBpF3KerLo9qzDerPweTRG9GZxFd8SW1I9gzDAd0SxGL3rESESDJIU7eycz4URMa7hzGEiTfiJn3X3RoNQcdaRWZ4IIaJcQDquGK9iujROS2HLzDiOZ7SKDZhSiGM5hCmPUf6eqZ0d69YswxTktFion_BFdX3aFeGWKCMUy47MwQsIAtxs9N5TU_KMEL0v1sXSB2PvEixhCElFUJyLiNHBtpUuQriILmhA4UfpmZysqhbIVRSjTDsIyb7Z-ZvinFRB3jNi4HIjT0HK9U3JoutwVNwHe7arvbP90ae4bs1Bo7gwduUHNkxHrj34YJcNAOUuunD8Nwo2C1InSTFbVTSHwS2EkGof2kPWb38zABohGC2oNS2uSRC4_ZJmbrCYzvq6KLostgpUqKY1i9rPhCr67SdTGt7QXnJOrgQyKjwWIs3SdiNNXCW9fEdvKdmhasLL8eL-Tf0gaDkwp0zaaqsLEhN3RtiE-G5MsDITeR2kV0uERBEMbnpV5Znca54w8lTRLsHUsXnBGqW7KxDwqX5lb8JS1GnjkECOmmR9hSRi4kTY6tNAmB6wa-acb0NoAmAj3ygqdP8dtR-vzz2hi9BKZJdFX4qo3qBrRTyH746sdkKYaxkRbXlRBm4CifxiXFyAjdFZg5IWd3LqvAakKI6W-Ms5gfZNRnhVjKIDTvLsJS8WU7iQI1FbdD0kvEOuYQtX9JXpWI1LE6BhX3MbQomv--X2yFYJ5xOSTakjAd9RVILobvO5rAQzdK2PoK_62-cArqKh4HRbUdi8FBuEClgO1u8K7M2GADRCOCAFmsgQXqZ14NLsmPy2sMH4Morg_O8Yk4vOGV8R9E9i5WhXzsvQn7ITVk7oGKn-6UwlWJp2ag59OW7rhK_RdwXF0hOJqf9_7sZ-107Pcrvr10ROrrcpcnCUJLnzGEfINsv0flKx4jlq35sWhRPUcEKhpZdw51LgZr2qHfYh8lgE10ZRUluJPWFApeXFMxB69dTUd9qgBZVkys18_4dxnnFd8VmGjFfeUGHFerucnwLmV2vWLkrgAPDF5lU9goVJ7Tq3A1yUXHkF9yl6xDjoPxW0cwLPLSYwwcXEnTbDkDj7E1s8wisHXaHBFwHOTQOVI2qyXqYh7b5zEfs8wWbFfa5H9KwKfgP32BnQKU80&cid=CAASPeRouM5YQPR81Gl8YGh4RD5dDSudzUscHSmfECHYyv2PIt2nGMVs5pu42haf6jD3WMJOwFI85X9B7EOsfPQ&rfl=1%2Chttp%253A%252F%252Frebelscum.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:06:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 May 2021 10:06:31 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210428/r20110914/ Frame E26E 22 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210428/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86d901e0a6ee217d1d01c25901304e01ab4f7a705b0542b8db7b69d79b1371b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:06:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8608
x-xss-protection: 0
server: cafe
etag: 13470574408442207528
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 May 2021 10:06:21 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 48DF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1

43 B
1014 B

98ms
45ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmZKBCH0_e5AhihiMClATAB&v=APEucNXVIHLRs9Zq7FaKLJMUKizz2nwK86OpO95ICS0800x6HIsBB5bbCKRKul76i014PKKiy13owJozfKAuqZNYTP0gXG5-4K9xS9dKKGgpPs4OdmAQbonl59_wB1t8jJfF6ti43dcLRJicb9csDfNEy_-6zaS1yl0mbGuNhtCwWenX1cQAbJIXyOIPxOMbgzZsZR7itFa-fWLGTKs5GqlxQi0UYZE1ZQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Apr 2021 10:07:34 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 30 Apr 2021 10:07:34 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 48DF
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YIvW5qabWM60D7pR25JYFwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1

43 B
894 B

34ms
33ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmZKBCH0_e5AhihiMClATAB&v=APEucNXVIHLRs9Zq7FaKLJMUKizz2nwK86OpO95ICS0800x6HIsBB5bbCKRKul76i014PKKiy13owJozfKAuqZNYTP0gXG5-4K9xS9dKKGgpPs4OdmAQbonl59_wB1t8jJfF6ti43dcLRJicb9csDfNEy_-6zaS1yl0mbGuNhtCwWenX1cQAbJIXyOIPxOMbgzZsZR7itFa-fWLGTKs5GqlxQi0UYZE1ZQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Apr 2021 10:07:34 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 30 Apr 2021 10:07:34 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 48DF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOXkho1YpX108udyHW6e5jQ&google_cver=1

43 B
1023 B

116ms
63ms

Image
image/gif

37.252.173.27
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOXkho1YpX108udyHW6e5jQ&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmZKBCH0_e5AhihiMClATAB&v=APEucNXVIHLRs9Zq7FaKLJMUKizz2nwK86OpO95ICS0800x6HIsBB5bbCKRKul76i014PKKiy13owJozfKAuqZNYTP0gXG5-4K9xS9dKKGgpPs4OdmAQbonl59_wB1t8jJfF6ti43dcLRJicb9csDfNEy_-6zaS1yl0mbGuNhtCwWenX1cQAbJIXyOIPxOMbgzZsZR7itFa-fWLGTKs5GqlxQi0UYZE1ZQ

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Apr 2021 10:07:34 GMT
X-Proxy-Origin: 5.253.207.204; 5.253.207.204; 539.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.172.244:80
AN-X-Request-Uuid: 47107ffd-9ee6-4128-bfd9-41ba426ca53e
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOXkho1YpX108udyHW6e5jQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 48DF
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTY3ODQzMzE5NDk1OTA3MzQxNA%3D%3D

170 B
188 B

82ms
44ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTY3ODQzMzE5NDk1OTA3MzQxNA%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 30 Apr 2021 10:07:34 GMT
X-Proxy-Origin: 5.253.207.204; 5.253.207.204; 539.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.173.235:80
AN-X-Request-Uuid: c45d5c9b-1764-44a2-96bb-ff063c681510
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTY3ODQzMzE5NDk1OTA3MzQxNA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1BDF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1

43 B
1014 B

88ms
34ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmZKBCH0_e5AhjNg8ClATAB&v=APEucNWkjXT4xnZpDbstOmrxTGtdGX0rsujDDRCxUrefIz4qqbzfPbkU_H_KNy6J3rB57zbfgdG4zMmUuYQnr8rRD9swnyNSPNlPR4V-tdnO9CLVepa_YsUXBqgg6hcoo1e9iopKqd2ilth7VReKwtUf1-Ok0ehiLlzgZP67xaMl_GSz14EwyUXdOdOl-tsh9LsfXdFi75iXsxwDl5dkOJfJUcgHlZdb7Q
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Apr 2021 10:07:34 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 30 Apr 2021 10:07:34 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1BDF
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YIvW5qabWM60D7pR25JYFwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1

43 B
894 B

35ms
34ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmZKBCH0_e5AhjNg8ClATAB&v=APEucNWkjXT4xnZpDbstOmrxTGtdGX0rsujDDRCxUrefIz4qqbzfPbkU_H_KNy6J3rB57zbfgdG4zMmUuYQnr8rRD9swnyNSPNlPR4V-tdnO9CLVepa_YsUXBqgg6hcoo1e9iopKqd2ilth7VReKwtUf1-Ok0ehiLlzgZP67xaMl_GSz14EwyUXdOdOl-tsh9LsfXdFi75iXsxwDl5dkOJfJUcgHlZdb7Q
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Apr 2021 10:07:34 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 30 Apr 2021 10:07:34 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 1BDF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOXkho1YpX108udyHW6e5jQ&google_cver=1

43 B
1022 B

82ms
28ms

Image
image/gif

37.252.173.27
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOXkho1YpX108udyHW6e5jQ&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmZKBCH0_e5AhjNg8ClATAB&v=APEucNWkjXT4xnZpDbstOmrxTGtdGX0rsujDDRCxUrefIz4qqbzfPbkU_H_KNy6J3rB57zbfgdG4zMmUuYQnr8rRD9swnyNSPNlPR4V-tdnO9CLVepa_YsUXBqgg6hcoo1e9iopKqd2ilth7VReKwtUf1-Ok0ehiLlzgZP67xaMl_GSz14EwyUXdOdOl-tsh9LsfXdFi75iXsxwDl5dkOJfJUcgHlZdb7Q

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Apr 2021 10:07:34 GMT
X-Proxy-Origin: 5.253.207.204; 5.253.207.204; 539.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.172.40:80
AN-X-Request-Uuid: c5deddef-c36d-48e8-9049-53e4a0b5f287
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOXkho1YpX108udyHW6e5jQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 1BDF
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTY3ODQzMzE5NDk1OTA3MzQxNA%3D%3D

170 B
188 B

74ms
43ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTY3ODQzMzE5NDk1OTA3MzQxNA%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 30 Apr 2021 10:07:34 GMT
X-Proxy-Origin: 5.253.207.204; 5.253.207.204; 539.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.173.45:80
AN-X-Request-Uuid: 5b8472d2-d63a-4b23-82d6-ea7e256d6304
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTY3ODQzMzE5NDk1OTA3MzQxNA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 6CD7 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://rebelscum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://rebelscum.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Fri, 30 Apr 2021 09:50:38 GMT
expires: Sat, 30 Apr 2022 09:50:38 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1015
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 67D6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1

43 B
1014 B

101ms
41ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmZKBCH0_e5AhjchsClATAB&v=APEucNWMaBKux_6iaKhylq1e6_nYsDOausi7OMmnl1toe5OMM6oMdstBl8MWC5kiNlSYDXcXZRqzCP8KnvXnmWW42IBwQIw5k1iw8qv00uKM4GyQcPIq-rB4pkaTRImqu8kgJ9RYtJ4IZu0bZ_vgpe3w3ySQiQdG4xnEsrSDs9gt3yCZEcYdbJissxsm0A1fm2mMBkXorGkwnuujMJtxswZHGmErXGWxiQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Apr 2021 10:07:34 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 30 Apr 2021 10:07:34 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 67D6
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YIvW5qabWM60D7pR25JYFwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1

43 B
894 B

36ms
35ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmZKBCH0_e5AhjchsClATAB&v=APEucNWMaBKux_6iaKhylq1e6_nYsDOausi7OMmnl1toe5OMM6oMdstBl8MWC5kiNlSYDXcXZRqzCP8KnvXnmWW42IBwQIw5k1iw8qv00uKM4GyQcPIq-rB4pkaTRImqu8kgJ9RYtJ4IZu0bZ_vgpe3w3ySQiQdG4xnEsrSDs9gt3yCZEcYdbJissxsm0A1fm2mMBkXorGkwnuujMJtxswZHGmErXGWxiQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Apr 2021 10:07:34 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 30 Apr 2021 10:07:34 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 67D6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOXkho1YpX108udyHW6e5jQ&google_cver=1

43 B
1023 B

74ms
28ms

Image
image/gif

37.252.173.27
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOXkho1YpX108udyHW6e5jQ&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmZKBCH0_e5AhjchsClATAB&v=APEucNWMaBKux_6iaKhylq1e6_nYsDOausi7OMmnl1toe5OMM6oMdstBl8MWC5kiNlSYDXcXZRqzCP8KnvXnmWW42IBwQIw5k1iw8qv00uKM4GyQcPIq-rB4pkaTRImqu8kgJ9RYtJ4IZu0bZ_vgpe3w3ySQiQdG4xnEsrSDs9gt3yCZEcYdbJissxsm0A1fm2mMBkXorGkwnuujMJtxswZHGmErXGWxiQ

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Apr 2021 10:07:34 GMT
X-Proxy-Origin: 5.253.207.204; 5.253.207.204; 539.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.173.147:80
AN-X-Request-Uuid: f5c2f14e-e298-49b0-8f9c-22e33977d000
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOXkho1YpX108udyHW6e5jQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 67D6
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTY3ODQzMzE5NDk1OTA3MzQxNA%3D%3D

170 B
188 B

74ms
44ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTY3ODQzMzE5NDk1OTA3MzQxNA%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 30 Apr 2021 10:07:34 GMT
X-Proxy-Origin: 5.253.207.204; 5.253.207.204; 539.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.173.216:80
AN-X-Request-Uuid: d4e6122d-626c-4033-9f9e-64044e86a022
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTY3ODQzMzE5NDk1OTA3MzQxNA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 4AD2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1

43 B
1014 B

93ms
35ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICfxAEQ7KXQkAIYxbaHkgEwAQ&v=APEucNWYF4qH0W_bghPvfBkPahGcPLvpo3S8llU9qL66PJLK5PlZMK4fyced41nxao2yV8AOv10tipkAjhor-Xr38whX356874wjCVlWlWejMUAwhnsrHygvUFZApwqpPBRFaxbM4e3kjjqz1T_XYjJDcKAxxZdxHgqCl04W4O3sf7BOIzoSuI2sHqm5sIUWNRMFm2vM85MvVuqFuZnUaW1GM_QTYSlGsw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Apr 2021 10:07:34 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 30 Apr 2021 10:07:34 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 4AD2
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YIvW5qabWM60D7pR25JYFwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1

43 B
894 B

34ms
34ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICfxAEQ7KXQkAIYxbaHkgEwAQ&v=APEucNWYF4qH0W_bghPvfBkPahGcPLvpo3S8llU9qL66PJLK5PlZMK4fyced41nxao2yV8AOv10tipkAjhor-Xr38whX356874wjCVlWlWejMUAwhnsrHygvUFZApwqpPBRFaxbM4e3kjjqz1T_XYjJDcKAxxZdxHgqCl04W4O3sf7BOIzoSuI2sHqm5sIUWNRMFm2vM85MvVuqFuZnUaW1GM_QTYSlGsw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Apr 2021 10:07:34 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 30 Apr 2021 10:07:34 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuOqz61g1DWWBHEki-L6Ug&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 4AD2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOXkho1YpX108udyHW6e5jQ&google_cver=1

43 B
1023 B

81ms
28ms

Image
image/gif

37.252.173.27
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOXkho1YpX108udyHW6e5jQ&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICfxAEQ7KXQkAIYxbaHkgEwAQ&v=APEucNWYF4qH0W_bghPvfBkPahGcPLvpo3S8llU9qL66PJLK5PlZMK4fyced41nxao2yV8AOv10tipkAjhor-Xr38whX356874wjCVlWlWejMUAwhnsrHygvUFZApwqpPBRFaxbM4e3kjjqz1T_XYjJDcKAxxZdxHgqCl04W4O3sf7BOIzoSuI2sHqm5sIUWNRMFm2vM85MvVuqFuZnUaW1GM_QTYSlGsw

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Apr 2021 10:07:34 GMT
X-Proxy-Origin: 5.253.207.204; 5.253.207.204; 539.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.172.254:80
AN-X-Request-Uuid: 808b19f3-09a3-44c7-97de-85b9ff9f5275
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOXkho1YpX108udyHW6e5jQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4AD2
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTY3ODQzMzE5NDk1OTA3MzQxNA%3D%3D

170 B
188 B

72ms
44ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTY3ODQzMzE5NDk1OTA3MzQxNA%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 30 Apr 2021 10:07:34 GMT
X-Proxy-Origin: 5.253.207.204; 5.253.207.204; 539.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.173.239:80
AN-X-Request-Uuid: f7c29ea4-f993-485d-aa5b-f33c489da0bc
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTY3ODQzMzE5NDk1OTA3MzQxNA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame E666 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 08:43:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 264257
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Apr 2022 08:43:16 GMT

GET
DATA 200
OK truncated
/ Frame E666 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b24ede867f218edec77160eefefdc7999758d2ad8d605f9bd126026304ebd311

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3068 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 08:43:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 264258
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Apr 2022 08:43:16 GMT

GET
DATA 200
OK truncated
/ Frame 3068 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 17f8a72837106aa9bb5b6b702142835c22a0a5bffbb8996f58649e609ae3749a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 0CE9 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 08:43:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 264258
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Apr 2022 08:43:16 GMT

GET
DATA 200
OK truncated
/ Frame 0CE9 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: daf89db8c169e827f6486e7c8f6332330526094c90438ab48cbd0acd4ca015f1

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame E26E 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 08:43:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 264258
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Apr 2022 08:43:16 GMT

GET
DATA 200
OK truncated
/ Frame E26E 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 393cb508acc3effe6f0c14dd09496a48b3f5d1ec749243268bb020640e83ac75

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 index.html Show response
s0.2mdn.net/10211492/1619696784694/ Frame 079F 93 KB
26 KB 20ms
7ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10211492/1619696784694/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9f48c9fa45403f9f8119d28a73eea0691d0668e7f6d12fcf14042351b5b0382

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /10211492/1619696784694/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 26699
date: Thu, 29 Apr 2021 15:19:08 GMT
expires: Fri, 30 Apr 2021 15:19:08 GMT
last-modified: Thu, 29 Apr 2021 11:46:24 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=86400
age: 67706
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame E666 0
575 B 117ms
47ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvhipp5Tum2GlsyygVUYesKcJTlwl0Wc5ERKPgCMsXdjR9jNT8wp-nbWkDfG_q4bpwrMXo4mbLHd_UhcL8vRbByfDN7U3f63ykgRjNvf-gwrEL7LuBtqV6Wk562b7cVqmaYV0FrPaqdAIjaPXOofooGlH2pKTcY7SUa-ny1zQUr_BUUikrqLw4hjDaG-1DONvRXdscyhC_H82qmgCTAV_EhjYFx8u_JvCJ_nY_TBXuUhzwqUKk4Xa6CYl3CWfCRLDmbEHgrZT0s2OG6EjiB_w1_CO1FBLdHz1CH845S8zmac6p_9eyLQ8S0UNDCwaFK3glI_QZLAanLM4CBsoYs8gWYwyPrecOhbMl4usgBfxUCoyzuoDPFguHoO_TNSeri4v1yMxpOfP337lCdkhKnKwRBIY-si3g54ztuSoD7VTIjqbSjPKaOAOmcBoyD0Fw0Wax1Cl58inUeori72yIS5_vBamoomcXzM0q6saoNgoStUiCEzdWYbT4Ff2hIuntNYMYBPS_0kNgTxgDi5f_RKmxXefQCXlgGjubCktCWK2Su2xrs1_z7VUo4PEOilRC5WGtAvRAbeJFfdVHW6OPZQjB-3j37PBPNrVP11xmnPmF-XmLW0hbCDcBirvd5YuNFj4Z_W3qY3TRcsEJgm20-BQ224O81BHrQ-agWtJ6eBNF7uYJxoTxC7DJvEoKVGF7YEUbKZGO2MRtteAlnk6aXef4RHlxZUI67mEI3enPN1fmh4u6X0sywwRki_WGaDSkIG6dFqzW5ldNAE43Y-wu-5qcxpauUU6juy_2EnyXNJVQC5MOT8MweTer2u92ntH4yai7DjgfwzWuxGFj15GPzrJSudiSJt6ypsYvse7YKpO5mtVOK4anF4zc_22-lamHPYfDfFn8QdXbE_JjrGuDfaxHsKAB5YWlQyDn5Q9PiRVztQlrB71RCZKoYkCZexHVE9gERzIhUy2Oi7cMTCbTn21jpmjufzipwknVszgFcVVoUxq0ZJJlCD7WPKoRvsaMoGt3XUfyCSZKV5yp2HZQHGL7GXaNlbS7bilxv0vfyHl2uobIClwHQF3TBx657I0pwQ4WKNbidnLHF0cPLFElb3yfDnmjOAA2jUHdMyvHh8iZpZ0hzGp5081WiJE9UzT7U0SkG2pPn1zgXEveNGC5izMwP8sgWI4cCgdRJFgaxqljvYiXGHmjOrA&sai=AMfl-YRNfqs1LjaOXoBffJQftJKT9i6JZXrJ97h0XVCO_76Nm6fg7MELDb3Bs7G63UYg1Pvm3C9-LZmHhSiW7ldR5N9ph9IRzPQEkDcWF_BGh9oXOM8ISQ_38HjE64zJghII06XjNjVQkkl0GPBaP21wIYM7jjRbZOhUo_GZqhhmpVtFHpfAMFNqBCKjI6hsrbDABouEAqDxQ0gHoSELa0I6qxM0o2pODvBVk9CSPnQr0Q&sig=Cg0ArKJSzIY2hGN5ZNmBEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=213&cbvp=1&cstd=210&cisv=r20210428.33537&adurl=

Requested by

Host: rebelscum.com
URL: http://rebelscum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Fri, 30 Apr 2021 10:07:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 index.html Show response
s0.2mdn.net/10211492/1619696795972/ Frame BFA1 92 KB
26 KB 13ms
10ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10211492/1619696795972/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27729d3a65238030c12c219eb88a0249563088d8063fc8cb96246d64a2e752fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /10211492/1619696795972/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 26589
date: Thu, 29 Apr 2021 16:52:54 GMT
expires: Fri, 30 Apr 2021 16:52:54 GMT
last-modified: Thu, 29 Apr 2021 11:46:35 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=86400
age: 62080
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3068 0
61 B 112ms
51ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsupp8W2hi9uJr4w3vbZJIxaCaYdRYfXjVrH1Xqm6SmRdhOsjbNmAPBFPmPUApY8nnZBstC0mwc0cvLT5eH6nB0aDzxmaJUD9a5AZCfvfmJknkIJ2El0LA93Fx3USlK_sASByUpBP0b9b4RiHaaQd-FrqZDwCTZM2BLEXFfvRQ21HntoiDxvYOb1kh4s70wAeUYVNcMFdcsmN433K1ciWg0FtaI5ov7mMr9RzEvsCeh6DL-Aw2qX-VeXB7nQM5TXeI2gNN24rd7ak3CmWc4L0Si7oxvIvyDAIleJhq6vYlTOfao3aMqGZN3A8OHh_KKVgI30Zc7H1ZUcdDJdo5IHQNahklVV00WnAtRdRfwfvCPjW6vAQHResOMdP5kI5RBGoJhe-MkixM4NxtyDTcSz7PF-QchusYMBb_dpSIKqKWVbLM9eauxsvPKi983SAmdA3JrpnOYMfdTW7O9PlFn8wFueCTwfalzWYPOgjl4Ky7HP3p7IFSm5o6b0IrnejBuV6oBrzw3eoeodvsDhZE7rKxzRw0usBTThFQEQxMbB10l_K4hYNXWdjux_RPkSb9HWYEix9i2mYnoI9aBoMqNmmxFhfQjBiiqeW3N-PxrySXrEpZQxBuLnqdRFmmkwAiPu-CvcQPkSiNmHX8_2dao5BcPKvIW9FS5q7G2G_N2RKlFcPhY63QS_ax63rRF7G5mEvHpFDxDobdIFcCc9bkJRSCoTA5LFW275XflfOzq5SL89PT_f1-ixGPfT8xkhb70iiecVE3KhT-ChUVwGrtm6elaNUkfQZTpa21x0sRHNlEzJnLImZt3OtSlhy0aDpGsRVArJ2dZXDcyne8irfJI9qNHym-Wc6NdhZ9sLWS0qKie_2qhn6S924cBkbajKhjUM0f-UMLT2SrM8GnN0k-ymIgMTotwkoWJdfIQ-0LyCaEEyekS0h1SpZgZIrD20CbI0rqxuD4eHtg8d55MrJY2JSAG4lCk3v0HxbdMZ2KLaBOZB52NVuuYsy9ZygKBRsKPpH9RFjbXjhGhr006K4BxoBkk05wWtithK15GYVkHjiXV1pgFna5xgL9aR2bhblrrYh8UKLhBHU_weeOR9mzO78ovRhi3vhVhzDLb_TxyB1qBrDBhIjG0wRMXH1j30e9m2boasrS_qJBcgQIVVHxWfYw3q-VhGdyCJvcfrOXhyeyaVTZRZtdQBGw&sai=AMfl-YTIOofLHmMVIFUg3INiKvRMoKvesSaOy6jOi-X66lXfnPMEWjwwYkX8yZV2lFYH5qlODhnJ7zJjRl_oIjgMe6okSLxRK6lajuWqsSoByUV2iy2Xl2fkhbHY19_8bGdSOrdq2L7RFvuUax8Z7q9v77sdOfUnJjfxaH_yMCBL3R6N84ntCLaqplgWjRXzxgZBuivjc2bPflkg0LTBMVbb9iKmBRFWg2ap7mmFXZli0g&sig=Cg0ArKJSzPl2zPr5cjFbEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=216&cbvp=1&cstd=214&cisv=r20210428.06645&adurl=

Requested by

Host: rebelscum.com
URL: http://rebelscum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Fri, 30 Apr 2021 10:07:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 index.html Show response
s0.2mdn.net/10211492/1619696804644/ Frame 1205 92 KB
26 KB 8ms
7ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10211492/1619696804644/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdc9308f7909344395e0f537f44d71f5d88d3afdfc2a952b26d92f79b0559089

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /10211492/1619696804644/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 26625
date: Thu, 29 Apr 2021 20:41:27 GMT
expires: Fri, 30 Apr 2021 20:41:27 GMT
last-modified: Thu, 29 Apr 2021 11:46:44 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=86400
age: 48367
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0CE9 0
61 B 98ms
49ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssVL0nbBAurE_81TJpuV6DLIyUAPqLHJ9Qwpx0M20o2wCTm-HBhdXPVeRAw9mQNo5tea5RHk9ZbezlVcGSDeni6cZdi3QItX0kcvnZAh3Q5sCpBTLGtnFzzzhsQjCkY4xlDnso1gOfyyXzOKV7Nx7ZZXIQqVh3FbgoAW8Se3cVIaRt3ZF3NMMcuJzb2O0Z7eTJfGCHze0lEAqcIg2yCrucb_VfYQF2MT_ERXsAE5NAJ7bxgpe05D8kOA1UON-K0RKD3WD8IlSkOXNBFsIkgIiacEnFzq0JOdc1OamCZW0YTLExxRxKGQw8uUTeMQTIQpP_Z_-nc0IP-6BG4Rxjb2h3jL5_hPiowjJudjgo_TSEsKk4ElpPU5_ZP7z8kJ-4FBAH4KawzXxVDlrF6vwl6HCtA5_bYhQFfOX36xUs_ZZdRzM6mVnEdehDuJEs9iDagmT65wJMCIzPYwB1jTATfOU1lKdoofMKirkod6e6LbMqyKMEWhwE2IOE992Hh4YOXxkGd__GYhjs-QM42_iOnK_meA5ACSKt2hqWsAoz5V5me26HOSKWKoBkVs5G5ih0AhjEWH_BCKho36vTXpIhjO8cz2TXUk3mKtKXtO4ejJiYYCvZ9y8aKkyj4bjn1K3a6IQVKNhJQnS1CeigbYq8yJbrc-sKPV8hRXwcUMoq8IsIJr-wmpzfO6zawAVcMr87ErCsD1rO1biDrZ0pl98dQF0x9MGw1AddEYuANTkO81IXWuzNDrWTIQlLFPqkMm9bvbpjQkxGvzKpfqq6pK5iiomn9fmD_tdcRo5YpvrH3_LRViyP72WBOBR9rlpntNVLECGYX124lMQQQhtAEQ5uff9Lf8q7jRnY1x_ntG0iXgXzsI8ibJ2T-4pDogiu6iXeyCeTN79rBWOtX7rGmlEsoKHmdHvteY1hgF_sfWEbHG2Ezdt8XruwjRrZJNOyx13YupZPU81E3ReKvrb_1xe8tyyuo01gTiFpOmxh7ckWPEOCWgou5U6d93hoXONhGxTdig4Vw_DKaA8CUK2T2x4pMatss4REj-Td1k5qJCUIG3JpXO4fAbVLLsc7kQgy4yq8T2y2iJLlA4xeV7DoUApEcZY8NffUSvWS1HZil-x_tznU0D681NUdoUDVFkFvUrM9UvtvXO5f-rGb_Xz3Cixb62oBacxFDMRF4QYgk8cfZsYYT&sai=AMfl-YRMcJ0zGd86DJ-kB2PjdqH1CthCw_zgApcuoTwWAwf-UMqVzvJr-CQKY9U2mxlWUapcvshCWTYMP9XFiyF_HBikasSllPhVhRNczY1TbRJ7_l7bfI5CKDzaLnHIWJqAUr5VtmJcrZ4u3t9qIPuZTDSjfusp8RrtfIte2mqJDeeviPIC3wMLlY3ESM8lVO-ddlK1_aplP8KpWlbOh9F1dYqdalVN2EOB9V6QugKkFg&sig=Cg0ArKJSzFzFrEwTaZrlEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=219&cbvp=1&cstd=217&cisv=r20210428.79091&adurl=

Requested by

Host: rebelscum.com
URL: http://rebelscum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Fri, 30 Apr 2021 10:07:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 894E 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Fri, 30 Apr 2021 09:41:39 GMT
expires: Sat, 30 Apr 2022 09:41:39 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1555
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame B4D1 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Fri, 30 Apr 2021 09:41:39 GMT
expires: Sat, 30 Apr 2022 09:41:39 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1555
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 92CE 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Fri, 30 Apr 2021 09:41:39 GMT
expires: Sat, 30 Apr 2022 09:41:39 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1555
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 3663 22 KB
8 KB 9ms
7ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Fri, 30 Apr 2021 09:41:39 GMT
expires: Sat, 30 Apr 2022 09:41:39 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1555
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 index.html Show response
s0.2mdn.net/10176009/1601280469250/ Frame 0C36 6 KB
2 KB 7ms
6ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10176009/1601280469250/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc75151567d7b0bc412377fd411326b1270f039ba9d229cbf41bbc8d72c538fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /10176009/1601280469250/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 2323
date: Fri, 30 Apr 2021 09:00:37 GMT
expires: Sat, 01 May 2021 09:00:37 GMT
last-modified: Mon, 28 Sep 2020 08:07:49 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=86400
age: 4017
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame E26E 0
61 B 68ms
50ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstmsleVN7LnHQF4mIWfpATx7ow5KPy2yXVdEiZUDWJ_RbDpQhh-cLI0hUCXCHjG0zCyPPj-a4YNV5Qe-XuV6zeOx4flnQh-0l-dGxmx4qeKeVNhr7L6qPGOBa1RqIr919JKRLSwptvcHBVh2iODaOnhExugX73guMMK7z9SpN7lmOSv2tfqmyYeQeJEFsg-pN0spLPpv_UadRUyj3FT3P3ysbfUgeki9FWN7w9Fs5mLUsZD6b_-IX86JNHGojcbacK0lJUg79jd4J_xMve2tQ6SHlnnnbi7xDhaeahUj-cZuLDzTETgi6s_FSaH4w2ZwWRxNmP6XwF8SKw-glEII0tZnoZ39K6DoNZYofp2L-yzZPWS-zchQl7ff_YzXmR5gF2fUkCeUYui32cxjM_Tf2nTLdakatdH4PwAJ5o4LH52D2MZ-qYEYRA6eaD_zxEcqhVG5eOT_rfOPG1VLvqpxsj8ZbHCuyISIcoYBfz1pPxDvhUshbOhT8-AZjAjmabDFhs7m1AjP18y-hmHPoNtixnNStN7tgNf8EUa0ji_-s142feK07NxST6SAN_bn81sFRMrj2n-ym7scPXCwDwGeECHjmX0di0JaI2cmNjwW27JR52AzfxNUzUGsI6RBctve8Fm_7qQchfZdYBz7twatiCaxEhMXdifYKSugVk8TiiGovHuW3CI6HncN7H7zpoonydPF7Pa2ietrdx4kCI2vQNM_w_5ynMFR34HJuK9jHtiLc-7It89QSNRQEg2nqsfonWkEL32G9CMDrFlJ3FhgDRb9d_MvtFqOi2qltW68e-FwBsp2lx_ZyWDWf0eR04EWS156KuqkvDAycDv1gJDmf3krhxWK4H70l2FhPZv249kgT9BRI_zXi6Ki8LmI0ei35rdj59w6SRWl0KzkE_owh7LMVEZ-o51xeyG_JKR0espL_cB4cUdVyNg_zzGlsTlfIDGXq0BGl05halmymGxxn7kC16Nq0OberiaZuJvTba5-e0o5FHVujUhUADBT-knHDpcmsFQ6tMHCjX8D3j0TAUGrvewHF2JSYdhyXGEiRG6w2vgWAXntpfkRcGMLUWkiIUW-nBGdk5gfiBp5Zis_Bf0MBVx9w2g06Pa8a3SUZM3SEA5p4Mqh9N9fteWUnGlfGbouurOlekVP0qMlWGpUvvUPuFusHjbq-rs_8TfOTuylEuEVso&sai=AMfl-YRLWwRgLgx01mKAL28OwlV7YiUddshf7Gh--t7X12NuD-6sodJkilfwd4vBZMNMaBz5EvHtFP85D-0r4cwwG2g9JExTtUK_t7YavoCpAUlFPKg2vGWD-mq7yMnQsYkehORjemBEfPkW6mc_AeeMXnxeAAIFr8w2ZMIiaC034qFNeQC6oij0PBjsSJA-kEQy8gXQTOcrdtE6_kxey6m378cIXWt2x1wG2PClM3joLA&sig=Cg0ArKJSzKgdem-i2hzXEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=246&cbvp=1&cstd=245&cisv=r20210428.66594&adurl=

Requested by

Host: rebelscum.com
URL: http://rebelscum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Fri, 30 Apr 2021 10:07:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 gsap_3.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 079F 54 KB
22 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696784694/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8154aa9057e3367d9d3e4bb1f85db9645c01fc0690091aadc57dbae849ba3499

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696784694/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:07:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22005
x-xss-protection: 0
last-modified: Mon, 11 Nov 2019 18:08:13 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Apr 2021 10:07:34 GMT

GET
H3-29 200 DcmEnabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 079F 28 KB
10 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696784694/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696784694/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 18:54:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54777
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10285
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:53 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Apr 2021 18:54:37 GMT

GET
H3-29 200 gsap_3.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame BFA1 54 KB
22 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696795972/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8154aa9057e3367d9d3e4bb1f85db9645c01fc0690091aadc57dbae849ba3499

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696795972/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:07:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22005
x-xss-protection: 0
last-modified: Mon, 11 Nov 2019 18:08:13 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Apr 2021 10:07:34 GMT

GET
H3-29 200 DcmEnabler_01_245.js Show response
s0.2mdn.net/879366/ Frame BFA1 28 KB
10 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696795972/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696795972/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 18:54:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54777
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10285
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:53 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Apr 2021 18:54:37 GMT

GET
H3-29 200 gsap_3.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 1205 54 KB
22 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696804644/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8154aa9057e3367d9d3e4bb1f85db9645c01fc0690091aadc57dbae849ba3499

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696804644/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:07:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22005
x-xss-protection: 0
last-modified: Mon, 11 Nov 2019 18:08:13 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Apr 2021 10:07:34 GMT

GET
H3-29 200 DcmEnabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 1205 28 KB
10 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696804644/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696804644/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 18:54:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54777
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10285
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:53 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Apr 2021 18:54:37 GMT

GET
H3-29 200 V1lNzVGDXdksv1u627CI7W0-mHZYzGGGZdNtnF4LgGE.js Show response
pagead2.googlesyndication.com/bg/ Frame 6CD7 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/V1lNzVGDXdksv1u627CI7W0-mHZYzGGGZdNtnF4LgGE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

57594dcd51835dd92cbf5bbadbb088ed6d3e987658cc618665d36d9c5e0b8061

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 09:28:57 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 22 Apr 2021 15:58:00 GMT
server: sffe
age: 2317
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5617
x-xss-protection: 0
expires: Sat, 30 Apr 2022 09:28:57 GMT

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame 0C36 236 KB
63 KB 57ms
24ms Script
text/javascript 2a02:26f0:6c00::210:ba1a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/10176009/1601280469250/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:07:34 GMT
content-encoding: gzip
server: Apache
cache-control: max-age=900
vary: Accept-Encoding
content-type: text/javascript
x-n: S
accept-ranges: bytes
expires: Fri, 30 Apr 2021 10:22:34 GMT

GET
H3-29 200 index.js Show response
s0.2mdn.net/10176009/1601280469250/ Frame 0C36 62 KB
18 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10176009/1601280469250/index.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10176009/1601280469250/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

315f712260e5719c3b5df3a1aa8b3faa57a17f20eb0c368ff284cfe212fd1759

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10176009/1601280469250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 09:00:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4017
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18502
x-xss-protection: 0
last-modified: Mon, 28 Sep 2020 08:07:49 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Sat, 01 May 2021 09:00:37 GMT

GET
H3-29 200 V1lNzVGDXdksv1u627CI7W0-mHZYzGGGZdNtnF4LgGE.js Show response
pagead2.googlesyndication.com/bg/ Frame 894E 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/V1lNzVGDXdksv1u627CI7W0-mHZYzGGGZdNtnF4LgGE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

57594dcd51835dd92cbf5bbadbb088ed6d3e987658cc618665d36d9c5e0b8061

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 09:28:57 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 22 Apr 2021 15:58:00 GMT
server: sffe
age: 2317
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5617
x-xss-protection: 0
expires: Sat, 30 Apr 2022 09:28:57 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame E666 0
23 B 106ms
67ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: rebelscum.com
URL: http://rebelscum.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Fri, 30 Apr 2021 10:07:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3068 0
23 B 78ms
42ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: rebelscum.com
URL: http://rebelscum.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Fri, 30 Apr 2021 10:07:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 V1lNzVGDXdksv1u627CI7W0-mHZYzGGGZdNtnF4LgGE.js Show response
pagead2.googlesyndication.com/bg/ Frame B4D1 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/V1lNzVGDXdksv1u627CI7W0-mHZYzGGGZdNtnF4LgGE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

57594dcd51835dd92cbf5bbadbb088ed6d3e987658cc618665d36d9c5e0b8061

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 09:28:57 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 22 Apr 2021 15:58:00 GMT
server: sffe
age: 2317
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5617
x-xss-protection: 0
expires: Sat, 30 Apr 2022 09:28:57 GMT

GET
H3-29 200 V1lNzVGDXdksv1u627CI7W0-mHZYzGGGZdNtnF4LgGE.js Show response
pagead2.googlesyndication.com/bg/ Frame 92CE 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/V1lNzVGDXdksv1u627CI7W0-mHZYzGGGZdNtnF4LgGE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

57594dcd51835dd92cbf5bbadbb088ed6d3e987658cc618665d36d9c5e0b8061

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 09:28:57 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 22 Apr 2021 15:58:00 GMT
server: sffe
age: 2317
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5617
x-xss-protection: 0
expires: Sat, 30 Apr 2022 09:28:57 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0CE9 0
23 B 83ms
67ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: rebelscum.com
URL: http://rebelscum.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Fri, 30 Apr 2021 10:07:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 V1lNzVGDXdksv1u627CI7W0-mHZYzGGGZdNtnF4LgGE.js Show response
pagead2.googlesyndication.com/bg/ Frame 3663 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/V1lNzVGDXdksv1u627CI7W0-mHZYzGGGZdNtnF4LgGE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

57594dcd51835dd92cbf5bbadbb088ed6d3e987658cc618665d36d9c5e0b8061

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 09:28:57 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 22 Apr 2021 15:58:00 GMT
server: sffe
age: 2317
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5617
x-xss-protection: 0
expires: Sat, 30 Apr 2022 09:28:57 GMT

GET
H3-29 200 art_300x600_adventurerally_back.jpg
s0.2mdn.net/10176009/1601280469250/images/ Frame 0C36 84 KB
84 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10176009/1601280469250/images/art_300x600_adventurerally_back.jpg

Requested by

Host: cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
URL: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e43b30bb707877e5cf76d6422b5d9c8183a517aeb7eaa720cff5b70d7557c103

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10176009/1601280469250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 11:27:21 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 2020 08:07:49 GMT
server: sffe
age: 81613
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 85656
x-xss-protection: 0
expires: Fri, 30 Apr 2021 11:27:21 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame E26E 0
23 B 43ms
42ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: rebelscum.com
URL: http://rebelscum.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Fri, 30 Apr 2021 10:07:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 rating.svg
s0.2mdn.net/10211492/1619696784694/ Frame 079F 2 KB
1 KB 10ms
6ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696784694/rating.svg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b2133c3d795dfd916366f2d9b453294b13004e69500233e3312a6ef11439319

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696784694/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 06:17:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13829
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1111
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 11:46:24 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Sat, 01 May 2021 06:17:05 GMT

GET
H3-29 200 logo.png
s0.2mdn.net/10211492/1619696784694/ Frame 079F 7 KB
7 KB 11ms
6ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696784694/logo.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b026d3d85efaf45349385859da875d7a9b073b40ba5bb6c6d8a15b78b00098b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696784694/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 15:19:08 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:25 GMT
server: sffe
age: 67706
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7525
x-xss-protection: 0
expires: Fri, 30 Apr 2021 15:19:08 GMT

GET
H3-29 200 ctaOL.png
s0.2mdn.net/10211492/1619696784694/ Frame 079F 6 KB
6 KB 12ms
7ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696784694/ctaOL.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa3c1681c76eb1f5046439a3a58b6618ca05b772000d93f1c19960cf4e816ad0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696784694/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 15:19:08 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:24 GMT
server: sffe
age: 67706
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6335
x-xss-protection: 0
expires: Fri, 30 Apr 2021 15:19:08 GMT

GET
H3-29 200 ctaBG.png
s0.2mdn.net/10211492/1619696784694/ Frame 079F 7 KB
7 KB 14ms
9ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696784694/ctaBG.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

84f502ef9ef9ac92bc06bf9efc7c452ac6f91418511c98b3caa7388b47918dd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696784694/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 15:19:08 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:24 GMT
server: sffe
age: 67706
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7055
x-xss-protection: 0
expires: Fri, 30 Apr 2021 15:19:08 GMT

GET
H3-29 200 ember.png
s0.2mdn.net/10211492/1619696784694/ Frame 079F 2 KB
2 KB 13ms
8ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696784694/ember.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5cc234b79f64c861f7a4ac216a308f527caf3c33375f6ca5cca53c61705b2151

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696784694/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 15:19:08 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:24 GMT
server: sffe
age: 67706
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1555
x-xss-protection: 0
expires: Fri, 30 Apr 2021 15:19:08 GMT

GET
H3-29 200 FG.png
s0.2mdn.net/10211492/1619696784694/ Frame 079F 35 KB
36 KB 12ms
8ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696784694/FG.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

13bbf4d4e5146db602717775be36f1bae512795b8ae49da5125d34bb498eff91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696784694/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 15:19:08 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:24 GMT
server: sffe
age: 67706
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36345
x-xss-protection: 0
expires: Fri, 30 Apr 2021 15:19:08 GMT

GET
H3-29 200 MG.png
s0.2mdn.net/10211492/1619696784694/ Frame 079F 28 KB
28 KB 15ms
11ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696784694/MG.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9ffef5ec1cfdbd63ad82deb56733ede493347bcc398b0d32684c3c94722a13b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696784694/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 15:19:08 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:24 GMT
server: sffe
age: 67706
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29136
x-xss-protection: 0
expires: Fri, 30 Apr 2021 15:19:08 GMT

GET
H3-29 200 particleIMG.png
s0.2mdn.net/10211492/1619696784694/ Frame 079F 2 KB
2 KB 17ms
13ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696784694/particleIMG.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d6af86899c5c45b612dbf70b2e30072af79f6c11d32dd5488a3eede17eed504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696784694/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 15:19:08 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:24 GMT
server: sffe
age: 67706
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2000
x-xss-protection: 0
expires: Fri, 30 Apr 2021 15:19:08 GMT

GET
H3-29 200 BG.jpg
s0.2mdn.net/10211492/1619696784694/ Frame 079F 8 KB
8 KB 15ms
11ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696784694/BG.jpg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

657dc24f429a0fb93699bb9b9d3ae2ddd3b1ef280de83173791f709f6990fea6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696784694/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 15:19:08 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:24 GMT
server: sffe
age: 67706
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8279
x-xss-protection: 0
expires: Fri, 30 Apr 2021 15:19:08 GMT

GET
H3-29 200 rating.svg
s0.2mdn.net/10211492/1619696795972/ Frame BFA1 2 KB
1 KB 13ms
10ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696795972/rating.svg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b2133c3d795dfd916366f2d9b453294b13004e69500233e3312a6ef11439319

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696795972/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 16:52:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62080
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1111
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 11:46:36 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Fri, 30 Apr 2021 16:52:54 GMT

GET
H3-29 200 ember.png
s0.2mdn.net/10211492/1619696795972/ Frame BFA1 2 KB
2 KB 12ms
10ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696795972/ember.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5cc234b79f64c861f7a4ac216a308f527caf3c33375f6ca5cca53c61705b2151

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696795972/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 06:17:07 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:36 GMT
server: sffe
age: 13827
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1555
x-xss-protection: 0
expires: Sat, 01 May 2021 06:17:07 GMT

GET
H3-29 200 ctaOL.png
s0.2mdn.net/10211492/1619696795972/ Frame BFA1 8 KB
8 KB 12ms
10ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696795972/ctaOL.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b253362a2de6b1bd900a6d65a5d14c4dcdbba06db749161b5481a44a99269b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696795972/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 16:52:54 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:36 GMT
server: sffe
age: 62080
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7755
x-xss-protection: 0
expires: Fri, 30 Apr 2021 16:52:54 GMT

GET
H3-29 200 ctaBG.png
s0.2mdn.net/10211492/1619696795972/ Frame BFA1 9 KB
9 KB 12ms
9ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696795972/ctaBG.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0f5b8c126e9bf3de4cbdc29912fe9a9789b4b47f61d0a33dcac69c83af8517e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696795972/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 16:52:54 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:36 GMT
server: sffe
age: 62080
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8828
x-xss-protection: 0
expires: Fri, 30 Apr 2021 16:52:54 GMT

GET
H3-29 200 FG.png
s0.2mdn.net/10211492/1619696795972/ Frame BFA1 91 KB
91 KB 15ms
13ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696795972/FG.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4d8ffb7cad3897a7bb52ff25a0578861537ead7dc0630ff59c63cdf68b7666a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696795972/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 16:52:54 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:36 GMT
server: sffe
age: 62080
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 93299
x-xss-protection: 0
expires: Fri, 30 Apr 2021 16:52:54 GMT

GET
H3-29 200 particleIMG.png
s0.2mdn.net/10211492/1619696795972/ Frame BFA1 2 KB
2 KB 11ms
9ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696795972/particleIMG.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d6af86899c5c45b612dbf70b2e30072af79f6c11d32dd5488a3eede17eed504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696795972/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 16:52:54 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:36 GMT
server: sffe
age: 62080
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2000
x-xss-protection: 0
expires: Fri, 30 Apr 2021 16:52:54 GMT

GET
H3-29 200 BG.jpg
s0.2mdn.net/10211492/1619696795972/ Frame BFA1 11 KB
11 KB 15ms
13ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696795972/BG.jpg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8e4cae96af21a14e156d00c8853976ebfa707f9a041d82a78013a044ef25877

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696795972/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 16:52:54 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:36 GMT
server: sffe
age: 62080
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11353
x-xss-protection: 0
expires: Fri, 30 Apr 2021 16:52:54 GMT

GET
H3-29 200 rating.svg
s0.2mdn.net/10211492/1619696804644/ Frame 1205 2 KB
1 KB 9ms
6ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696804644/rating.svg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b2133c3d795dfd916366f2d9b453294b13004e69500233e3312a6ef11439319

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696804644/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 20:41:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 48367
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1111
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 11:46:44 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Fri, 30 Apr 2021 20:41:27 GMT

GET
H3-29 200 logo.png
s0.2mdn.net/10211492/1619696804644/ Frame 1205 13 KB
13 KB 10ms
8ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696804644/logo.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5bfd5fa103d2441926e9903604ce53df9e1b36b59cf1006d81c93a5a96d0ee44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696804644/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 20:41:27 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:45 GMT
server: sffe
age: 48367
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13180
x-xss-protection: 0
expires: Fri, 30 Apr 2021 20:41:27 GMT

GET
H3-29 200 ctaOL.png
s0.2mdn.net/10211492/1619696804644/ Frame 1205 8 KB
8 KB 11ms
9ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696804644/ctaOL.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3806f534986edbd9283d7cd60142ddbff7c3b4eb61a802bd263866038719b24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696804644/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 20:41:27 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:44 GMT
server: sffe
age: 48367
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8234
x-xss-protection: 0
expires: Fri, 30 Apr 2021 20:41:27 GMT

GET
H3-29 200 ctaBG.png
s0.2mdn.net/10211492/1619696804644/ Frame 1205 9 KB
9 KB 10ms
8ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696804644/ctaBG.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a99e4b370eea97e2e839a380a35aa0e0b795b718e3d27b1c30313e41d474d21

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696804644/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 06:17:06 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:44 GMT
server: sffe
age: 13828
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9352
x-xss-protection: 0
expires: Sat, 01 May 2021 06:17:06 GMT

GET
H3-29 200 ember.png
s0.2mdn.net/10211492/1619696804644/ Frame 1205 2 KB
2 KB 12ms
9ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696804644/ember.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5cc234b79f64c861f7a4ac216a308f527caf3c33375f6ca5cca53c61705b2151

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696804644/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 20:41:27 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:44 GMT
server: sffe
age: 48367
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1555
x-xss-protection: 0
expires: Fri, 30 Apr 2021 20:41:27 GMT

GET
H3-29 200 FG.png
s0.2mdn.net/10211492/1619696804644/ Frame 1205 19 KB
19 KB 11ms
9ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696804644/FG.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ad135ecc73acdbffe57fd3276aff46118987a60c527a7413b7bcd06e84b0955

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696804644/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 20:41:27 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:45 GMT
server: sffe
age: 48367
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19596
x-xss-protection: 0
expires: Fri, 30 Apr 2021 20:41:27 GMT

GET
H3-29 200 particleIMG.png
s0.2mdn.net/10211492/1619696804644/ Frame 1205 2 KB
2 KB 11ms
9ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696804644/particleIMG.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d6af86899c5c45b612dbf70b2e30072af79f6c11d32dd5488a3eede17eed504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696804644/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 20:41:27 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:45 GMT
server: sffe
age: 48367
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2000
x-xss-protection: 0
expires: Fri, 30 Apr 2021 20:41:27 GMT

GET
H3-29 200 BG.jpg
s0.2mdn.net/10211492/1619696804644/ Frame 1205 22 KB
22 KB 11ms
10ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696804644/BG.jpg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4685c540a16b5cc696c43c75687bdb145330a91d6d03260c5d3822057906fca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696804644/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 20:41:27 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:44 GMT
server: sffe
age: 48367
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22359
x-xss-protection: 0
expires: Fri, 30 Apr 2021 20:41:27 GMT

GET
DATA 200
OK truncated
/ Frame 079F 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3-29 200 ctaOL.png
s0.2mdn.net/10211492/1619696784694/ Frame 079F 6 KB
6 KB 6ms
5ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696784694/ctaOL.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696784694/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa3c1681c76eb1f5046439a3a58b6618ca05b772000d93f1c19960cf4e816ad0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696784694/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 15:19:08 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:24 GMT
server: sffe
age: 67706
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6335
x-xss-protection: 0
expires: Fri, 30 Apr 2021 15:19:08 GMT

GET
DATA 200
OK truncated
/ Frame BFA1 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3-29 200 ctaBG.png
s0.2mdn.net/10211492/1619696795972/ Frame BFA1 9 KB
9 KB 6ms
6ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696795972/ctaBG.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696795972/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0f5b8c126e9bf3de4cbdc29912fe9a9789b4b47f61d0a33dcac69c83af8517e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696795972/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 16:52:54 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:36 GMT
server: sffe
age: 62080
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8828
x-xss-protection: 0
expires: Fri, 30 Apr 2021 16:52:54 GMT

GET
H3-29 200 ctaOL.png
s0.2mdn.net/10211492/1619696795972/ Frame BFA1 8 KB
8 KB 6ms
6ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696795972/ctaOL.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696795972/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b253362a2de6b1bd900a6d65a5d14c4dcdbba06db749161b5481a44a99269b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696795972/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 16:52:54 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:36 GMT
server: sffe
age: 62080
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7755
x-xss-protection: 0
expires: Fri, 30 Apr 2021 16:52:54 GMT

GET
H3-29 200 BG.jpg
s0.2mdn.net/10211492/1619696784694/ Frame 079F 8 KB
8 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696784694/BG.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696784694/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

657dc24f429a0fb93699bb9b9d3ae2ddd3b1ef280de83173791f709f6990fea6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696784694/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 15:19:08 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:24 GMT
server: sffe
age: 67706
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8279
x-xss-protection: 0
expires: Fri, 30 Apr 2021 15:19:08 GMT

GET
H3-29 200 MG.png
s0.2mdn.net/10211492/1619696784694/ Frame 079F 28 KB
28 KB 7ms
6ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696784694/MG.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696784694/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9ffef5ec1cfdbd63ad82deb56733ede493347bcc398b0d32684c3c94722a13b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696784694/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 15:19:08 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:24 GMT
server: sffe
age: 67706
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29136
x-xss-protection: 0
expires: Fri, 30 Apr 2021 15:19:08 GMT

GET
H3-29 200 FG.png
s0.2mdn.net/10211492/1619696784694/ Frame 079F 35 KB
36 KB 9ms
8ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696784694/FG.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696784694/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

13bbf4d4e5146db602717775be36f1bae512795b8ae49da5125d34bb498eff91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696784694/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 15:19:08 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:24 GMT
server: sffe
age: 67706
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36345
x-xss-protection: 0
expires: Fri, 30 Apr 2021 15:19:08 GMT

GET
H3-29 200 ctaBG.png
s0.2mdn.net/10211492/1619696784694/ Frame 079F 7 KB
7 KB 9ms
8ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696784694/ctaBG.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696784694/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

84f502ef9ef9ac92bc06bf9efc7c452ac6f91418511c98b3caa7388b47918dd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696784694/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 15:19:08 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:24 GMT
server: sffe
age: 67706
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7055
x-xss-protection: 0
expires: Fri, 30 Apr 2021 15:19:08 GMT

GET
H3-29 200 logo.png
s0.2mdn.net/10211492/1619696784694/ Frame 079F 7 KB
7 KB 9ms
8ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696784694/logo.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696784694/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b026d3d85efaf45349385859da875d7a9b073b40ba5bb6c6d8a15b78b00098b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696784694/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 15:19:08 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:25 GMT
server: sffe
age: 67706
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7525
x-xss-protection: 0
expires: Fri, 30 Apr 2021 15:19:08 GMT

GET
H3-29 200 rating.svg
s0.2mdn.net/10211492/1619696784694/ Frame 079F 2 KB
1 KB 9ms
8ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696784694/rating.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696784694/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b2133c3d795dfd916366f2d9b453294b13004e69500233e3312a6ef11439319

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696784694/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 06:17:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13829
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1111
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 11:46:24 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Sat, 01 May 2021 06:17:05 GMT

GET
H3-29 200 art_300x600_adventurerally_dust.png
s0.2mdn.net/10176009/1601280469250/images/ Frame 0C36 3 KB
3 KB 8ms
8ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10176009/1601280469250/images/art_300x600_adventurerally_dust.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd38adee1283622f0fd3a31cb6bf57ced66215eb62ac0fe9adc2852cee38dfc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10176009/1601280469250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 11:27:21 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 2020 08:07:49 GMT
server: sffe
age: 81613
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2696
x-xss-protection: 0
expires: Fri, 30 Apr 2021 11:27:21 GMT

GET
DATA 200
OK truncated
/ Frame 1205 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3-29 200 ctaOL.png
s0.2mdn.net/10211492/1619696804644/ Frame 1205 8 KB
8 KB 7ms
6ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696804644/ctaOL.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696804644/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3806f534986edbd9283d7cd60142ddbff7c3b4eb61a802bd263866038719b24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696804644/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 20:41:27 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:44 GMT
server: sffe
age: 48367
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8234
x-xss-protection: 0
expires: Fri, 30 Apr 2021 20:41:27 GMT

GET
H3-29 200 logo.png
s0.2mdn.net/10211492/1619696804644/ Frame 1205 13 KB
13 KB 7ms
6ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696804644/logo.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696804644/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5bfd5fa103d2441926e9903604ce53df9e1b36b59cf1006d81c93a5a96d0ee44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696804644/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 20:41:27 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:45 GMT
server: sffe
age: 48367
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13180
x-xss-protection: 0
expires: Fri, 30 Apr 2021 20:41:27 GMT

GET
H3-29 200 BG.jpg
s0.2mdn.net/10211492/1619696795972/ Frame BFA1 11 KB
11 KB 6ms
5ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696795972/BG.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696795972/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8e4cae96af21a14e156d00c8853976ebfa707f9a041d82a78013a044ef25877

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696795972/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 16:52:54 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:36 GMT
server: sffe
age: 62080
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11353
x-xss-protection: 0
expires: Fri, 30 Apr 2021 16:52:54 GMT

GET
H3-29 200 FG.png
s0.2mdn.net/10211492/1619696804644/ Frame 1205 19 KB
19 KB 6ms
6ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696804644/FG.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696804644/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ad135ecc73acdbffe57fd3276aff46118987a60c527a7413b7bcd06e84b0955

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696804644/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 20:41:27 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:45 GMT
server: sffe
age: 48367
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19596
x-xss-protection: 0
expires: Fri, 30 Apr 2021 20:41:27 GMT

GET
H3-29 200 BG.jpg
s0.2mdn.net/10211492/1619696804644/ Frame 1205 22 KB
22 KB 6ms
6ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696804644/BG.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696804644/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4685c540a16b5cc696c43c75687bdb145330a91d6d03260c5d3822057906fca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696804644/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 20:41:27 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:44 GMT
server: sffe
age: 48367
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22359
x-xss-protection: 0
expires: Fri, 30 Apr 2021 20:41:27 GMT

GET
H3-29 200 ctaBG.png
s0.2mdn.net/10211492/1619696804644/ Frame 1205 9 KB
9 KB 7ms
6ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696804644/ctaBG.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696804644/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a99e4b370eea97e2e839a380a35aa0e0b795b718e3d27b1c30313e41d474d21

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696804644/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 06:17:06 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:44 GMT
server: sffe
age: 13828
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9352
x-xss-protection: 0
expires: Sat, 01 May 2021 06:17:06 GMT

GET
H3-29 200 rating.svg
s0.2mdn.net/10211492/1619696804644/ Frame 1205 2 KB
1 KB 7ms
7ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696804644/rating.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696804644/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b2133c3d795dfd916366f2d9b453294b13004e69500233e3312a6ef11439319

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696804644/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 20:41:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 48367
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1111
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 11:46:44 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Fri, 30 Apr 2021 20:41:27 GMT

GET
H3-29 200 FG.png
s0.2mdn.net/10211492/1619696795972/ Frame BFA1 91 KB
91 KB 7ms
6ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696795972/FG.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696795972/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4d8ffb7cad3897a7bb52ff25a0578861537ead7dc0630ff59c63cdf68b7666a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696795972/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 16:52:54 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:36 GMT
server: sffe
age: 62080
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 93299
x-xss-protection: 0
expires: Fri, 30 Apr 2021 16:52:54 GMT

GET
H3-29 200 ctaBG.png
s0.2mdn.net/10211492/1619696795972/ Frame BFA1 9 KB
9 KB 8ms
7ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696795972/ctaBG.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696795972/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0f5b8c126e9bf3de4cbdc29912fe9a9789b4b47f61d0a33dcac69c83af8517e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696795972/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 16:52:54 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:36 GMT
server: sffe
age: 62080
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8828
x-xss-protection: 0
expires: Fri, 30 Apr 2021 16:52:54 GMT

GET
H3-29 200 ctaOL.png
s0.2mdn.net/10211492/1619696795972/ Frame BFA1 8 KB
8 KB 9ms
8ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696795972/ctaOL.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696795972/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b253362a2de6b1bd900a6d65a5d14c4dcdbba06db749161b5481a44a99269b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696795972/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 16:52:54 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 11:46:36 GMT
server: sffe
age: 62080
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7755
x-xss-protection: 0
expires: Fri, 30 Apr 2021 16:52:54 GMT

GET
H3-29 200 rating.svg
s0.2mdn.net/10211492/1619696795972/ Frame BFA1 2 KB
1 KB 9ms
8ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10211492/1619696795972/rating.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10211492/1619696795972/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b2133c3d795dfd916366f2d9b453294b13004e69500233e3312a6ef11439319

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10211492/1619696795972/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 16:52:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62080
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1111
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 11:46:36 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Fri, 30 Apr 2021 16:52:54 GMT

GET
H3-29 200 art_300x600_adventurerally_line.png
s0.2mdn.net/10176009/1601280469250/images/ Frame 0C36 477 B
504 B 9ms
9ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10176009/1601280469250/images/art_300x600_adventurerally_line.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

84590757a0497bc71d73acea960c9f0fc3c2a6cc6330cf0e46ba22181f03d6a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10176009/1601280469250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 11:27:21 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 2020 08:07:49 GMT
server: sffe
age: 81613
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 477
x-xss-protection: 0
expires: Fri, 30 Apr 2021 11:27:21 GMT

GET
H3-29 200 CTA.png
s0.2mdn.net/10176009/1601280469250/images/ Frame 0C36 462 B
489 B 7ms
6ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10176009/1601280469250/images/CTA.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c703b11ab43c75334bc63e731caf0c560c487ac5c742f940a84ba84f17ceeef2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10176009/1601280469250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 09:45:32 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 2020 08:07:49 GMT
server: sffe
age: 1323
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 462
x-xss-protection: 0
expires: Sat, 01 May 2021 09:45:32 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0CE9 42 B
64 B 54ms
40ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssBf6awJezRoG0cj6O0ts-4wnLck554k9jt7w8gjMRip4lqVzBMMVSuhT-8WeUCQsW6_oseCIDympg6WufZhe9-MIsKIocporLGX83N4-Ggo5-4S1yDsMTIu-XOUw&sai=AMfl-YSBDA_56_dGAVgRv84P3u_rWYfr4Igq52uwWiqF5FdIT58bVkpCVS9FlHzUkzKjzCnx-D_ReXPmoVMo0GVHqQFR4DTVggZk5nKk2e_d-SuOV6Stb5s1XqfMslRsvfU_&sig=Cg0ArKJSzPBeq91tToYTEAE&cid=CAASPeRomiMyiicHT1qjF-d3-DrGPShitRKvAkYyuZIVVG8TsXEJF2y8kXCe879nGiXUEPa9vtU0P9qW-buLr88&id=lidar2&mcvt=1063&p=172,279,262,1007&mtos=1063,1063,1063,1063,1063&tos=1063,0,0,0,0&v=20210428&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=134564259&rs=4&met=ce&la=0&cr=0&osd=1&vs=4&rst=1619777253801&dlt=20&rpt=324&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E666 42 B
64 B 47ms
47ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvNDzvWGSvdcjOtspSGREElCNXyXqyhA_lp1eClO73_Q-3xtu_zPG6QwapumJ8HJVxYF2D9dWwHE7Gx2a2z2hgZeKMZVh9To0ZS_R01bDs-_Hp986-La31_X9KPXg&sai=AMfl-YRFdAQrC5uB4gTHQ_nPLrTfOtjHAAI6iIQdu84_pm53py7n2G8xdYueEysKV_lXfyxMHfBKhkmT6kkRWtsx3P8PhZGC4KP0UNU41koeZE6hkJQWOyalNsH0V09GnBle&sig=Cg0ArKJSzJlcMRlDPnc6EAE&cid=CAASPeRoLCyC183I4KKqQ39YSzr2W8WG_cVmLzYANoRCd_axnDmI389cWaIgMLtXPosOrz1rOQyfWg84aYy9tC4&id=lidar2&mcvt=1070&p=524,400,564,441&mtos=1070,1070,1070,1070,1070&tos=1070,0,0,0,0&v=20210428&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2198091605&rs=4&met=ie&la=0&cr=0&osd=1&vs=4&rst=1619777253803&dlt=16&rpt=310&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 TXT.png
s0.2mdn.net/10176009/1601280469250/images/ Frame 0C36 10 KB
10 KB 6ms
6ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10176009/1601280469250/images/TXT.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a682b8399a48dec94664684fbfdda12c9bfbe16a4ebb988593dfb50baf65864d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10176009/1601280469250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 09:45:32 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 2020 08:07:49 GMT
server: sffe
age: 1323
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9821
x-xss-protection: 0
expires: Sat, 01 May 2021 09:45:32 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3068 42 B
64 B 43ms
42ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvhIv7JFtmxl2pv8FgoXYoiuW5UfS3VkseJeG9agFKzxU9SY43N5rkl9MrT7Blp05-t5N3BmXfRcxWWbWrMSfTOLy9mr91iLY0GwofgWYsXg8M8aR8cX3SFJLBgBw&sai=AMfl-YQuiflbSS4VfR0bsYLaTxm96qaCnpC8lo1rvFPkfYKJVBa0N7yzyE_xp5l4PPzR-ZEC4a43aTqnpEJ34h4n8KAJdl2MpxtM33z60PB4dfZ_qkGcXm4W2Xsw8dM_FUQj&sig=Cg0ArKJSzMbccoWTM5ExEAE&cid=CAASPeRosZN-5GEnPr9X7oqbQBZ75WMKBD9EAW1o-E9iIP4ky_jC9ADsnf-N2Xc1sh2AoIwmH0zGNK3eM3pG2vQ&id=lidar2&mcvt=1057&p=268,1278,308,1319&mtos=1057,1057,1057,1057,1057&tos=1057,0,0,0,0&v=20210428&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=376301205&rs=4&met=ie&la=0&cr=0&osd=1&vs=4&rst=1619777253803&dlt=14&rpt=317&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sync Show response
pre.ads.justpremium.com/v/1.0/t/ Frame B177 4 KB
4 KB 37ms
36ms Document
text/html 3.124.9.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pre.ads.justpremium.com/v/1.0/t/sync?
Requested by: Host: us.ads.justpremium.com
URL: http://us.ads.justpremium.com/adserve/js.php?zone=111507
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.9.99 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-9-99.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 4169e05d35751f5774cd34fee8e3b6f092c6c4377088276a60c2b6bd60e4088e

Request headers

:method: GET
:authority: pre.ads.justpremium.com
:scheme: https
:path: /v/1.0/t/sync?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://rebelscum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://rebelscum.com/

Response headers

date: Fri, 30 Apr 2021 10:07:35 GMT
content-type: text/html; charset=utf-8
cache-control: public, no-cache, no-store, must-revalidate

GET
H2 200 / Show response
us.ads.justpremium.com/adserve/client/ 15 KB
2 KB 127ms
126ms XHR
application/json 3.124.9.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://us.ads.justpremium.com/adserve/client/?zone=111507&debug=1&ru=http%3A%2F%2Frebelscum.com%2F&sw=1600&sh=1200&ww=1600&wh=1200&ui=r-602fe072-f6d1-473a-ba50-5c3f56eb2d4e-13818-421158999&tt=1619777255243&rid=r-ce1e7b9e-d853-44af-a573-b760b622cae0-13818-421119405&eu=1&cs=
Requested by: Host: us.ads.justpremium.com
URL: http://us.ads.justpremium.com/adserve/js.php?zone=111507
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.9.99 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-9-99.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: c75104bb71e4cf87a59d713b217801885b92935b1c8870c70283f10df16a6f33

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: http://rebelscum.com
date: Fri, 30 Apr 2021 10:07:35 GMT
cache-control: public, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
content-type: application/json

GET
H2

200

web-vitals.umd.js Show response
unpkg.com/web-vitals@1.1.1/dist/
Redirect Chain

https://unpkg.com/web-vitals
https://unpkg.com/web-vitals@1.1.1
https://unpkg.com/web-vitals@1.1.1/dist/web-vitals.umd.js

4 KB
2 KB

13ms
13ms

Script
application/javascript

2606:4700::6810:7aaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/web-vitals@1.1.1/dist/web-vitals.umd.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c5e6c7274105cf173a95a2610a07c20b05c766f91dbaa665d8ca4eb7bd78e8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 10:07:35 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 196450
fly-request-id: 01F4B8KNV08N7TBR9G8FAZP5D8
content-encoding: br
vary: Accept-Encoding
cf-request-id: 09c3d8907200002bd6f3233000000001
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"1061-Lg/hc9+R+8jAR7NYymzfENgFcZM"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 647ff6c71db02bd6-FRA

Redirect headers

date: Fri, 30 Apr 2021 10:07:35 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 613292
vary: Accept, Accept-Encoding
cf-request-id: 09c3d8904100002bd6c601d000000001
fly-request-id: 01F3YV2NRM0YW2MCZK9P2JBYK2
server: cloudflare
location: /web-vitals@1.1.1/dist/web-vitals.umd.js
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 647ff6c6cd052bd6-FRA

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021042701&jk=1086839181719248&bg=!fX6lfjrNAAZLnZBaS507ACkAdvg8Wh84hmwNe9LwNGKvyMp3Dx3bC6Q0NlEyDURH7l012VfAO3tZJQIAAAM6UgAAAKZoAQcKATVvGz_yIBdT61ANzXlTe5GY4mAfuBSVNxnwtRS3ZrLSfN-Id4ququHq_Zc37UEfUCbe6Nrv3A2uCW7XeTUQlGz8kW2as_KGDXE243wVozMM7hNKrw9wHjOEo-WIEgo53Is_mmRG38sR9nG4lyDmYYINdb0jbAph2MmPQLMFycfWfhLeYbb5oJn4RWsLad1GlQ3OTGM4JfPawNf8tFI4gMrbmRk0OmkfRqTo2FBzpF_eAFMM7m_d4hvpNjXcM8mBjcf-y-e71CtFm41cuI8jQKbL6Np7XhfaPa0oZu_qZXZUe30ftRiRk8YoUEBaecEjjHi7eFyI1txVwF045G4TNHJxagTgdI4E4mPVN_xAWtnvd1K9BSJEckJxO1gtUC4mQ9pEdg6UshU4CM4BmauTZjH8aGD-MWyZAhFR7cDELM3RGH93jWeERyPAVIt9yNZh-N7ys-lfi26_XlGJclv7q24fvjKAjbwDSNugfWIW6WchnKzdmcEcJuRmzAgwfT8XKJbpw2s89Eu5Q8PjueZ1q0eXCVr5Chhw1_Uc1vxPVvuOGPyvLtQ2vyRKtQq_U_fiMxEGu6M2BtRDAxFb60PUAibwAlHjN1Hk-m-y8CJCLI6ZkrZmtiYdEdp9YqUtcSuqOF0xhofC5h6jfASmlxaWJ-CpMQbAIO0wj5H9Bs8IToWAxpZvjNF3gdLoL_8doci7XrumLBIikCT29ulVKoAfBkG0QQb6tssUW1Igh74J3nfd8sEV4h5oBTtfOBlKLBPCzWFShmInH2I1OXs1MI67Y2TqTNTrUs3pRC0r2H_EW7hClJd_KXl21k3IQtBwYwzkyaZX_FWnQvAXpefwbgbX1f8Pjghy39Y-hyeXDhe0qk3tK9H3869XaqM5UeTrijEXMfeRCK2N2sxG4ZFmcEWHLFYGo2549LeP11T0MHZ3wc4gSn4EQdqtqLtJOrKfwhX-bqoXDlezFv9AE7Sj6tZFCnXChbozEKD71h6FvhyMJhg_d1dl1FJbWpemJWeAri2Q7vOPr9wRtNoRDnvyV0CUCeXYNMhsPJ1GuuXYyaMb2FGhkN-j8qQj4tnceReHD2Ete45dHsr6bzjSvSQGLlW5XgG00KvHz8m7roEh

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 894E 0
20 B 40ms
40ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BlayS5daLYKKuNJGz3gOqso2YCAAAAAA4AeAEAg&bg=!fH-lfzvNAAZLnZBaS507ACkAdvg8Wo31ZS0ghyltQb41yQnVg_rDIdLbFVehTyrGqf0HHVpia-0LgwIAAANDUgAAAJxoAQcKAFO0dJb-22iyV11DfRot51LOaS7EbJBI2iXFUj3qo1OiLrxc6PxVl8Lzxudadi02QPjWORuuvCFM0fjkBaz5E4J7XTql26jneS8llhT3dRJS6XdscpkCbdp1fklh6y5f6pw_T1tRGyyeb4nUw3t6rMX_-xgxuel9DFz3W0suiJy4xCOeJVIS0o3YoSgTuzT2nHOoYg1c7FkWauospjNKNZPkBPf1NhRrWguy5u4blmo9PAtWfSry57IlDCZkFAKAqIUVHtsi_XVJf6ajrR77gabsQRKwoBtIFi9OLehNiWjPXTpljqovRW0obIhlmzc0EZnaUsfUQJaK9_EnqNnMwKDSvLPZFU9tngMMkMCE1E3SE5c-897u2mLcsDzgNPtFZ15JgpvhvZszpOJrXnaRMuGgEkps6yIqYcKdvpvGZbWMGIgqNorq4S6bQqHLfZPomHrKltkmp8PIDP-Tawx0h84jEU1SqtDIT7ylyVVhAFUEmS9H8HV5Rzt_3aRhSQuOEeqyM2gdKymi1h-IAkEqU6A1oi6FSBEmNcx1_wZLaTM6IKPjnsRinETXvdErQLDQ2yVkUjP47RFEgLYOJLELfE4z7RVQH4tQHTiAkgd7-KJVk4mdMp9CN55g-Zvj5YpBcOmM3ESyD5VJNbN1bsjV2S08EPzaKdFRTp2Lch-vjzn-49EQI4oQRE0q7GZMztJMpBdn3IOtqInx8VFHrdalkLYcPsHhvM8UOYfgQzwQWtsaRN_blw6sHYOInc0UhnghZxjAeFv5vWEeuBf1JAWa_uSjxrYTN2v5MbHbzj9CmsU5htqrVTzO942q9SZFFDYpoewPe9AeLEUsl5IZ0WgmmbuSpOJQk67v8zRBQUY8xc3lcMKqlqGHQN5ul0qyXp4ZdBUhoUuBMAyKJ8xP8YZIuu6v8SO6axtSw4DmS7JTa6wAUXSj8g

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 92CE 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BT8sa5daLYJDtM_OslQeEha2YAwAAAAA4AeAEAg&bg=!8fKl8rbNAAZLnZBaS507ACkAdvg8WuwgNH2mlHt3N0pAufFNeV5dE-B6g4-buqsZ2J662DXuJN2UqwIAAAO5UgAAAFpoAQcKASzEPswt-OywI5gBQEsXBpDPanZsYO0tZU90I_RwcptbdlsVBXYamhAqPM9QMkvjI4tjI5GkdNUZQ1CpzyGqSSn9uF7aTMCX2gyh7V-HDLOp22OW0zPw02_jUXgHZMW_a3riRZFjGRtpKQd0o4zeJkdDqCdDvHK8-UzAL3NC_BXjL3IcIkAQGcL3Q6AUuw3FXA2DbcZcJnh-QGHFIZiB2JvfRr2iFmAEBq4YqycnxZmEqaWzqD_ILsJ7pjmcnbD8J4N9ni4gRaACrOusI3IT5O0GRcLOKTGgqnCBmFu1hViCgJpYTclX1QMMVJIvZCAWuuK_LJsBgHGwlMNWSKLo9nnVBe8jAfk4lGjyNXhkJjC-yRXdCLLHeFeWRxLdmpjMKyJhH3VBshvF66oRkT-ZAmqTu6MMCvQY1hxnL-zg_wYdpOgk_qQIdQ4_2HUdTIppfNRXUjrZ9m84boaq-sKdIWi3K8KXmYvRI5V4nt68DljRYkJsLVZY01YuoNjWqRPqpGEBSaXlJRRCKbeYKxwDlB2oPwgI0WSGGFTaeVDW6On3KuSI6qyJRSu6fVyuVFOPXgP0JYltuZifQ0g5F-nvJ0bx1NadblB_mhhqXFnp8WHMUcEZaRyOyyDRU8RTBimOYkgemh6czAGaPwRrArdixGmH75sO2zYhJfk4w0UjXviPpSjWzdOEFwSH2rINniXQDTaRwal1XVY5e8ABy7SI3okBifCnDQzrM1n1DuGR8gObilZpn8ahQjG1MpXfzQkAZEciOgSCBje7jqhzLtfNpoEBuwm1_XBe9oh0CFi9hBa4NJpyw1SlbVTwQBWKNoEslSh-xcGXkqbLri7aourw4gnvCg7sLCbQ5sFL2_noSZyPlZfHUQ2mlaJbfO_p2NQxEhPCPbmwEwWxxKZIkY36NB82men_d6Fe5zc6SRTijfH_etH6_jlpjgHFmlukjMQeLY30b4_JakIp_AuE_hF-VFXKfSOUtpkGXy_h180jubx6LbapIBGuNn93Cs2iqvCpXxYF0heiv8FrX9pTaGLj3O6SDDfUm8dIOo1eW87fFKS9lttfiXXXNKsQDxTernm_3BU0KFNpXt-0c4P9lqiYhS1vLIej1al6Gf9YIE3mwFgs0xnnsdzM2Q7gimiejXX_M9VZdneUIv1HcaJmVy9XW9bzMpJTig6x6T8tASZzQPbMnXsz-zXK68qvy-n9PSk53efxyC8UywU--n4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK tracking.gif
tracking.justpremium.com/ Frame 5959 43 B
332 B 29ms
29ms Image
image/gif 18.158.159.61
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://tracking.justpremium.com/tracking.gif?rid=r-ce1e7b9e-d853-44af-a573-b760b622cae0-13818-421119405&sid=r-f733e4b6-c9a1-455f-aae5-7c199408394f-87546-707887410&uid=&vr=v2.17.393&ru=http%3A%2F%2Frebelscum.com%2F&tt=1619777255604&siw=1042&sh=1200&sw=1600&wh=1200&ww=1600&an=2.3.1&vn=eu-central-1&sd=&_c=a6pa8zn1619777255604&et=&aid=413732,413732,413732,413732,413732,439178,439178,439178,439178,439179,439179,439179,439179,439180,439180,439180,439180,439180,439181,439181,439181,439181,439181,439439,439439,439439,439439,439439,439439,421368,421368,421368,421368,421368&said=1057252,1057254,1057253,1057251,1192765,1173690,1173691,1173692,1173693,1173694,1173695,1173697,1173696,1173698,1173699,1173700,1173701,1195154,1173702,1173703,1173704,1173705,1195098,1174834,1174835,1174836,1174837,1174838,1195174,1134002,1093829,1093830,1093831,1143270&ei=22347399%2C430423%2C19900489%2C541193082%2C1192765%2C543897065%2C22443924%2C21028789%2C430429%2C543897066%2C22443925%2C430432%2C21028790%2C543897067%2C22443926%2C21028791%2C430436%2C1195154%2C543897068%2C22443927%2C21028792%2C430430%2C1195098%2C543897868%2C146753%2C22444623%2C21033772%2C430439%2C1195174%2C22406537%2C542319050%2C115840%2C20278754%2C430445&fc=wp,wp,wp,wp,wp,ca,ca,ca,ca,pd,pd,pd,pd,pa,pa,pa,pa,pa,sa,sa,sa,sa,sa,hv,hv,hv,hv,hv,hv,wv,wv,wv,wv,wv&sp=1,39,32,22,42,22,1,32,39,22,1,39,32,22,1,32,39,42,22,1,32,39,42,22,24,1,32,39,42,1,22,24,32,39&at=adserver&cid=&ist=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0&mg=&dl=&dlt=&ev=&vt=&zid=111507&dr=361&di=&pr=&cw=&ch=&nt=&st=&jp=%7B%22cls%22%3A%220.000%22%2C%22ph%22%3A5920%7D&ty=ex
Protocol: HTTP/1.1
Server: 18.158.159.61 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-159-61.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:35 GMT
Last-Modified: Wed, 24 Mar 2021 10:16:38 GMT
Server: nginx
ETag: "605b1186-2b"
Content-Type: image/gif
Cache-Control: public, no-cache, no-store, must-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43

POST
H2 200 / Show response
pre.ads.justpremium.com/v/1.0/t/singletag/ 2 B
212 B 196ms
196ms XHR
application/json 3.124.9.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pre.ads.justpremium.com/v/1.0/t/singletag/?i=1619777255608
Requested by: Host: cdn.justpremium.com
URL: http://cdn.justpremium.com/js/v2.17.393/jpx.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.9.99 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-9-99.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: http://rebelscum.com
date: Fri, 30 Apr 2021 10:07:35 GMT
cache-control: public, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
content-type: application/json

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B4D1 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bc8re5daLYNuXNZqO9u8PhPOKqAkAAAAAOAHgBAI&bg=!bW6lbirNAAZLnZBaS507ACkAdvg8Wt8Z9YH07S8JREx3DWN4VFwI6gVsMH0fzbyuf9Efn-l1ry-wmAIAAAQGUgAAAGFoAQcKAEztCJO6nLoSIVehM4wizK1cTod9LcqLv_fzSg-7vonKtzxzoK8z2c_SBfWn3N_ahjD5tr7NIDkafCv-akgNTe0HaPld_iveSOugXb8OmQJ1_rVVKfJ8MNIpixKV9004Avyd-cRoqW-f4kbaJ9q9s_ibBnWUdY6HCi1Y66N9YaG85mFTfK_xWGIE1H0H8BHDF4v7jVjeduaMLtb0ASEvP_sUiAYgeEatB5RzfizhVzdN6mT-hn6IgaLJVaakogeICky3SEXdCSNQCD_4vNJXfiZKDXi17DS97G91CT_ym7xe6OWKgASugi1S3ywb_OaXGcLiDc1WA6j7eDi1SSyi0FOWqwxfCs5Ha-QI5ZAoW8anylmq1uYgFDSVisDoQuKoqOIHCdjxGjibo7nDlhlPRgK3XhBHcfAezs7gF_evWBqlpQb5HVtNxW1iZiU9Nflvepjl0Wwj9n9NbMuWXVYNQHGmSbQ_z9laLfdoZQewBuZ1p_YXIq5F52BPEai01NRrQXrrzcR5omsW74_2_5w7UGhAK-AtaDLTvOAmRQM68NLuHJu_B5gV9klKKoj_if26VPKCQ3dKgG5Ub7y8_ZV81eTsKkzyWiPqxqfKTArP7hCnDqL2LuLNApv0OwNH0IXKc53kI95h2kvnZsfpTlhbZ4X0C0YzJarR6Df4pSqg5m6bwmwsVTX_dXgWdVJPudMgu-4JO_AIhv4bZIBeRItpzepmECeI0TIAtDtFYWRuNcjum8VXWdeGeYeF4pFIvLM5Zqc1z9XF6BstqKeGftOW2Ullw89rd88N-uAl5-_FudHIYd5pU--NRalf3nTRgv3w_NWfkv0MReSQlouZGqwHqY_sqDy_4K_ONOupFLwwiBW0oC2DJFC90xK2tOaE9GCnXHdK8x7G_xhh_QENzuH4_mep7_S0MxuLjuiMjvTO8neFrMNqLac

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3663 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BGCOf5daLYKXMNKLX7_UPyJCc0AcAAAAAOAHgBAI&bg=!pqWlpeHNAAZLnZBaS507ACkAdvg8WupTlFoFFzrVBieGEaF4bwPpABnI0647jylsxtLNfGIfOxfYOwIAAAPYUgAAAGJoAQcKAMtkr8g9B1xIytOApJ-gd163JRXOZchpXg3YMx-JIHWndR3Jxmt1N3C8n9OjAUlsLo_t09dqUXCa3mnRvn7zU7BGPMA_T2HMREWBhTSqIdRL-CZDbR9Pscn9kbztj15gBhju6E-mPeCabMrbnA2hH0vWNeSFZ4yyfWNC1aYwwKmL8tTbG9fgCnzrE8i3DjxqVpXJjHPWbZRWI-K3zQBLXtXfFliJWebjOtB-zuWbGV5CbFnx2ML0gHEgOPfTftrpeEWakEUDAeZQilngfJkCcmPgI_181lcLpcvj5d-EaQRAgNy-NaZdsmLRu0_JxYmISypS4_IG6GPCsOk98uqYDDMe_yOeTiEr-KVi-Wrv3W4VhU6rtfRQWwIOia7QBqEEBc4sigzlbJiWqifc3cFPDehZS6zxMcZwYXXeGLrVQb66hRXDOe_DEiAjW4pBHFOBM1U_-6DR7RRNjiqDplqDbEblo3gypEsYmf61scyb0cO7pKllZjN6xwj1lXOOJMXLwOPfhiPjz8-ckYcBKlpmovedLIJs6NTqc0j5ZJ91H9SIMEuVDN0ZtwUpQZsEXsp_scnW8RZaCN5BhucqOe3rjXMDkpFl350kzsOL0LF7j4ci6WHZ3xcREje8RjZjO8aG8AbZjyavs-6OFKkWeAPB_A6s4QhJ9LhEyTjXvgBZCMeG_lvakPETz5EbHwwstQYx6BCdLL1YST2JgmJLjT1H4tLKADTH6dcgZOP0NS2IWhkxZHf1g2wa_ua_GvSWN9fPuY9CdwOTSonEiSmFB0inmCs18g__m21k1PXk7ESdivycZTzjGszuuzr1Fcgpl48-o6LOMMFoZRC-zA5x9k8RqehU9q8Q4qmsqiEy08CYbPJv5kYac0jPFIwnUWGH94DvUHr_75mehq6Y98yN3Tk1sTKyxNctmWa5Sbde-CLRKo3YWvKOQ9W2o7UhaIJHdsOhczGBST5jHBtJHHghFpIlrgCf2IaZ9HtaMhQJvvOec96_6ESyjbAUMR79Oj1MZTsjYeaR2EPkv3D-CprgPDTWm9ojknwwPBJMhVV6ds7Q5nVBQLPQFApZSqWd319I9nIe26StDNADESnAzYCWFdVMnmxb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK tracking.gif
tracking.justpremium.com/ Frame 5959 43 B
332 B 29ms
29ms Image
image/gif 18.158.159.61
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://tracking.justpremium.com/tracking.gif?rid=r-ce1e7b9e-d853-44af-a573-b760b622cae0-13818-421119405&sid=r-f733e4b6-c9a1-455f-aae5-7c199408394f-87546-707887410&uid=&vr=v2.17.393&ru=http%3A%2F%2Frebelscum.com%2F&tt=1619777255698&siw=1042&sh=1200&sw=1600&wh=1200&ww=1600&an=2.3.1&vn=eu-central-1&sd=&_c=ag2mivd1619777255698&et=&aid=413732,413732,413732,413732,413732,439178,439178,439178,439178,439179,439179,439179,439179,439180,439180,439180,439180,439180,439181,439181,439181,439181,439181,439439,439439,439439,439439,439439,439439,421368,421368,421368,421368,421368&said=1057252,1057254,1057253,1057251,1192765,1173690,1173691,1173692,1173693,1173694,1173695,1173697,1173696,1173698,1173699,1173700,1173701,1195154,1173702,1173703,1173704,1173705,1195098,1174834,1174835,1174836,1174837,1174838,1195174,1134002,1093829,1093830,1093831,1143270&ei=22347399%2C430423%2C19900489%2C541193082%2C1192765%2C543897065%2C22443924%2C21028789%2C430429%2C543897066%2C22443925%2C430432%2C21028790%2C543897067%2C22443926%2C21028791%2C430436%2C1195154%2C543897068%2C22443927%2C21028792%2C430430%2C1195098%2C543897868%2C146753%2C22444623%2C21033772%2C430439%2C1195174%2C22406537%2C542319050%2C115840%2C20278754%2C430445&fc=wp,wp,wp,wp,wp,ca,ca,ca,ca,pd,pd,pd,pd,pa,pa,pa,pa,pa,sa,sa,sa,sa,sa,hv,hv,hv,hv,hv,hv,wv,wv,wv,wv,wv&sp=1,39,32,22,42,22,1,32,39,22,1,39,32,22,1,32,39,42,22,1,32,39,42,22,24,1,32,39,42,1,22,24,32,39&at=adserver&cid=&ist=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0&mg=&dl=&dlt=&ev=&vt=&zid=111507&dr=455&di=&pr=&cw=&ch=&nt=&st=&jp=%7B%22ph%22%3A5920%7D&ty=adr
Protocol: HTTP/1.1
Server: 18.158.159.61 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-159-61.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 10:07:35 GMT
Last-Modified: Wed, 24 Mar 2021 10:16:38 GMT
Server: nginx
ETag: "605b1186-2b"
Content-Type: image/gif
Cache-Control: public, no-cache, no-store, must-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43

POST
H2 200 / Show response
pre.ads.justpremium.com/v/1.0/t/singletag/ 2 B
212 B 283ms
282ms XHR
application/json 3.124.9.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pre.ads.justpremium.com/v/1.0/t/singletag/?i=1619777260956
Requested by: Host: cdn.justpremium.com
URL: http://cdn.justpremium.com/js/v2.17.393/jpx.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.9.99 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-9-99.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: http://rebelscum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: http://rebelscum.com
date: Fri, 30 Apr 2021 10:07:41 GMT
cache-control: public, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
content-type: application/json

GET
H2 200 dc_oe=ChMI0PPSvtyl8AIVc1blCh2EQgszEAAYACDTpMlHQhMI2MCnvtyl8AIVlhPgCh0q-wUn;met=1;&timestamp=1619777264365;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 3068 42 B
498 B 133ms
63ms Image
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI0PPSvtyl8AIVc1blCh2EQgszEAAYACDTpMlHQhMI2MCnvtyl8AIVlhPgCh0q-wUn;met=1;&timestamp=1619777264365;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMI5dLTvtyl8AIVouu7CB1ICAd6EAAYACDEjM5HQhMI1sCnvtyl8AIVlhPgCh0q-wUn;met=1;&timestamp=1619777264365;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 0CE9 42 B
107 B 133ms
63ms Image
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI5dLTvtyl8AIVouu7CB1ICAd6EAAYACDEjM5HQhMI1sCnvtyl8AIVlhPgCh0q-wUn;met=1;&timestamp=1619777264365;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMI4rTTvtyl8AIVkZl3Ch0qWQODEAAYACDg28dHQhMI18Cnvtyl8AIVlhPgCh0q-wUn;met=1;&timestamp=1619777264366;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame E666 42 B
107 B 135ms
65ms Image
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI4rTTvtyl8AIVkZl3Ch0qWQODEAAYACDg28dHQhMI18Cnvtyl8AIVlhPgCh0q-wUn;met=1;&timestamp=1619777264366;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIm57Uvtyl8AIVGof9Bx2EuQKVEAAYACDDzvlBQhMI2cCnvtyl8AIVlhPgCh0q-wUn;met=1;&timestamp=1619777264394;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame E26E 42 B
107 B 105ms
64ms Image
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIm57Uvtyl8AIVGof9Bx2EuQKVEAAYACDDzvlBQhMI2cCnvtyl8AIVlhPgCh0q-wUn;met=1;&timestamp=1619777264394;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Apr 2021 10:07:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

67 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.rebelscum.com/	1969-12-31 23:59:59	Name: ASPSESSIONIDQQBDBRBQ Value: HCBBIFNBOABCPOOIPOHDGEMD
rebelscum.com/	1970-01-19 17:56:38	Name: AdvallyUserLocation Value: AT,9
.rebelscum.com/	1970-01-19 17:56:17	Name: __utmt Value: 1
.rebelscum.com/	1970-01-19 22:19:05	Name: __utmz Value: 133095309.1619777253.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.rebelscum.com/	1969-12-31 23:59:59	Name: __utmc Value: 133095309
.rebelscum.com/	1970-01-19 17:56:19	Name: __utmb Value: 133095309.1.10.1619777253
.rebelscum.com/	1970-01-20 11:27:29	Name: __utma Value: 133095309.1493116209.1619777253.1619777253.1619777253.1
rebelscum.com/	1969-12-31 23:59:59	Name: ASPSESSIONIDQQBDBRBQ Value: JBBBIFNBANOBABNGFNMGEFKJ

116 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn.adligature.com/rs/prod/rules.js(Line 1) Message: Advally Wrapper v4.1.1
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Location: Starting
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Location: Doing API Lookup
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Executing 1 Queued Commands
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Page Label: Queuing device-category-22
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally GO
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally DOMContentLoaded pending...
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally DOMContentLoaded DONE!
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Page DOM is ready!
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Location: API Result Found: AT,9
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Location: Running saved callbacks: 0
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Location: Immediately executing Callback
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally advally._build().LocationCallback(): Started
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Page Label: Resolved device-category-22: desktop device_category
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally LazyLoader: Creating observer at 200% margin, original: 200
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Page: Injecting into #topmenu in position: first
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Content Injector: Executing 0 queued injections
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Units: Predefined Units: 0
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Units: Page contains 4 AdvallyTag units
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Units: New AdvallyTag #Top_Leaderboard
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Units: Setting Top_Leaderboard to fixed minimum height 90px
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Units: Created Top_Leaderboard
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Units: New AdvallyTag #SKY_SIDEBAR
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Units: Setting SKY_SIDEBAR to fixed minimum height 600px
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Units: Created SKY_SIDEBAR
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Units: New AdvallyTag #MPU_SIDEBAR_1
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Units: Max Width: 300px - Padding: 0px, 0px - Border: 0px, 0px
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Units: Available width in parent: 300px
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Units: Created MPU_SIDEBAR_1
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Units: New AdvallyTag #MPU_SIDEBAR_2
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Units: Max Width: 306px - Padding: 0px, 0px - Border: 0px, 0px
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Units: Available width in parent: 306px
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Units: Created MPU_SIDEBAR_2
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Page: Does DIV 'Top_Leaderboard' Exist? Yes
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Checking is-desktop-40
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Checking Label device-category-22
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Passed is-desktop-40
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Bidder: Unit rules for Prebid ready [object Object]
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Page: Does DIV 'SKY_SIDEBAR' Exist? Yes
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Checking is-desktop-40
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Checking Label device-category-22
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Passed is-desktop-40
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Checking is-desktop-40
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Checking Label device-category-22
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Passed is-desktop-40
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Bidder: Unit rules for Prebid ready [object Object]
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Page: Does DIV 'MPU_SIDEBAR_1' Exist? Yes
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Checking is-desktop-40
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Checking Label device-category-22
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Passed is-desktop-40
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Checking is-mobile-41
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Checking Label device-category-22
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Checking is-mobile-41
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Checking Label device-category-22
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Checking is-desktop-40
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Checking Label device-category-22
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Passed is-desktop-40
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Checking is-desktop-40
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Checking Label device-category-22
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Passed is-desktop-40
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Bidder: Unit rules for Prebid ready [object Object]
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Page: Does DIV 'MPU_SIDEBAR_2' Exist? Yes
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Checking is-desktop-40
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Checking Label device-category-22
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Site Segment: Passed is-desktop-40
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Bidder: Unit rules for Prebid ready [object Object]
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally SmartRefresh: Ready
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Debugger: Status of "AdvallyDebug": false
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Prebid: Enabled GDPR Consent Management
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Prebid: Configuring prebid
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Prebid: Settings passed to prebid [object Object]
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally SmartRefresh: Started
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally advally._displayCB(): Given 4 new units to load
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally advally._displayCB(): Loading 4 units lazily
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally LazyLoader: Observing Top_Leaderboard
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally LazyLoader: Observing SKY_SIDEBAR
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally LazyLoader: Observing MPU_SIDEBAR_1
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally LazyLoader: Observing MPU_SIDEBAR_2
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally LazyLoader: Intersection of 4
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally LazyLoader: Top_Leaderboard is near Viewport
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally LazyLoader: SKY_SIDEBAR is near Viewport
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally LazyLoader: MPU_SIDEBAR_1 is near Viewport
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally LazyLoader: MPU_SIDEBAR_2 is near Viewport
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally AdCall: Dispatching bids for: Top_Leaderboard, SKY_SIDEBAR, MPU_SIDEBAR_1, MPU_SIDEBAR_2
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Prebid: requestBids called Top_Leaderboard,SKY_SIDEBAR,MPU_SIDEBAR_1,MPU_SIDEBAR_2
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally AdCall: Prebid complete
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally AdCall: Refreshing GAM slots
console-api	log	URL: http://cdn.justpremium.com/js/v2.17.393/jpx.js(Line 1) Message: %c(00:01:666.43)%cJAdManager: version v2.17.393 initialized padding: 2px; background: rgba(0, 0, 0, 0.5); color: rgba(255, 255, 255, 1); padding: 2px; background: rgba( 0, 153, 204, 0.3); color: rgba( 0, 153, 204, 1);
console-api	log	URL: http://cdn.justpremium.com/js/v2.17.393/jpx.js(Line 1) Message: (http://cdn.justpremium.com/js/v2.17.393/jpx.js:1:212194)
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Units: Event "slotRenderEnded" on Top_Leaderboard
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Units: Event "slotRenderEnded" on SKY_SIDEBAR
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Units: Event "slotRenderEnded" on MPU_SIDEBAR_1
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Units: Event "slotRenderEnded" on MPU_SIDEBAR_2
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally AdCall: Timeout reached - Loading ads now
console-api	log	URL: https://s0.2mdn.net/10211492/1619696784694/index.html(Line 320) Message: handleDomContentLoaded
console-api	log	URL: https://s0.2mdn.net/10211492/1619696795972/index.html(Line 318) Message: handleDomContentLoaded
console-api	log	URL: https://s0.2mdn.net/10211492/1619696804644/index.html(Line 319) Message: handleDomContentLoaded
console-api	log	URL: https://s0.2mdn.net/10211492/1619696784694/index.html(Line 330) Message: handleWebComponentsReady
console-api	log	URL: https://s0.2mdn.net/10211492/1619696784694/index.html(Line 340) Message: handleAdInitialized
console-api	log	URL: https://s0.2mdn.net/10211492/1619696795972/index.html(Line 328) Message: handleWebComponentsReady
console-api	log	URL: https://s0.2mdn.net/10211492/1619696795972/index.html(Line 338) Message: handleAdInitialized
console-api	log	URL: https://s0.2mdn.net/10211492/1619696804644/index.html(Line 329) Message: handleWebComponentsReady
console-api	log	URL: https://s0.2mdn.net/10211492/1619696804644/index.html(Line 339) Message: handleAdInitialized
console-api	log	URL: https://s0.2mdn.net/10211492/1619696784694/index.html(Line 159) Message: ready to present page
console-api	log	URL: https://s0.2mdn.net/10211492/1619696804644/index.html(Line 159) Message: ready to present page
console-api	log	URL: https://s0.2mdn.net/10211492/1619696795972/index.html(Line 159) Message: ready to present page
console-api	log	URL: https://s0.2mdn.net/10211492/1619696784694/index.html(Line 496) Message: images loaded, start ad
console-api	log	URL: https://s0.2mdn.net/10211492/1619696804644/index.html(Line 495) Message: images loaded, start ad
console-api	log	URL: https://s0.2mdn.net/10211492/1619696795972/index.html(Line 497) Message: images loaded, start ad
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Units: Event "impressionViewable" on SKY_SIDEBAR
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Units: Event "impressionViewable" on Top_Leaderboard
console-api	log	URL: https://cdn.adligature.com/rules.js/advally-4.1.1.js(Line 23) Message: Advally Units: Event "impressionViewable" on MPU_SIDEBAR_1
console-api	log	URL: http://cdn.justpremium.com/js/v2.17.393/jpx.js(Line 1) Message: %c(00:04:204.47)%cJQueue: No ad to run padding: 2px; background: rgba(0, 0, 0, 0.5); color: rgba(255, 255, 255, 1); padding: 2px; background: rgba( 0, 153, 204, 0.3); color: rgba( 0, 153, 204, 1);
console-api	log	URL: http://cdn.justpremium.com/js/v2.17.393/jpx.js(Line 1) Message: (http://cdn.justpremium.com/js/v2.17.393/jpx.js:1:50127)
console-api	log	URL: http://cdn.justpremium.com/js/v2.17.393/jpx.js(Line 1) Message: %c(00:09:526.41)%cJQueue: No ad to run padding: 2px; background: rgba(0, 0, 0, 0.5); color: rgba(255, 255, 255, 1); padding: 2px; background: rgba( 0, 153, 204, 0.3); color: rgba( 0, 153, 204, 1);
console-api	log	URL: http://cdn.justpremium.com/js/v2.17.393/jpx.js(Line 1) Message: (http://cdn.justpremium.com/js/v2.17.393/jpx.js:1:50127)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ade.googlesyndication.com
adservice.google.at
adservice.google.com
cdn.adligature.com
cdn.justpremium.com
cdnjs.cloudflare.com
cf422f7cf95cfe9dcbcd35b62e5eff08.safeframe.googlesyndication.com
cm.g.doubleclick.net
code.createjs.com
connect.facebook.net
dsum-sec.casalemedia.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
pagead2.googlesyndication.com
pre.ads.justpremium.com
pro.ip-api.com
rebelscum.com
s0.2mdn.net
securepubads.g.doubleclick.net
tpc.googlesyndication.com
tracking.justpremium.com
unpkg.com
us.ads.justpremium.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.rebelscum.com
104.156.250.80
13.224.193.39
142.250.185.194
142.250.186.162
142.250.186.66
172.217.16.130
18.158.159.61
2.18.234.21
2606:4700:3031::ac43:cab1
2606:4700::6810:125e
2606:4700::6810:7aaf
2a00:1450:4001:811::2006
2a00:1450:4001:812::2002
2a00:1450:4001:812::2004
2a00:1450:4001:827::2001
2a00:1450:4001:827::2002
2a00:1450:4001:828::2001
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:830::200e
2a02:26f0:6c00::210:ba1a
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.124.9.99
37.252.173.27
51.77.64.70
02038af3f655f46885996206a23943836d5ec2a106dc45878be0c295ef58b857
041b38cadafef1731935d904a727493a3a68bb12ef723b7ed5e1fcf75fd60750
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d6af86899c5c45b612dbf70b2e30072af79f6c11d32dd5488a3eede17eed504
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13bbf4d4e5146db602717775be36f1bae512795b8ae49da5125d34bb498eff91
165568a60ccfd2f174077e909c913ab1a9a232e302db1c6b50b7275a341a754d
17f8a72837106aa9bb5b6b702142835c22a0a5bffbb8996f58649e609ae3749a
1842d27ae2b2c18d1cb2cac7051368aaaa834085cf97e095b23661670879e3ba
18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb
1b4e4ff98116528683dee1bf5916708d81813fc3bff5f7fc789097c0bf2a65a2
1bdcde5969df6f57f5e1b16b2a7d422071c7cc3929bfd1f47c6cc98fb7ebb3e0
1d9d16bcd29b32b59e482383e254b0e16df4945c1d41a20934853353a28188f8
1f510b21533556df763d49d52c9b69e85d24bc78bc1144168597dbb1b449fe9e
2153bfd5d9e4c4a96b2e193d68e9a326dd0b568fe26df1b0805a7ca365e7a2f6
258467714b990f7336f9d25902acb907cdb0cc27261bb2645e862d547b2198da
27729d3a65238030c12c219eb88a0249563088d8063fc8cb96246d64a2e752fc
2898b915e0d25e937e9a772c72be75f6f2c2460343c716124e606b808c4bdd6e
28c059297991bf5351bba4d9a18ca205b006722ad7c28871291c0cd480acd2ee
2a74b8527952879d073560bfa205ca1c458b36c7c188de94044ca6bdd67150b6
2ad135ecc73acdbffe57fd3276aff46118987a60c527a7413b7bcd06e84b0955
2ca9e241922969ebee8b557e27c164591e208cc6b44e4e1bed559006a8f435e6
315f712260e5719c3b5df3a1aa8b3faa57a17f20eb0c368ff284cfe212fd1759
393cb508acc3effe6f0c14dd09496a48b3f5d1ec749243268bb020640e83ac75
3b253362a2de6b1bd900a6d65a5d14c4dcdbba06db749161b5481a44a99269b1
3e9b4ea5e439c4fa32c3ff2af4521ac999197a97600eeab8e3dcc6ed43834184
4169e05d35751f5774cd34fee8e3b6f092c6c4377088276a60c2b6bd60e4088e
42a5231261ae07794968a052e99facaf6c2f4d1d4b37a932525b07236365c60d
431a21c5d7f84abde0abb7814de27832b5dc9c2cd7edff76260ef41e973f5b9e
439ab67fa3c312bb442bed574ea79be834dbd92f3bd7d2288b6f3fce4d0afb0c
453caa8a4e7c62b20abe500571bf0fe5ed7ea6f2d6c494a5d5ec318c63eec0ff
456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4
4679ad6cd5721a39be373aff0e3539cc7b6d66b985bcb66d4b375f52e1b1ee91
4aac31009b03c4ac57baabc79a6134359837ddd079f402969c9353459206268b
4b026d3d85efaf45349385859da875d7a9b073b40ba5bb6c6d8a15b78b00098b
4b373d76db2878ff482a9b1a65111560310ca89d267cc43d46fddd1ce5439403
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5338f3cb3e2733c24d559b5c265245e2f5d33ee57b540baa0997df8e831f8495
57594dcd51835dd92cbf5bbadbb088ed6d3e987658cc618665d36d9c5e0b8061
5bfd5fa103d2441926e9903604ce53df9e1b36b59cf1006d81c93a5a96d0ee44
5c93fda3e16aa6a1cb5a3b643f576564c0b8e91a2cfabe54a42152e292ee5658
5cc234b79f64c861f7a4ac216a308f527caf3c33375f6ca5cca53c61705b2151
657dc24f429a0fb93699bb9b9d3ae2ddd3b1ef280de83173791f709f6990fea6
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6854c4e7d31f9501ddedc8ebf890bb029fab7d968a504fb2d324a8c037e4dc52
6a99e4b370eea97e2e839a380a35aa0e0b795b718e3d27b1c30313e41d474d21
6b2133c3d795dfd916366f2d9b453294b13004e69500233e3312a6ef11439319
6c5e6c7274105cf173a95a2610a07c20b05c766f91dbaa665d8ca4eb7bd78e8b
6e2b382d798fdad058ab0c7fd8efcd7e7eb7aae61e56c9ad5105f8ab4fb2593c
71d3cbad060831c5d25685a643d211e5b5da3abd4149c0acead41197775f3cda
7245bc102bb700aa253cc153564c23e3b06283694de4ccbbea3a1879b0dc2304
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
7663b57b20f1b9c59a7424b6e781f3d335a26decf13182609194cc27149a6dc3
78f13abe0833bee3658550941eeeac5bc62e1e16fa1aa1b624595593c37b7bb8
7a3ab8388e665a28e1528aede8a0ce31dba2d9653dac1362d6c5458365af172f
8154aa9057e3367d9d3e4bb1f85db9645c01fc0690091aadc57dbae849ba3499
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84590757a0497bc71d73acea960c9f0fc3c2a6cc6330cf0e46ba22181f03d6a0
84f502ef9ef9ac92bc06bf9efc7c452ac6f91418511c98b3caa7388b47918dd1
86d901e0a6ee217d1d01c25901304e01ab4f7a705b0542b8db7b69d79b1371b7
87a5b478b0ae921eb014499f444e7b150baac04f6ffb06d6f3a7d5b66d01c968
87db2cdba7ffeb72c22d15d6d89a2121181a0f743167db2d717182029b752764
8afc76752db2505a46809d85c99ade981967be459bb49cbac8fa408a8b62d081
90c9aedece0fa2103d1922ce78181d681729306be45d18b0e6d21fec19e1512a
913ba9c6f499eb2a48c6284c7a8d1d62a7369c404d8fc38824221a6818c50461
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
973dc29ddae88a5a064eda575754839f8486b0540c45c1c0328149767fb8aa6c
985859f8de08c975344385e2beb2075b3308ecc0226611e3e787ade5d883c250
98c1a89b4842b7324c43c2f6becac3431778be30764bcb4cd0aaf42a057e6b40
9e60eb2449c9b84596b0dc6843fbe6c742caed8999ce1142f9a4b7faf44bdae7
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0ed07cdccf293276355d35858b942e7615a3aef67d598add7dcbf1c6b537435
a3a6e816921e852de8d83dce290cf10a658b65df3e172c4ebb63904bcad03661
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a568210933597958e0bce2589bf17029dd221656429b4781fe0b1590b339a9b5
a682b8399a48dec94664684fbfdda12c9bfbe16a4ebb988593dfb50baf65864d
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7f4211fb51359de3e3c8b9e4ec93de11082429a3a0a959de8725678407abb5a
a9563e5d6f2ce33661b2d800cd6f79bcd2f32b83eb95db849700042ced49e96c
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
aa3c1681c76eb1f5046439a3a58b6618ca05b772000d93f1c19960cf4e816ad0
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ac462b7e2edb2f4614f9d1c0dac65ad68fbc67db07cb09a59afb1d9ba425c814
ad6ddae3b0bee6b6d4ac01839cf25f68f0805079a7762ba930b4093a24f5331e
af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674
b0f5b8c126e9bf3de4cbdc29912fe9a9789b4b47f61d0a33dcac69c83af8517e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b24ede867f218edec77160eefefdc7999758d2ad8d605f9bd126026304ebd311
bd21da47bc7158674cc565e6e77bc9b5b48a854a6d5be236ea84f655d93d07d7
bd38adee1283622f0fd3a31cb6bf57ced66215eb62ac0fe9adc2852cee38dfc2
bddea1985c717af31c09bad8ea0d16a391737286d10035b627fdc603e27133d1
c2ef93df138786baabfa6582b5266b17fc194100ec7cba3d70a55da87f109b71
c345cc68ba35ffa3252a80f00edd374ba46103aab9bbdce8f3cfe3b211f07263
c4685c540a16b5cc696c43c75687bdb145330a91d6d03260c5d3822057906fca
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c703b11ab43c75334bc63e731caf0c560c487ac5c742f940a84ba84f17ceeef2
c75104bb71e4cf87a59d713b217801885b92935b1c8870c70283f10df16a6f33
c76a6cc9369273b7e5f07285be49006b00775eefeefd725334e4235c4c29c9cf
cb3d6ed3ee87f90dd4521eac5417659e3589f11f29c2efd99f5aa6018ea2bb58
cc75151567d7b0bc412377fd411326b1270f039ba9d229cbf41bbc8d72c538fd
d5bcdf835acdc9da83e51b359b1dd348c814f6f72e769cfa98389cd34391eca1
d94910b9ee34d16facb975f24fa1f7b60de2af4049a5e5264ead646522082b23
dacf3e7ed7324d92588604cac83b5bd3352725a89188cff29c4194769e553ef5
daf89db8c169e827f6486e7c8f6332330526094c90438ab48cbd0acd4ca015f1
e3806f534986edbd9283d7cd60142ddbff7c3b4eb61a802bd263866038719b24
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e43b30bb707877e5cf76d6422b5d9c8183a517aeb7eaa720cff5b70d7557c103
e8e4cae96af21a14e156d00c8853976ebfa707f9a041d82a78013a044ef25877
e9f48c9fa45403f9f8119d28a73eea0691d0668e7f6d12fcf14042351b5b0382
e9ffef5ec1cfdbd63ad82deb56733ede493347bcc398b0d32684c3c94722a13b
ebdc0a6cf024c74b0c7255efd7d9072ef08c97ebdf4bff060464fb4a9de5c12a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0a26ac1372b140acbd917b34cbed7de161ca67fa9803ed9d25758e2f9a26bd6
f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df
f4d8ffb7cad3897a7bb52ff25a0578861537ead7dc0630ff59c63cdf68b7666a
f799114ad04d837e3f41c505a269dafaf09a50e1b2a09690776289d51d7d7060
f8425cfcb137778595ddfbd149589821be274befe06bbeabf991fada54ba4354
f883074bad2de014352ccc54acef718c2495bc0ed31e9f817597dd47833be513
fdc9308f7909344395e0f537f44d71f5d88d3afdfc2a952b26d92f79b0559089

rebelscum.com Open in urlscan Pro 104.156.250.80 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

228 Requests

80 %HTTPS

58 %IPv6

18 Domains

29 Subdomains

27 IPs

3 Countries

4175 kBTransfer

6946 kBSize

8 Cookies

46 Outgoing links

Redirected requests

228 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

rebelscum.com Open in urlscan Pro
104.156.250.80 Public Scan

Screenshot
Live screenshot

Full Image

228
Requests

80 %
HTTPS

58 %
IPv6

18
Domains

29
Subdomains

27
IPs

3
Countries

4175 kB
Transfer

6946 kB
Size

8
Cookies

228 HTTP transactions
7 data transactions