www.dfast.app Open in urlscan Pro
2606:4700:3031::ac43:ae83 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.dfast.app/doodle-magic-wizard-vs-slime/com-doodlemagic-android/
Submission: On December 19 via manual (December 19th 2023, 12:56:32 pm UTC) from RO — Scanned from DE

Summary HTTP 52 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 11 IPs in 3 countries across 8 domains to perform 52 HTTP transactions. The main IP is 2606:4700:3031::ac43:ae83, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.dfast.app.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 13th 2023. Valid for: a year.

This is the only time www.dfast.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	2606:4700:303... 2606:4700:3031::ac43:ae83	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
2	195.154.94.155 195.154.94.155	12876 (Online SAS) (Online SAS)
7	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2004	15169 (GOOGLE) (GOOGLE)
52	11

7 2606:4700:3031::ac43:ae83 (United States)

ASN13335 (CLOUDFLARENET, US)

www.dfast.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.pubxmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

i.git99.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

8fcadce6e183d693b0f59be427e7b8e9.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 195.154.94.155 (Ivry-sur-Seine, France)

ASN12876 (Online SAS, FR)
PTR: 195-154-94-155.rev.poneytelecom.eu

piwik.everzones.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	googlesyndication.com 8fcadce6e183d693b0f59be427e7b8e9.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 148 pagead2.googlesyndication.com — Cisco Umbrella Rank: 102	392 KB
13	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196	243 KB
7	dfast.app www.dfast.app	51 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 206	258 KB
2	everzones.com piwik.everzones.com — Cisco Umbrella Rank: 978428	64 KB
1	google.com www.google.com — Cisco Umbrella Rank: 2	1 KB
1	git99.com i.git99.com — Cisco Umbrella Rank: 271002	52 KB
1	pubxmedia.com cdn.pubxmedia.com	4 KB
52	8

	Domain	Requested by
15	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
13	securepubads.g.doubleclick.net	cdn.pubxmedia.com securepubads.g.doubleclick.net www.dfast.app www.googletagservices.com
7	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
7	www.dfast.app	www.dfast.app
4	www.googletagservices.com	securepubads.g.doubleclick.net
2	piwik.everzones.com	www.dfast.app
1	www.google.com	tpc.googlesyndication.com
1	8fcadce6e183d693b0f59be427e7b8e9.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	i.git99.com	www.dfast.app
1	cdn.pubxmedia.com	www.dfast.app
52	10

This site contains links to these domains. Also see Links.

Domain
www.pubxmedia.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-02-13` - `2024-02-12`	a year	crt.sh
pubxmedia.com GTS CA 1P5	`2023-12-10` - `2024-03-09`	3 months	crt.sh
git99.com E1	`2023-10-28` - `2024-01-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
piwik.everzones.com R3	`2023-11-01` - `2024-01-30`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh

This page contains 8 frames:

Primary Page: https://www.dfast.app/doodle-magic-wizard-vs-slime/com-doodlemagic-android/
Frame ID: 3B8DABB73935E73204760D8BE6688B75
Requests: 19 HTTP requests in this frame

Frame: https://8fcadce6e183d693b0f59be427e7b8e9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 7D5CFEFA740B1B4B7A63FC1E37028051
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsukC-6Ioqo25w8AA7THuPuZvdV3RoD7KRP6YBUP3J694naiiDg7EdlJVM40Yl7eDaBSp2KV-WCyCO7YGoZtkzo0-BZmzXaj0RpwhP00Y5C0kd8t-uJzOvn4Y0silgqt10E_9iq29r9oKJDrPWQelIKUqE3-NyI2S25uhGWvjgIfNtjFeZ4iJRpQCx-M1xQREWpNh5s1O_Zm2kQ_VNJ-WXNm46bfrWQOdURP6_d3UMrDxQICL0NDqpvSSLx5ADzM-LaaZNv-_UK92Iz5SuSQgSJ6QDGuujYmc2wPXG311izk-qH69-7u4CNt7EnWPtqGMflzmAOub9McQhDzpwjrBiOjRhZX4QJxjd5ChDoCePlz&sai=AMfl-YSHw0Y1gQZAFHrUv1kUa9MQEI6hho-g1Uo61UKlrBtAW2cl80X8hYnhkEbN1UHMoCXXaX3ixQULNEYBEf2Dgv5WHcHhDeoTaGKuPQx-DzbiWXI2vKJD1Z4ZFp-In9GUfF54xL0JZkk4rKOEbVl7Cc1H&sig=Cg0ArKJSzOiZKHIvyjUFEAE&uach_m=%5BUACH%5D&adurl=
Frame ID: 5A4752ED85D9DA8330591571A23AAA95
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvF5HNDIBcepRnRTIZGiaPKibSsDcZfh_Hmbjy3Ok4U-ldPoF5ETELZRsV7AmLDmZaldNrBkZyb-nY2Rn21G0N78BNfPCnQ7LihalPlV6GHLVM9uk6aU9qV6TrBI5HZsJTRfejZxfUQpHvMx5VMXwDo2v9R0RbApCRa1D_5xhkRnir9JkttNqmzRFzOLlgJfpEdvDwLAjqA6TwSOk2ZejFw1ZrXuvNhpNmqnCjarh7RsxtJdWwKFs3q3sxgUnTqBBsP8BWan7lEPtOTdHF4ql7LuXJKnlihhp9Hmlh86UrmdUjkjMCvz2gq0YmX_SyHEwIkDuL7TWBMI5zpDe5fVaAT7VFppSlMozcGZEVIj37j&sai=AMfl-YQwgm-xNFWSgKpPDju6d9XXQ1pdlm0mEMNhfqXyiSY5CHChGoV0UwVG5QcA6Hkel4Yh6OCvNGaMjlHra3GwBOUkIsFiQsKtfTNWIk0j4lE3I34U0wIrzR6IQmQ-DSxdKLuhSwk8f0YIM9Tw_vb2i4Yp&sig=Cg0ArKJSzCeuj3djfcB9EAE&uach_m=%5BUACH%5D&adurl=
Frame ID: D18F2DB78E73217CF8F9D6E438879503
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu8MpWDcNho8Zk4-KmGngWssLg6bN4FuaED3RwCZ34Yn0h-HTThDyYuFSby0O3hFpPpKp-tJdJPvS8ufv6xA67BXDo6Ym5KP7fdQwYR6HDdlCoFnuUs4nmve8z7JGgtibLsvwYzMVtOrn7UFAJP-zUcJR1sOE8LMEIk2aT6dxQ4f7NtxJXLxzNcPNubajwd2hjIBIsW7Juos59cOC2H10MqZfDmXfe-TWKaBJjmE8Hx-0uLVcdvKYmXbOj5i7FNaMaTjx93nSELQZc_4ktTypkU4t-3gNXhrAwMzic3j8JBJUZvqk_Eeztv4Vcwk0gEfrCKzU4GZQWErY72J7Q-McrQ3rlYxjKrMV45e-vi7FJr&sai=AMfl-YQ9RkMsxd2hFJ40eyRbancf4rH5wxWfvBHXryu8OXDurk2BXzVIkxBSePyDgpmLf4w4C9C8sCJHeXxtMCBtc-KgJtmff_gjwn2fqilypXzrBeU7Qf3p0sqbh71ozWeQHnkaUiSMrnjBQjC-p-uxenA&sig=Cg0ArKJSzK6MQ8Ble795EAE&uach_m=%5BUACH%5D&adurl=
Frame ID: 66BE4EB4EE0B16C7AF3308B47B345AEF
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstAG2WsHg0kFYt5Y4fg4uVsLlhShPwHHY_iSVE6R9Tmo2zlcFs5VQ__FsGNghD8KOHomFTkWq_mS-fkYDSA3WNZJu0_8OKOaitTPudOeBUOO8LvwdvEOs3i6Ds1TAXqER0rGKttOy643tVLDpyCJ0mwA3lWtWyRsfFvem5Wrnulyj_Z_sZpUHD7g_MJB_-qPjzGN7Y2E_seynvvBDkEvg2RpmwDD6yDypsAmD5hIBbRmuQJopDg39svojhcwGn6RbdjysD0B1dBt6NJ6b8z8k5QROO1CJ1ASgw9jDYtqZ9kjNeadNh25JEi8jKUHf2Xs1hewhmNHbrQ05lwuPivnQIvOu13f29cjoNyyb5wfDAT&sai=AMfl-YSiKYQNanaJwDzlA__5oAgA98_5d4q7ma55dfhut2kA8924QklCJToNgwHjFHFRtiGU_5NM9n-Q0WOZ_-fFspbGBVC_PjeTp_ELSuygViTm1kZD44WyH8-CTKX0FlHfv9KjTIYWCXJPP_st_sCSFkA&sig=Cg0ArKJSzFP1Xahg_MV0EAE&uach_m=%5BUACH%5D&adurl=
Frame ID: B6F747C3F3425DD321BE1B6C1B5CDC25
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: E8C80D8A854399A8CB2EE7739F754548
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E21649B9422B762B8B73492FB5EF3744
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Doodle Magic: Wizard vs Slime APK + Mod for Android.

Detected technologies

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Matomo Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

piwik\.js|piwik\.php

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

52
Requests

100 %
HTTPS

90 %
IPv6

8
Domains

10
Subdomains

11
IPs

3
Countries

1067 kB
Transfer

2388 kB
Size

5
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.pubxmedia.com/
Title: Ads by Pubxmedia

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

52 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.dfast.app/doodle-magic-wizard-vs-slime/com-doodlemagic-android/ 43 KB
8 KB 234ms
193ms Document
text/html 2606:4700:3031::ac43:ae83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfast.app/doodle-magic-wizard-vs-slime/com-doodlemagic-android/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:ae83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 49e165bb32350efc326d5b9892e85fabd0373e72cbfd36d7dc6f90253efff6aa

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 837fce402d635d81-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 19 Dec 2023 12:56:27 GMT
expires: Wed, 20 Dec 2023 12:55:00 GMT
last-modified: Tue, 19 Dec 2023 12:55:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hWNdMLz7QJxE%2FvTU8w%2BNcqU1mRHh7JaunNvpvRsfiI%2FegZzLsDb%2BqS%2Bgk6JD3rnK93cHAbxel8lPCa6yXovbBfVQz%2FiMDNxGv5oee%2F%2Bo5zJgyV4F1pczju9lU9T%2FB4hX0efX2A0OEsr2mMt2"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 script.js Show response
cdn.pubxmedia.com/library/dfast.app/ 13 KB
4 KB 332ms
30ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pubxmedia.com/library/dfast.app/script.js
Requested by: Host: www.dfast.app
URL: https://www.dfast.app/doodle-magic-wizard-vs-slime/com-doodlemagic-android/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b5284866e621fa11abac3887986e2eb3184f3eea25e44d83648735fd2c9f6b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 Dec 2023 22:11:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 368987
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7qfxBzZqEe1LQXBqb53EhWvBiCBMp7%2BtMMnHScz9zVfRwGg8Ipn2XZZpzihvnrTuVRMNE7aqEYKHhZyGlYoPmwLKbcxJ5oAT341mYNp6f3rYYbJEVoQVcvi3DCfx9BFQQfxKTWeMDQGMtBBImI3q9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 837fce434ce365c5-FRA
alt-svc: h3=":443"; ma=86400
expires: Fri, 22 Dec 2023 06:26:40 GMT

GET
H2 200 jsloader.php Show response
www.dfast.app/202202/ 92 KB
33 KB 113ms
113ms Script
text/html 2606:4700:3031::ac43:ae83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfast.app/202202/jsloader.php?f=jquery.js@pdt.js
Requested by: Host: www.dfast.app
URL: https://www.dfast.app/doodle-magic-wizard-vs-slime/com-doodlemagic-android/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:ae83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 395a6095909563e06ae59a25bb0f55cb2ae712f958135fe1e331eddeaa52a233

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/doodle-magic-wizard-vs-slime/com-doodlemagic-android/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: cache
date: Tue, 19 Dec 2023 12:56:27 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oQrBcSetqobju%2FrH%2FNcVWXmoUDh%2BhrZNk0Q9fOaUP0JUobYbefkwHikHUtS6eL8blfBO7Xurdd1y4lcEE%2BD4XkYVRx%2Bz2%2F%2B%2FA26%2BNik%2BSr%2BTfb%2F2ThIF656YBorfv%2BiR5qOd1Bvxejx1xK0N"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: max-age=2592000
cf-ray: 837fce416ee55d81-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 18 Jan 2024 12:55:00 GMT

GET
H3 200 logo.png
www.dfast.app/static/img/ 2 KB
3 KB 25ms
25ms Image
image/png 2606:4700:3031::ac43:ae83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dfast.app/static/img/logo.png
Requested by: Host: www.dfast.app
URL: https://www.dfast.app/doodle-magic-wizard-vs-slime/com-doodlemagic-android/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:ae83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0518a260577dab1000a29d6ae2258ba7fa225212946b5b8ae97145868bbe4656

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/doodle-magic-wizard-vs-slime/com-doodlemagic-android/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:27 GMT
cf-cache-status: HIT
last-modified: Wed, 12 Apr 2023 02:35:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4330
etag: "6436190e-843"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QYFkycUdz4LoLvcKHut23CXDz3DU4YL9W7nlbby9fOVro9owiu5jGSDFse%2Bwj%2F8X%2BrZ1jMI2HobMF5m3Wy0R7zNsDi6QjSRk5JfK2Xj4z4ksX%2FlxKdSzDmHh1twimUPVAr7ghkmFW1PslwLQ"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 837fce422c897740-AMS
alt-svc: h3=":443"; ma=86400
content-length: 2115

GET
H2 200 2727df081dade840e98ef2d11417bbee.jpg
i.git99.com/upload/android/icon/2023/11/20/ 52 KB
52 KB 69ms
22ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.git99.com/upload/android/icon/2023/11/20/2727df081dade840e98ef2d11417bbee.jpg
Requested by: Host: www.dfast.app
URL: https://www.dfast.app/doodle-magic-wizard-vs-slime/com-doodlemagic-android/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 47c832986f0d348b685ed35c746c178627260b09e51dc60b38a27d8df2b1a1bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:27 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 167642
alt-svc: h3=":443"; ma=86400
content-length: 52914
last-modified: Mon, 20 Nov 2023 10:41:38 GMT
server: cloudflare
etag: "655b37e2-ceb2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mfnYHTEVX%2FzxxVgI8FB8dQHqqP5Hnxei9R0eLz7rQNCAZCpGnDIl1MnlQyMAAhCAQkh1ELVy8DPlASHxIPlgf5bChpdg7YunBtjlM7YHv6w3ifSfnqx545iwBzXBtHIQwMNsjV7oQiDaFA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 837fce41aed2bbb5-FRA
expires: Tue, 16 Jan 2024 14:20:59 GMT

GET
H2 200 pdt.css
www.dfast.app/static/css/ 7 KB
2 KB 25ms
24ms Stylesheet
text/css 2606:4700:3031::ac43:ae83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dfast.app/static/css/pdt.css
Requested by: Host: www.dfast.app
URL: https://www.dfast.app/doodle-magic-wizard-vs-slime/com-doodlemagic-android/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:ae83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bcd168444c56b9a9c39da81349e32c58700ba5215fe530bbf06ceb23b2d67707

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/doodle-magic-wizard-vs-slime/com-doodlemagic-android/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Apr 2023 09:02:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4228
etag: W/"6435221d-1bb9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yvhBWGvpLlGkVpIKmnF1nDqJGCULaPekoJDqn205IsWNDEKVZTC8EZv8TxyU%2FQngbawxd8GN9f6wJxFhNJOeGu4kbePVUZcbdDetFQ9%2BhyxRDwNKllbVEX8%2BTZ5WWPH6HMOWKs3%2FFtjHnPPW"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 837fce416ed45d81-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 89 KB
29 KB 207ms
123ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.pubxmedia.com
URL: https://cdn.pubxmedia.com/library/dfast.app/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7011e276c8917fbd6415595e53ee0bb315c977614f3fc80054a6da45b93d2f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:27 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29108
x-xss-protection: 0
server: cafe
etag: 705 / 19710 / m202312060101 / config-hash: 17400476758908410755
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 19 Dec 2023 12:56:27 GMT

GET
H3 200 icons.png
www.dfast.app/static/img/ 3 KB
4 KB 26ms
26ms Image
image/png 2606:4700:3031::ac43:ae83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dfast.app/static/img/icons.png
Requested by: Host: www.dfast.app
URL: https://www.dfast.app/doodle-magic-wizard-vs-slime/com-doodlemagic-android/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:ae83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 78959ef34530838fecea05c99bcd669dff792199b4571470dfb9c9ef25c0dc6c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/doodle-magic-wizard-vs-slime/com-doodlemagic-android/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:27 GMT
cf-cache-status: HIT
last-modified: Wed, 12 Apr 2023 02:35:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 7063
etag: "6436190e-c3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w7lO0xjGx3yKmGJ%2FfzfLKWLoyj5xb71zpOpTUoZUNagUo6P2srsnliPWsW%2Fy7zSMmKN2l%2FGy0%2FEJ4VEbcNtSQ%2FO15Cue%2FhCnN4ODtD6oEoxPvzlobeUPiqcxZpelUcBZPFDjTxy5Fv5tI2Vx"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 837fce438e5f7740-AMS
alt-svc: h3=":443"; ma=86400
content-length: 3130

GET
H3 200 unit-rating.png
www.dfast.app/static/img/ 406 B
874 B 30ms
29ms Image
image/png 2606:4700:3031::ac43:ae83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dfast.app/static/img/unit-rating.png
Requested by: Host: www.dfast.app
URL: https://www.dfast.app/doodle-magic-wizard-vs-slime/com-doodlemagic-android/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:ae83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 045f6298d255bbddc51d92f99482edf7345e036d4b979bc36a66ddc21c53bf10

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/doodle-magic-wizard-vs-slime/com-doodlemagic-android/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:27 GMT
cf-cache-status: HIT
last-modified: Wed, 12 Apr 2023 02:35:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3079
etag: "6436190e-196"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z%2BkNUhrINvGs9fEwj8Z68UCFScbiBAcfnD9IQmvzedl18MPalEf1%2BD8y%2F1sGJ%2B2%2BfwkQ%2F9un%2FVHfDgNEUWHKYX4CCIq%2BJ2YbUv5X%2FQxoeSiXlN8URYkeRxUMB15IxmVs0BqirmpLNrVBURpY"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 837fce438e617740-AMS
alt-svc: h3=":443"; ma=86400
content-length: 406

GET
H3 200 current-rating.png
www.dfast.app/static/img/ 391 B
848 B 26ms
26ms Image
image/png 2606:4700:3031::ac43:ae83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dfast.app/static/img/current-rating.png
Requested by: Host: www.dfast.app
URL: https://www.dfast.app/doodle-magic-wizard-vs-slime/com-doodlemagic-android/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:ae83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21b2a821d845fde4a2dd5c8a2de58411d2517fd57acd4216a8bd18f8a9f5e7b3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/doodle-magic-wizard-vs-slime/com-doodlemagic-android/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:27 GMT
cf-cache-status: HIT
last-modified: Wed, 12 Apr 2023 02:36:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3079
etag: "64361911-187"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6h1ooMzUXum076iuQ%2B1RIRPDUL49KWB1XxeNIYDyW09o2JkbMsgyL8za4UI3HUuz87EYSOQAozQqX1kFKGRKZp9f0HOJbvqfujMV4vsE77LynBhZLDyzZqUWWgTRdpRO7j0NB45fKCFCIg0b"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 837fce438e637740-AMS
alt-svc: h3=":443"; ma=86400
content-length: 391

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/ 431 KB
135 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

108cdb682e1d256ba58174d96775ec12fe2e9515ffa2ca7edfff49343a4d97ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 08:19:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16629
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138180
x-xss-protection: 0
server: cafe
etag: 6854214708762155125
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 18 Dec 2024 08:19:18 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 137 KB
29 KB 99ms
99ms Fetch
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2978598643253188&correlator=515484033697352&eid=44807748%2C31080115&output=ldjh&gdfp_req=1&vrg=202312060101&ptt=17&impl=fifs&iu_parts=22387492205%3A22869266701%2Cdfast.app.Banner0.1701790582%2Cdfast.app.Banner0.1701790729&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=300x250%7C336x280%7C250x250%7C200x200%2C300x250%7C336x280%7C250x250%7C200x200&ifi=1&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1702990587825&lmt=1702990500&adxs=650%2C650&adys=552%2C1026&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0&ucis=1%7C2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.dfast.app%2Fdoodle-magic-wizard-vs-slime%2Fcom-doodlemagic-android%2F&vis=1&psz=720x0%7C1200x0&msz=300x0%7C300x0&fws=4%2C0&ohw=720%2C0&ga_vid=1157383330.1702990588&ga_sid=1702990588&ga_hid=1791083029&ga_fc=false&dlt=1702990587096&idt=699&adks=436599100%2C1596595656&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

77861c9b0e76d89a897a03d711a635fd5359fef3ff0fcfa25ce0f530465ba55c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:27 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29717
x-xss-protection: 0
google-lineitem-id: 6162212548,6162212548
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138414107095,138455283718
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.dfast.app
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 68 KB
25 KB 139ms
138ms Fetch
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2978598643253188&correlator=515484033697352&eid=44807748%2C31080115&output=ldjh&gdfp_req=1&vrg=202312060101&ptt=17&impl=fifs&iu_parts=22387492205%3A22869266701%2Cdfast.app.Banner0.1701791943&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x50%7C300x100%7C320x50%7C320x100%7C970x90&ifi=3&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1702990587834&lmt=1702990500&adxs=650&adys=1200&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.dfast.app%2Fdoodle-magic-wizard-vs-slime%2Fcom-doodlemagic-android%2F&vis=1&psz=1600x-1&msz=1600x-1&fws=512&ohw=0&ga_vid=1157383330.1702990588&ga_sid=1702990588&ga_hid=1791083029&ga_fc=false&dlt=1702990587096&idt=699&adks=4195569165&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba811be918d3b64f71853d8b636f07fae2b89f00ba36e9461e4ab51ed8d588f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:27 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25923
x-xss-protection: 0
google-lineitem-id: 6162212548
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138453295553
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.dfast.app
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 68 KB
25 KB 108ms
108ms Fetch
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2978598643253188&correlator=515484033697352&eid=44807748%2C31080115&output=ldjh&gdfp_req=1&vrg=202312060101&ptt=17&impl=fifs&iu_parts=22387492205%3A22869266701%2Cdfast.app.Banner0.1701791975&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C336x280%7C250x250%7C200x200&fluid=height&ifi=4&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1702990587837&lmt=1702990500&adxs=-12245933&adys=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.dfast.app%2Fdoodle-magic-wizard-vs-slime%2Fcom-doodlemagic-android%2F&vis=1&psz=0x-1&msz=0x-1&fws=644&ohw=0&ga_vid=1157383330.1702990588&ga_sid=1702990588&ga_hid=1791083029&ga_fc=false&dlt=1702990587096&idt=699&adks=2405367900&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a99660b7cb1cf21498fadb9d0449831250078b39df79ce3a743b93c4e73518d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:27 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25569
x-xss-protection: 0
google-lineitem-id: 6162212548
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138453208242
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.dfast.app
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
8fcadce6e183d693b0f59be427e7b8e9.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 7D5C 6 KB
3 KB 390ms
43ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8fcadce6e183d693b0f59be427e7b8e9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dfast.app/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 19 Dec 2023 12:56:28 GMT
expires: Wed, 18 Dec 2024 12:56:28 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5A47 0
0 73ms
73ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsukC-6Ioqo25w8AA7THuPuZvdV3RoD7KRP6YBUP3J694naiiDg7EdlJVM40Yl7eDaBSp2KV-WCyCO7YGoZtkzo0-BZmzXaj0RpwhP00Y5C0kd8t-uJzOvn4Y0silgqt10E_9iq29r9oKJDrPWQelIKUqE3-NyI2S25uhGWvjgIfNtjFeZ4iJRpQCx-M1xQREWpNh5s1O_Zm2kQ_VNJ-WXNm46bfrWQOdURP6_d3UMrDxQICL0NDqpvSSLx5ADzM-LaaZNv-_UK92Iz5SuSQgSJ6QDGuujYmc2wPXG311izk-qH69-7u4CNt7EnWPtqGMflzmAOub9McQhDzpwjrBiOjRhZX4QJxjd5ChDoCePlz&sai=AMfl-YSHw0Y1gQZAFHrUv1kUa9MQEI6hho-g1Uo61UKlrBtAW2cl80X8hYnhkEbN1UHMoCXXaX3ixQULNEYBEf2Dgv5WHcHhDeoTaGKuPQx-DzbiWXI2vKJD1Z4ZFp-In9GUfF54xL0JZkk4rKOEbVl7Cc1H&sig=Cg0ArKJSzOiZKHIvyjUFEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: www.dfast.app
URL: https://www.dfast.app/doodle-magic-wizard-vs-slime/com-doodlemagic-android/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 19 Dec 2023 12:56:28 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 5A47 23 KB
9 KB 236ms
38ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 23:00:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50171
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9269
x-xss-protection: 0
server: cafe
etag: 11706523405290302210
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 Jan 2024 23:00:17 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 5A47 3 KB
2 KB 235ms
37ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 11:16:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5998
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 Jan 2024 11:16:30 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5A47 203 KB
65 KB 325ms
128ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Dec 2023 12:56:28 GMT

GET
H2 200 3779062300929756351
tpc.googlesyndication.com/simgad/ Frame 5A47 96 KB
96 KB 292ms
95ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3779062300929756351

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9b81f1736dd907531313800088b42c735b5cb052dcde02ceefc34df078f918ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Wed, 18 Dec 2024 08:58:22 GMT
date: Tue, 19 Dec 2023 08:58:22 GMT
x-content-type-options: nosniff
age: 14286
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 98115
x-xss-protection: 0
last-modified: Wed, 08 Nov 2023 09:19:35 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
DATA 200
OK truncated
/ Frame 5A47 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 02d22d2819905cf7051d36265ac0f8f34435611ee136e52e728b90d80abf3d11

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D18F 0
0 75ms
75ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvF5HNDIBcepRnRTIZGiaPKibSsDcZfh_Hmbjy3Ok4U-ldPoF5ETELZRsV7AmLDmZaldNrBkZyb-nY2Rn21G0N78BNfPCnQ7LihalPlV6GHLVM9uk6aU9qV6TrBI5HZsJTRfejZxfUQpHvMx5VMXwDo2v9R0RbApCRa1D_5xhkRnir9JkttNqmzRFzOLlgJfpEdvDwLAjqA6TwSOk2ZejFw1ZrXuvNhpNmqnCjarh7RsxtJdWwKFs3q3sxgUnTqBBsP8BWan7lEPtOTdHF4ql7LuXJKnlihhp9Hmlh86UrmdUjkjMCvz2gq0YmX_SyHEwIkDuL7TWBMI5zpDe5fVaAT7VFppSlMozcGZEVIj37j&sai=AMfl-YQwgm-xNFWSgKpPDju6d9XXQ1pdlm0mEMNhfqXyiSY5CHChGoV0UwVG5QcA6Hkel4Yh6OCvNGaMjlHra3GwBOUkIsFiQsKtfTNWIk0j4lE3I34U0wIrzR6IQmQ-DSxdKLuhSwk8f0YIM9Tw_vb2i4Yp&sig=Cg0ArKJSzCeuj3djfcB9EAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: www.dfast.app
URL: https://www.dfast.app/doodle-magic-wizard-vs-slime/com-doodlemagic-android/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 19 Dec 2023 12:56:28 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame D18F 23 KB
9 KB 227ms
43ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 23:00:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50171
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9269
x-xss-protection: 0
server: cafe
etag: 11706523405290302210
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 Jan 2024 23:00:17 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame D18F 3 KB
1 KB 252ms
67ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 11:16:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5998
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 Jan 2024 11:16:30 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame D18F 203 KB
64 KB 396ms
212ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Dec 2023 12:56:28 GMT

GET
H2 200 4830331641817347101
tpc.googlesyndication.com/simgad/ Frame D18F 72 KB
73 KB 331ms
148ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4830331641817347101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bc850d771a38d6c69ee74cdb3834a7697383832f541698e62fcc4cde0f3668d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Tue, 17 Dec 2024 15:38:36 GMT
date: Mon, 18 Dec 2023 15:38:36 GMT
x-content-type-options: nosniff
age: 76672
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74233
x-xss-protection: 0
last-modified: Mon, 20 Nov 2023 10:17:00 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 66BE 0
0 73ms
73ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu8MpWDcNho8Zk4-KmGngWssLg6bN4FuaED3RwCZ34Yn0h-HTThDyYuFSby0O3hFpPpKp-tJdJPvS8ufv6xA67BXDo6Ym5KP7fdQwYR6HDdlCoFnuUs4nmve8z7JGgtibLsvwYzMVtOrn7UFAJP-zUcJR1sOE8LMEIk2aT6dxQ4f7NtxJXLxzNcPNubajwd2hjIBIsW7Juos59cOC2H10MqZfDmXfe-TWKaBJjmE8Hx-0uLVcdvKYmXbOj5i7FNaMaTjx93nSELQZc_4ktTypkU4t-3gNXhrAwMzic3j8JBJUZvqk_Eeztv4Vcwk0gEfrCKzU4GZQWErY72J7Q-McrQ3rlYxjKrMV45e-vi7FJr&sai=AMfl-YQ9RkMsxd2hFJ40eyRbancf4rH5wxWfvBHXryu8OXDurk2BXzVIkxBSePyDgpmLf4w4C9C8sCJHeXxtMCBtc-KgJtmff_gjwn2fqilypXzrBeU7Qf3p0sqbh71ozWeQHnkaUiSMrnjBQjC-p-uxenA&sig=Cg0ArKJSzK6MQ8Ble795EAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: www.dfast.app
URL: https://www.dfast.app/doodle-magic-wizard-vs-slime/com-doodlemagic-android/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 19 Dec 2023 12:56:28 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 66BE 23 KB
9 KB 126ms
125ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 23:00:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50171
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9269
x-xss-protection: 0
server: cafe
etag: 11706523405290302210
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 Jan 2024 23:00:17 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 66BE 3 KB
1 KB 127ms
127ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 11:16:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5998
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 Jan 2024 11:16:30 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 66BE 203 KB
64 KB 364ms
190ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Dec 2023 12:56:28 GMT

GET
H2 200 10361043924002532125
tpc.googlesyndication.com/simgad/ Frame 66BE 80 KB
80 KB 130ms
130ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10361043924002532125

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f18ac15f28781f47a0e4bb8dd20b75849f6e98eb9a4f45946f3731424f193d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Wed, 18 Dec 2024 05:25:49 GMT
date: Tue, 19 Dec 2023 05:25:49 GMT
x-content-type-options: nosniff
age: 27039
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 81842
x-xss-protection: 0
last-modified: Wed, 08 Nov 2023 09:22:24 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
DATA 200
OK truncated
/ Frame D18F 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c5f0359701b5d944132d8293258e3475a5370cab505c0a130f87273b2e5d8e6d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame B6F7 0
0 74ms
73ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstAG2WsHg0kFYt5Y4fg4uVsLlhShPwHHY_iSVE6R9Tmo2zlcFs5VQ__FsGNghD8KOHomFTkWq_mS-fkYDSA3WNZJu0_8OKOaitTPudOeBUOO8LvwdvEOs3i6Ds1TAXqER0rGKttOy643tVLDpyCJ0mwA3lWtWyRsfFvem5Wrnulyj_Z_sZpUHD7g_MJB_-qPjzGN7Y2E_seynvvBDkEvg2RpmwDD6yDypsAmD5hIBbRmuQJopDg39svojhcwGn6RbdjysD0B1dBt6NJ6b8z8k5QROO1CJ1ASgw9jDYtqZ9kjNeadNh25JEi8jKUHf2Xs1hewhmNHbrQ05lwuPivnQIvOu13f29cjoNyyb5wfDAT&sai=AMfl-YSiKYQNanaJwDzlA__5oAgA98_5d4q7ma55dfhut2kA8924QklCJToNgwHjFHFRtiGU_5NM9n-Q0WOZ_-fFspbGBVC_PjeTp_ELSuygViTm1kZD44WyH8-CTKX0FlHfv9KjTIYWCXJPP_st_sCSFkA&sig=Cg0ArKJSzFP1Xahg_MV0EAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: www.dfast.app
URL: https://www.dfast.app/doodle-magic-wizard-vs-slime/com-doodlemagic-android/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 19 Dec 2023 12:56:28 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame B6F7 23 KB
9 KB 128ms
128ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 23:00:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50171
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9269
x-xss-protection: 0
server: cafe
etag: 11706523405290302210
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 Jan 2024 23:00:17 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame B6F7 3 KB
1 KB 130ms
130ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 11:16:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5998
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 Jan 2024 11:16:30 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame B6F7 203 KB
64 KB 385ms
219ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Dec 2023 12:56:28 GMT

GET
H2 200 16511185847439591949
tpc.googlesyndication.com/simgad/ Frame B6F7 60 KB
60 KB 237ms
72ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16511185847439591949

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c801794a2bfbdb3343956298ed34537ddad4dd1ca0efe332420e68e15e4dc402

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Tue, 17 Dec 2024 17:35:40 GMT
date: Mon, 18 Dec 2023 17:35:40 GMT
x-content-type-options: nosniff
age: 69648
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61101
x-xss-protection: 0
last-modified: Wed, 08 Nov 2023 09:43:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
DATA 200
OK truncated
/ Frame B6F7 220 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2b22953365e83c17f85f2f44c6b52e70b53ef3452ad1578bb9ad295ed3dc96ae

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK piwik.js Show response
piwik.everzones.com/ 64 KB
64 KB 101ms
39ms Script
application/javascript 195.154.94.155
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://piwik.everzones.com/piwik.js
Requested by: Host: www.dfast.app
URL: https://www.dfast.app/doodle-magic-wizard-vs-slime/com-doodlemagic-android/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.154.94.155 Ivry-sur-Seine, France, ASN12876 (Online SAS, FR),
Reverse DNS: 195-154-94-155.rev.poneytelecom.eu
Software: nginx /
Resource Hash: 5c166a5d40aeefd0679a14f95e47ff28824e66abba82adfa30be41803cc25632

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Tue, 19 Dec 2023 12:54:40 GMT
Last-Modified: Mon, 19 Nov 2018 03:20:15 GMT
Server: nginx
ETag: "5bf22bef-ffb2"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 65458

GET
H/1.1 200
OK piwik.php
piwik.everzones.com/ 43 B
227 B 71ms
71ms Image
image/gif 195.154.94.155
Online SAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://piwik.everzones.com/piwik.php?action_name=Doodle%20Magic%3A%20Wizard%20vs%20Slime%20APK%20%2B%20Mod%20for%20Android.&idsite=167&rec=1&r=649432&h=13&m=56&s=28&url=https%3A%2F%2Fwww.dfast.app%2Fdoodle-magic-wizard-vs-slime%2Fcom-doodlemagic-android%2F&_id=0bcc8400a157a294&_idts=1702990588&_idvc=1&_idn=0&_refts=0&_viewts=1702990588&send_image=1&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=0&java=0&gears=0&ag=0&cookie=1&res=1600x1200&gt_ms=193&pv_id=6DB77J
Requested by: Host: www.dfast.app
URL: https://www.dfast.app/doodle-magic-wizard-vs-slime/com-doodlemagic-android/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.154.94.155 Ivry-sur-Seine, France, ASN12876 (Online SAS, FR),
Reverse DNS: 195-154-94-155.rev.poneytelecom.eu
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Tue, 19 Dec 2023 12:54:40 GMT
Cache-Control: no-store
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5A47 0
0 148ms
75ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstO9dz0NPU6ToBAYHXDvClN-zhYmUqNc4A0lBhCmOpfKA-Iv4TiqN3QSc-rbVrthYaPYMH5pSWQ28eq9_UkYg8tt49chlHe38lKy2AVmto-lfIs5cClIVIUPmdWHeUOPAlboTVdQCeeSKESF3tuBkc-uLM_upPMSYqHXxFTJMvrid-YB-IwDLZG2t4iP6GItIHYuiJZ6VocWuIbCs-KDF_LScE9giC8WS3A2t_rh4uqQct64h1vjWoq-kCCjAGdMmmNp_vjyZ5ZiONPLk2AftHMZ-0NaHSBI2Vsn4zavB801UngJM-V1s9_CuU8ReJnpDn6ivXnuVIFFmseM5J93v1U9MU1dsM2N0qRuNMeV3wQ62I&sai=AMfl-YSSBbIrLLGyA6GiUYmLeUfjE9DPGmG_GwQHaBnqOGabhIYZ1XBaD9aswFT9Z7n7yu85x4rLB3pWG0OCjOtiqeOy2M9k2gYO_XwuFNsONFmpZHhWv5P2SAIcRlypit5vzngCgNwVffc-MJT9TZU-C6PQ&sig=Cg0ArKJSzE5DB7P2hrvvEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 19 Dec 2023 12:56:28 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 66BE 0
0 104ms
75ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvUh16iZ07GIYl2moPAlXAwSMOAaFFfGkXRpxLMDCnX1Nw0K7Ej8AIlrdyGrGG28gz2E8O9qtzRoMzes6UOxTh6EUDnm6UywsTrqLGN_dS8xXuTuI-dgDD_jYIP-ReZWL4IbK2U1TxrD5YLXEOshJzsh-zsPPXvUhNWZ5g9nAXT_hiOHCpmdr9Dt2ME6mfEr7tGcEQZmp-OnZvkWwy6ayzXMuBXWAJ5Jk6kU48GaxedNIHfTyaHMA4Q0JyD_4U42Ljnh-gaOMxQxIYxPfG8inMnh1CUv7J0Yn0ABdX6mSVm0roGjTXvB-EhSnyz2s-oZlWWqNHO_y8c5LaQ3XvHX0kVmF2-Sxg6H60VZ3JE-yts9p8&sai=AMfl-YT-pP5NZ5sx64xdRAguvRrt2acbrJENPdRC6L2u_mcRVQm6XalMTGjvPp9Tbfpck4P5tzoCB0YC0UWnyhk2oc1pfgfcg9apn2u16XdDIfxRfwq-nHiSM2NksMTFeQMUCBk7kXvCc7GZF5sfzTM9AVE&sig=Cg0ArKJSzJz9bZrw6ZzmEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 19 Dec 2023 12:56:28 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D18F 0
0 90ms
74ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsti8QxhKGVvrrAr7S5l2l-yTfzWGSbaFd2F7L4U6YP6ztV9d9Bh51XneTcSU7pFo3-39P94aNl7IJAFVaDy8DmNWZp4dp9pDIB7q01E9iEGphoB1UuJm-pKnAhsZRCuYIRBy6O6GLyPnvppRbuzoansJ_iAhZdygJamBcKFvGyXHruR1yIo5gckFOkC7tfHz89d4zlieSyRwglPHcZYXTXdvUx7OM8Zj0f36WzVz_0AlELf1A5y61dLor-QlhaN7lOE0V1nc7y6QLw8MNx2rAFjlNeNDDNpcsO_87n084OT3Xu2DlVs854Uoo5u1JPhfFwP4jaVDf0ih3gvgdoddrRX6ixWhXSu4bLb2Kxa1-2VaTo&sai=AMfl-YQy1CmXNij5ce3xrRZ93RHYsWon_c-r2wJBrYoY5gsM8LKHaCt97mRo2HFWqfbO04Mtj341Hn3ovN9PCQNtQ1BeZ6P4QW9_AlL2_o8smY-Ld3AIJT6aPxyNCQIVeV3C376CkSGJ7cLJY8MRI7HwjWGV&sig=Cg0ArKJSzI62gMeXmBHYEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 19 Dec 2023 12:56:28 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame B6F7 0
0 78ms
74ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstsSlXzUuLKtx_DGg4cfY-guqboJMZVZsj6_sSUbBGqJP3UdqWaYXUGAVLe58VqgcuQcJqWa7Jcog9_64-CzuU0uRAO1hu40IA2CVnnZTi4ndYTYEdCs92wvG7NFFoVjXT9wyXFYQ3F3xuIFRrXo-bD4-4D1TbAEnqjzdSQaGXZWU1KIn6GqOwNFtg2VjxIyYIh8MAGuM7Ebei2LCyWQUSNX1hMqW5753c7KccuSfBGs_gazdchGZLkuqhyScYIgmaY12xlBRA79SgW1fimYti2LZhtt4wd7edBX2ia6YkrzsuLsTzY9c18Va_DlCA6NQ8rNm8HRtpSJhu1A7ljoDgY6LGWNdldA7U7AWkQowc_BC4&sai=AMfl-YTnLueqFek1OT5Fr6MFt4VCvWnZII89dGrbQXNJ7ohqzHHdWzjeda9yl5Y9AzfruZJShQ-yf9RibFeYNDWr9qpcCZQ5uQ1OLn6wivXifQvmtCHlL8ZFbXFmX9Kr62rMX4L7EYS7Z-V5XRt6VmfPbPs&sig=Cg0ArKJSzFoDDReGi1vCEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 19 Dec 2023 12:56:28 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 164ms
85ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202312060101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e2864c8498468e04d86a27401be6c45646e2e38d575bcb9a8ed5efbacadce540

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:28 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12241
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 19 Dec 2023 12:56:28 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame E8C8 13 KB
5 KB 35ms
35ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dfast.app/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 5996
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 19 Dec 2023 11:16:32 GMT
expires: Wed, 18 Dec 2024 11:16:32 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame E216 829 B
1 KB 127ms
48ms Document
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

50a94cd2dd75615ec1c3978a1e8a73e8734bcb4708dd42cde19cccd884823875

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-S_bQAwHKMCwykzp-glO2Og' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.dfast.app/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-S_bQAwHKMCwykzp-glO2Og' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 19 Dec 2023 12:56:28 GMT
expires: Tue, 19 Dec 2023 12:56:28 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame E8C8 39 KB
15 KB 108ms
35ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 09:20:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12981
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Dec 2024 09:20:07 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E216 0
0 70ms
70ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202312060101&jk=2978598643253188&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame E8C8 0
10 B 35ms
34ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?95o6Hg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 12:56:28 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5A47 42 B
174 B 73ms
72ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvwCU6pYAtI03dIRZPc49O8sZw0WhPEWLepflGS8-uYGZbKxxHAhMMTatl5dwjifHrPuFIEz7MzgvPrHHNamOqSBWRRsG0DyUBs_37i9zx5htEf5Q3uiaiZGni48KI1xdOZds2Ze7yCNI4W8WIR8vzNbA&sig=Cg0ArKJSzEF7UUktX0FREAE&id=lidar2&mcvt=1000&p=551,632,831,968&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231213&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=436599100&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702990587982&rpt=433&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 12:56:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 73ms
72ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202312060101&jk=2978598643253188&bg=!gYKlgs3NAAY3kmNgF5I7ADQBe5WfOD2h_GlYSgrP7LmuAOSVALBHup2rAiSwXqGWYnSHZS2YYDHT5fKKlmJjq9EcXn0LAgAAADVSAAAAAmgBB5kDAWSJY3tXFjwtnsWXZpcu81-WBkuw_oTlwQuXivIduRoCwRv02qojJ5hlUy3O4id5oKLPIB70rU_UXjDkLtXr7zUzS0MI0-Mgk-MSaVwPMjzdmDHhnsI-EvBPhmdzY_RfE2bSWc1eVc8kou4HNFqbGmSFVPLcySuakJphYRnkjAMIPqdj-0ZX6rvjVDWOJdt3zTDm13gJEAGudNgtbnCYBtlH1yt61QTvM2PXn6Akk4yviQ8bhgI3lrwr9uPaq68lCBxNWhqIdrHJUpBVIvMDLRjiWaA0dtjeI0ILsPHeIO8STf8AXBIgUVicMbblSi-MDRldg-182R-hQF8ltGijR2I3a_mvSfl4pwurOb0CaoDZXvPvAkZj3Gdb-HNigiWKStYQsFgaBCf7j2_OkWij75kh-CAZUTiohU_i5Sj3O8wGRW3yYe-pCzK-0X8QjL7o_VLJ0HcPfLbGhrgS31Cegb9WLXsCsTtFhSuyth8Ee4k3xZt2oUSXtdggbdcOeP-Lsa28uTB-9xiyxXyY5PaEkQBaFPfjzBT6Zgeshs0VHb4FusdpB7sQ6_K7SdRo1Sg10HBBVXkTHWhcOCTJUHBhwHF8yRXnPmfyFidIruCQmxOZxIBw0LV2XcTI_jwW2vagmFcCez-wMz89iCjtYhZEd_CDifaBx8N_EN_Dh7VmqPkuNsEr5K0mgbdIEv8LCAXrJ5dsksUqdzv-GYsJm3pHxWxYQ7dF1gSaUdTF3Vb56w7xRgyug6Xib7ME4THEaJQmtpgO_iewC7dYkseg3w_oXgQ3gm-kHnFoKp5Qk2QW-yzgjg1Bw6mDjmhtSa4Bgr-cxeRDTKrqt1Ko8Lhg9b6BSyuOPmXFVT4Lg7G7ipfDhNzre9djPTmw4MbAq2dp0krnLo4ekDBXMH41E91AEqkWgsxaEr5Wh1MNj8OaQx8uNwRfFto5dQLkdUgehO_PNemBo4tLaRhKFd5Xi_WQ0t0_3vDhONZxhYYOa-rL-OKFe7qdHWHeiSIpiTJcGdARn9OJbGk
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B6F7 42 B
108 B 74ms
74ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssTEaWllV8EbQUjxt4a6prAEdy-wOlhrr0Z65rtpgN5gAakxaaWYz7aQ7l77ehZpk1szYjlS5p1Ruj-l3_ehc0tuwQSIH2oY3AqY7ZPUYMd6-WvNnjzqMTGUBRX46h-ZO3sxEjRlxKF4dSDxxJY_CtSmA&sig=Cg0ArKJSzKx46hRcEtl0EAE&id=lidar2&mcvt=1000&p=1110,315,1200,1285&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231213&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=4195569165&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702990588020&rpt=464&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 12:56:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D18F 42 B
108 B 74ms
74ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvYw5gycSb9xuzuZJ8apqTSSRpSi14LXG_qKUVuGok1Om-Op-7fuMyWn9X8-4qAUnuyLjU_9-OhZ8Kkp7bcgTCbhqa5htG47ZkO9qPncX0b1zP_8SnKUsbv3PGnMIfxVgXJrZbN5KTz6MJmFfVz9whjLg&sig=Cg0ArKJSzCvBdd5hSHBCEAE&id=lidar2&mcvt=1002&p=1025,632,1305,968&mtos=0,0,1002,1002,1002&tos=0,0,1002,0,0&v=20231213&bin=7&avms=nio&bs=1600,1200&mc=0.62&vu=1&app=0&itpl=3&adk=1596595656&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702990587999&rpt=474&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dfast.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 12:56:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 66BE 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b15ebc24c16658eb081c086deceb1d1f372138b5a3c55f6cf5f9a6fc06328976

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.dfast.app/	1970-01-21 02:24:46	Name: __gads Value: ID=1d313222e634c856:T=1702990587:RT=1702990587:S=ALNI_Mbe_1u0y8XVJVpVTCOqO8Vy2opQ6A
.dfast.app/	1970-01-21 02:24:46	Name: __gpi Value: UID=00000d21aa967c14:T=1702990587:RT=1702990587:S=ALNI_MYRwi0t1zRd32TGRZOc_L6KOnCXyg
.doubleclick.net/	1970-01-21 02:24:46	Name: IDE Value: AHWqTUnyRtjkZzEV3uFmrGQuoLMfH1zKyZGMBn7kzGorZCrnWQAxjoIi7hlt97uz-TY
www.dfast.app/	1970-01-21 02:29:05	Name: _pk_id.167.fb52 Value: 0bcc8400a157a294.1702990588.1.1702990588.1702990588.
www.dfast.app/	1970-01-20 17:03:12	Name: _pk_ses.167.fb52 Value: *

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8fcadce6e183d693b0f59be427e7b8e9.safeframe.googlesyndication.com
cdn.pubxmedia.com
i.git99.com
pagead2.googlesyndication.com
piwik.everzones.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
www.dfast.app
www.google.com
www.googletagservices.com
195.154.94.155
2606:4700:3031::ac43:ae83
2a00:1450:4001:801::2004
2a00:1450:4001:813::2001
2a00:1450:4001:81c::2001
2a00:1450:4001:828::2002
2a00:1450:4001:829::2002
2a00:1450:4001:831::2002
2a06:98c1:3120::3
2a06:98c1:3121::3
02d22d2819905cf7051d36265ac0f8f34435611ee136e52e728b90d80abf3d11
045f6298d255bbddc51d92f99482edf7345e036d4b979bc36a66ddc21c53bf10
0518a260577dab1000a29d6ae2258ba7fa225212946b5b8ae97145868bbe4656
0bc850d771a38d6c69ee74cdb3834a7697383832f541698e62fcc4cde0f3668d
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
108cdb682e1d256ba58174d96775ec12fe2e9515ffa2ca7edfff49343a4d97ea
1f18ac15f28781f47a0e4bb8dd20b75849f6e98eb9a4f45946f3731424f193d7
21b2a821d845fde4a2dd5c8a2de58411d2517fd57acd4216a8bd18f8a9f5e7b3
2b22953365e83c17f85f2f44c6b52e70b53ef3452ad1578bb9ad295ed3dc96ae
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
395a6095909563e06ae59a25bb0f55cb2ae712f958135fe1e331eddeaa52a233
3b5284866e621fa11abac3887986e2eb3184f3eea25e44d83648735fd2c9f6b9
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47c832986f0d348b685ed35c746c178627260b09e51dc60b38a27d8df2b1a1bb
49e165bb32350efc326d5b9892e85fabd0373e72cbfd36d7dc6f90253efff6aa
50a94cd2dd75615ec1c3978a1e8a73e8734bcb4708dd42cde19cccd884823875
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a
5c166a5d40aeefd0679a14f95e47ff28824e66abba82adfa30be41803cc25632
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
77861c9b0e76d89a897a03d711a635fd5359fef3ff0fcfa25ce0f530465ba55c
78959ef34530838fecea05c99bcd669dff792199b4571470dfb9c9ef25c0dc6c
9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5
9a99660b7cb1cf21498fadb9d0449831250078b39df79ce3a743b93c4e73518d
9b81f1736dd907531313800088b42c735b5cb052dcde02ceefc34df078f918ec
b15ebc24c16658eb081c086deceb1d1f372138b5a3c55f6cf5f9a6fc06328976
ba811be918d3b64f71853d8b636f07fae2b89f00ba36e9461e4ab51ed8d588f4
bcd168444c56b9a9c39da81349e32c58700ba5215fe530bbf06ceb23b2d67707
c5f0359701b5d944132d8293258e3475a5370cab505c0a130f87273b2e5d8e6d
c801794a2bfbdb3343956298ed34537ddad4dd1ca0efe332420e68e15e4dc402
e2864c8498468e04d86a27401be6c45646e2e38d575bcb9a8ed5efbacadce540
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f7011e276c8917fbd6415595e53ee0bb315c977614f3fc80054a6da45b93d2f3

www.dfast.app Open in urlscan Pro 2606:4700:3031::ac43:ae83 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

52 Requests

100 %HTTPS

90 %IPv6

8 Domains

10 Subdomains

11 IPs

3 Countries

1067 kBTransfer

2388 kBSize

5 Cookies

1 Outgoing links

Redirected requests

52 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.dfast.app Open in urlscan Pro
2606:4700:3031::ac43:ae83 Public Scan

Screenshot
Live screenshot

Full Image

52
Requests

100 %
HTTPS

90 %
IPv6

8
Domains

10
Subdomains

11
IPs

3
Countries

1067 kB
Transfer

2388 kB
Size

5
Cookies

52 HTTP transactions
4 data transactions