www.todawa55.asia Open in urlscan Pro
2606:4700:3033::ac43:8fe2 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://todawa35.asia/
Effective URL:
https://www.todawa55.asia/home.php
Submission Tags: phishingrod
Submission: On January 16 via api (January 16th 2024, 6:20:03 am UTC) from DE — Scanned from DE

Summary HTTP 104 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 19 IPs in 5 countries across 15 domains to perform 104 HTTP transactions. The main IP is 2606:4700:3033::ac43:8fe2, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.todawa55.asia.
TLS certificate: Issued by E1 on November 25th 2023. Valid for: 3 months.

This is the only time www.todawa55.asia was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3035::ac43:da96	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 17	2606:4700:303... 2606:4700:3033::ac43:8fe2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	221.165.139.2 221.165.139.2	4766 (KIXS-AS-K...) (KIXS-AS-KR Korea Telecom)
11	202.97.174.25 202.97.174.25	4837 (CHINA169-...) (CHINA169-BACKBONE CHINA UNICOM China169 Backbone)
2	2a04:4e42:200... 2a04:4e42:200::649	54113 (FASTLY) (FASTLY)
3	1.224.180.63 1.224.180.63	45370 (BROADBAND...) (BROADBANDIDC-AS-KR BROADBANDIDC)
5	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
3 4	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
2 4	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 3	185.89.210.141 185.89.210.141	29990 (ASN-APPNEX) (ASN-APPNEX)
21	2a00:1450:400... 2a00:1450:4001:831::2006	15169 (GOOGLE) (GOOGLE)
2	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
3	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
104	19

1 2606:4700:3035::ac43:da96 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

todawa35.asia	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2606:4700:3033::ac43:8fe2 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.todawa55.asia	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 221.165.139.2 (Osan, Korea, Republic Of)

ASN4766 (KIXS-AS-KR Korea Telecom, KR)

ad.abchub.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad.aceplanet.co.kr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
engine.tend-table.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 202.97.174.25 (China)

ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN)

i.keezip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 1.224.180.63 (Korea, Republic Of)

ASN45370 (BROADBANDIDC-AS-KR BROADBANDIDC, KR)

js.ad4989.co.kr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.34 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.36.155 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.89.210.141 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:831::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.18.2 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	googlesyndication.com 489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110 tpc.googlesyndication.com — Cisco Umbrella Rank: 157 ade.googlesyndication.com — Cisco Umbrella Rank: 356	175 KB
21	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 336	5 MB
17	todawa55.asia 1 redirects www.todawa55.asia	36 KB
13	doubleclick.net 3 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 209 googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 cm.g.doubleclick.net — Cisco Umbrella Rank: 260 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 594	247 KB
11	keezip.com i.keezip.com	774 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 622	2 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 253	3 KB
3	ad4989.co.kr js.ad4989.co.kr — Cisco Umbrella Rank: 138418	18 KB
3	abchub.site ad.abchub.site	7 KB
2	tend-table.com engine.tend-table.com — Cisco Umbrella Rank: 129560	1 KB
2	aceplanet.co.kr ad.aceplanet.co.kr — Cisco Umbrella Rank: 254451	5 KB
2	jquery.com code.jquery.com — Cisco Umbrella Rank: 760	135 KB
1	google.com www.google.com — Cisco Umbrella Rank: 2	1 KB
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 230	65 KB
1	todawa35.asia 1 redirects todawa35.asia	430 B
104	15

	Domain	Requested by
21	s0.2mdn.net	www.todawa55.asia s0.2mdn.net
17	www.todawa55.asia	1 redirects www.todawa55.asia
16	pagead2.googlesyndication.com	489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.todawa55.asia s0.2mdn.net www.googletagservices.com securepubads.g.doubleclick.net
11	i.keezip.com	www.todawa55.asia
8	tpc.googlesyndication.com	489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com www.todawa55.asia tpc.googlesyndication.com s0.2mdn.net securepubads.g.doubleclick.net
5	securepubads.g.doubleclick.net	ad.aceplanet.co.kr securepubads.g.doubleclick.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
3	ade.googlesyndication.com	www.todawa55.asia
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	js.ad4989.co.kr	ad.abchub.site engine.tend-table.com
3	ad.abchub.site	www.todawa55.asia js.ad4989.co.kr
2	engine.tend-table.com	js.ad4989.co.kr
2	googleads4.g.doubleclick.net	www.todawa55.asia
2	googleads.g.doubleclick.net	489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com pagead2.googlesyndication.com
2	489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	ad.aceplanet.co.kr	ad.abchub.site
2	code.jquery.com	ad.abchub.site
1	www.google.com	tpc.googlesyndication.com
1	www.googletagservices.com	489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com
1	todawa35.asia	1 redirects
104	21

This site contains links to these domains. Also see Links.

Domain
www.xn--2j1b408atji.net
www.uuoobe.kr
wekoreatv.vip
www.tfreeca22.top
sekder.net
1bet1.vip
wn-st.com
ww-ot.com
drpharm.cloud
nulpurn.com
herbmming1.com
filecast.co.kr
nulppurun.com

Subject Issuer	Validity	Valid
todawa55.asia E1	`2023-11-25` - `2024-02-23`	3 months	crt.sh
ad.ad4989.co.kr Sectigo RSA Domain Validation Secure Server CA	`2023-11-29` - `2024-06-28`	7 months	crt.sh
i.keezip.com TrustAsia RSA DV TLS CA G2	`2023-10-12` - `2024-10-11`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
*.ad4989.co.kr Sectigo RSA Domain Validation Secure Server CA	`2023-01-17` - `2024-01-31`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh

This page contains 11 frames:

Primary Page: https://www.todawa55.asia/home.php
Frame ID: 36134C276B3D3240D272112DDCA9528B
Requests: 43 HTTP requests in this frame

Frame: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: FA719C077D131842137A8F4ED6B19A03
Requests: 1 HTTP requests in this frame

Frame: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: D9F610C2D39069595039C7FC0394880D
Requests: 21 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-9TjwAEwAQ&v=APEucNUIhVObElz4LP5pV6vvPX_v1_PJJzDJRKJGhqlojQAFK4eQD7lj951yb0LHwANdeXvySAhQIWOVmqCxvQeMAtJyyCEH5c9HihmjgwqQyi63hf2yJxbWNicT3Ntbf2fk2xRUoAkbP5j8sqtox1A-ETkiaV5KiXKQqBnacQMWArX0ZrfKd9xgIuwLGNcr4JorGt6Y7uWS
Frame ID: 90C027DF6596D4BB762EBA16E6138B5F
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 8535103457EB9388A0B066184DC11093
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/5163474105338435392/index.html?e=69&leftOffset=0&topOffset=0&c=MUXJxTL5ze&t=1&renderingType=2&ev=01_250
Frame ID: 773FE81957D342BCB6573F7181B61AA0
Requests: 22 HTTP requests in this frame

Frame: https://engine.tend-table.com/cgi-bin/WebLog.dll?servicename=CONF&keyword=&ref=aHR0cHM6Ly93d3cudG9kYXdhNTUuYXNpYS9ob21lLnBocA==&inflow=&adurl=//ad.abchub.site&lang=utf-8&tm=1705385997888
Frame ID: F6FCAA8EAB0AD694C01F7D05A7884A1C
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js
Frame ID: 34C6F509D068036BA4C33BE6BBB83F89
Requests: 1 HTTP requests in this frame

Frame: https://ad.abchub.site/cgi-bin/pelicanc.dll?adservicename=VLD&name=FOIN_CATEGORY&method=set&data=&encode_yn=N&copy_yn=Y&tm=1705386001570
Frame ID: 32603B94882AA7782A4410B4A0C1A441
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A597B3B1486D181D14F0DBECBFC04E82
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 92309261A7D8E483E527606ECF2C7B73
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

토다와

Page URL History Show full URLs

https://todawa35.asia/ HTTP 301
https://www.todawa55.asia/ HTTP 302
https://www.todawa55.asia/home.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Zip (Payment processors) Expand

Overall confidence: 100%
Detected patterns

zip\.co

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

104
Requests

96 %
HTTPS

58 %
IPv6

15
Domains

21
Subdomains

19
IPs

5
Countries

6426 kB
Transfer

8010 kB
Size

16
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://www.xn--2j1b408atji.net/
Title: https://www.토다와.net

Search URL Search Domain Scan URL

URL: https://www.uuoobe.kr/bbs/board.php?bo_table=request
Title: 자료요청

Search URL Search Domain Scan URL

URL: https://wekoreatv.vip/home.php
Title: Wetv

Search URL Search Domain Scan URL

URL: https://www.tfreeca22.top/board.php?mode=list&b_id=adult&time=1705385709
Title: 성인

Search URL Search Domain Scan URL

URL: https://sekder.net/?ref=uube
Title: 섹파찾기

Search URL Search Domain Scan URL

URL: http://1bet1.vip/

Search URL Search Domain Scan URL

URL: http://wn-st.com/

Search URL Search Domain Scan URL

URL: http://ww-ot.com/

Search URL Search Domain Scan URL

URL: https://drpharm.cloud/

Search URL Search Domain Scan URL

URL: https://nulpurn.com/shop/item.php?it_id=trel01

Search URL Search Domain Scan URL

URL: https://herbmming1.com/

Search URL Search Domain Scan URL

URL: https://filecast.co.kr/?p_id=reel

Search URL Search Domain Scan URL

URL: https://nulppurun.com/shop/item.php?it_id=trel02

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://todawa35.asia/ HTTP 301
https://www.todawa55.asia/ HTTP 302
https://www.todawa55.asia/home.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 38

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN4zsTsDeYrd5qTevu45kEs&google_cver=1

Request Chain 39

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZaYgDSdb-wFurkgVUlJYOAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN4zsTsDeYrd5qTevu45kEs&google_cver=1

Request Chain 40

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEIHUvvkadsm4H2MIE6_EfFg&google_cver=1

Request Chain 41

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjU1OTQyNzE5MTM2MDM2MTk5Mg%3D%3D

104 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request home.php Show response
www.todawa55.asia/
Redirect Chain

https://todawa35.asia/
https://www.todawa55.asia/
https://www.todawa55.asia/home.php

47 KB
8 KB

264ms
263ms

Document
text/html

2606:4700:3033::ac43:8fe2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.todawa55.asia/home.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:8fe2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: d84d9f5eb6b461c0d9af8a9ced1400d4d79b484b46453ee0b43ac0427d30e2c3

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 84643fd73c979238-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 16 Jan 2024 06:19:53 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hWP00kAQBAPCiU%2FFBkPqnuLbPd9pPkyrRu753Lv0BDCLYmB2iceeXA5HGYk44jXzkF1HFz7hO4hhW3rCO2fSILINGNxyyKoW2orXhh19lanrImmsTlwCzs%2FTWg5HFM34wN5PmdWXJMZ5CUod6tKOwA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/5.6.40

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 84643fd41b049238-FRA
content-type: text/html; charset=UTF-8
date: Tue, 16 Jan 2024 06:19:52 GMT
location: home.php
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EZoNbGCdf8fgG2hSYRkFCJEx8VeikkdhWJz%2FOj0Yu8EW5nIx37w9VPdFgeVrp3BXEuZK%2BbXeLiF8l%2FeYN99dD7pMgN53QwbQ3IbcR4YFSLGZN1%2FKrehKHkMcNK9IxCTxdtwaHHO4MCoOs0IGLSUSRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/5.6.40

GET
H/1.1 200
OK PelicanC.dll Show response
ad.abchub.site/cgi-bin/ 3 KB
3 KB 2676ms
284ms Script
text/html 221.165.139.2
KIXS-AS-KR Korea ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 221.165.139.2 Osan, Korea, Republic Of, ASN4766 (KIXS-AS-KR Korea Telecom, KR),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 2d930af4bd5419bf72222580b88380a552e44fc551211bea4f14fee9800c4c59

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
Pragma: no-cache
Date: Tue, 16 Jan 2024 06:19:55 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: Microsoft-IIS/10.0
Connection: close
Content-type: text/html

GET
H3 200 common.css
www.todawa55.asia/css/ 6 KB
2 KB 416ms
415ms Stylesheet
text/css 2606:4700:3033::ac43:8fe2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.todawa55.asia/css/common.css?v5
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:8fe2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 308052b1bf48d457ff68c33a498c882f75beaae17118485be2dd3163fe0c7c11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/home.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:53 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 09 Sep 2021 10:45:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6139e5b9-179f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8QCQSeRwieIkgCxUfOnNEhge8BJvgtWvNYcQqJagqJlyzWcjuKR9oQKiye9NhXBjv1pccOp525TS%2B3NIFNAO46flCDKPZu6DVJhYfbLhQkLu0lbrMJdbVDFWwoWD54frCG3QU9KBoAmTvnoeDsnCCw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 84643fd8f85b5c3d-AMS
alt-svc: h3=":443"; ma=86400
expires: Tue, 16 Jan 2024 18:19:53 GMT

GET
H3 200 main.css
www.todawa55.asia/css/ 2 KB
992 B 423ms
422ms Stylesheet
text/css 2606:4700:3033::ac43:8fe2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.todawa55.asia/css/main.css
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:8fe2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf18a9ed9a6aa889d227de181fe071fe47062764cacd90c4423b81b6bbbee834

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/home.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:53 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 19 Sep 2019 13:18:56 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"5d838040-6a1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=saYHyOq1plf6k2aIMzH9Cov%2B7v%2B1%2FYBCMTPh%2FIkUAH2mIZ5e4VlcfbVXkVSu%2BPMZJrXCtWg7pEXiHSpc6giEpWMcjSSfMMBuztXmk4zDmYCIB7ikBqk%2FFm7ZRSPh61vqGqjy0rxor0pS3LT2D1ECdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 84643fd8f85f5c3d-AMS
alt-svc: h3=":443"; ma=86400
expires: Tue, 16 Jan 2024 18:19:53 GMT

GET
H3 200 sub.css
www.todawa55.asia/css/ 6 KB
2 KB 417ms
416ms Stylesheet
text/css 2606:4700:3033::ac43:8fe2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.todawa55.asia/css/sub.css
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:8fe2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 72855f862df04b84b9755977382129f3f7f22f188f02686807e0eb5df1916155

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/home.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:53 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Fri, 14 May 2021 08:41:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"609e37d6-1648"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1t6Q1ZeLZCdZo%2FnvF4DhhHrPpIp7EYxFnN1j8DN2M8N2q6BBTshe8QlJ19RJ0htdi2Q0W7eksatH316537RU9vi7qMW3vCN%2Bols0j8%2BWmk6SCron2P6HOmpddaiec%2FKaT%2FOuBJF99FilciAYHz3OSA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 84643fd8f8615c3d-AMS
alt-svc: h3=":443"; ma=86400
expires: Tue, 16 Jan 2024 18:19:53 GMT

GET
H3 200 iconfont.css
www.todawa55.asia/css/ 5 KB
4 KB 418ms
417ms Stylesheet
text/css 2606:4700:3033::ac43:8fe2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.todawa55.asia/css/iconfont.css
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:8fe2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d322485983f9bf6aa843345c3eb6dcc06b6d60555c849a778133ac335aa4251

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/home.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:53 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Tue, 08 Oct 2019 00:38:22 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"5d9bda7e-1545"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UNYhvE6Mq9PLTN%2FPzS1exssliU3QQhbXr81XIz2hcrvi%2FGNfQfdZf0RHCDCDP2CY2P0qyPYhhhydOzv1KAlf5s%2F%2F4NLuQsAWlI2tLCepYAQoVYyvtqgpO4OZFSZX79eDIGybbb6sx6xt%2BbP4UOM76w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 84643fd8f8645c3d-AMS
alt-svc: h3=":443"; ma=86400
expires: Tue, 16 Jan 2024 18:19:53 GMT

GET
H3 200 common.js Show response
www.todawa55.asia/js/ 1 KB
934 B 414ms
414ms Script
application/javascript 2606:4700:3033::ac43:8fe2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.todawa55.asia/js/common.js
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:8fe2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf0d6da2b17b813749a8b61047b209827603fb1fdff3ef336df7e67fe16aefe9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/home.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:53 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 19 Sep 2019 03:04:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"5d82f024-5d2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eIzciEDp93sQ0YvbfLQQhDRa1eq2OUsODwwX94WyfaZ%2BjIU9BUIdvAsUImVFVnjfpvbosiLnFzOWeo7Z%2ByQYzBIRuUOl4rfugS3LjlBMT7MxFksYOQ336nBxpmvC%2BnNuFwnjyjOX6%2Fs9cNfGP9UedA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 84643fd8f8665c3d-AMS
alt-svc: h3=":443"; ma=86400
expires: Tue, 16 Jan 2024 18:19:53 GMT

GET
H3 200 logo.gif
www.todawa55.asia/images/common/ 2 KB
3 KB 23ms
23ms Image
image/gif 2606:4700:3033::ac43:8fe2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.todawa55.asia/images/common/logo.gif
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:8fe2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 66ea8b8e5fb63e30170770409f524bac18a024b210d690fa0db919212269a14a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/home.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 416912
alt-svc: h3=":443"; ma=86400
content-length: 2449
last-modified: Thu, 19 Sep 2019 04:49:56 GMT
server: cloudflare
etag: "5d8308f4-991"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rfLdRJpLY0rtv6oCDlR8FOm%2BFpqPC7os%2FyIwD25wU2jF5SCDM1L2pI2L%2FkcqMegpUbzCQ6NJiC%2BW40Xu59BedPvKJ%2BrbPB1aMabJzj2jZ%2BWaNbobd3R2lhoY7H13BKbBNQGHDhagHT0vGVfMnv5ygA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 84643fd8f8695c3d-AMS
expires: Sat, 10 Feb 2024 10:31:21 GMT

GET
H3 200 search.gif
www.todawa55.asia/images/common/ 2 KB
2 KB 24ms
24ms Image
image/gif 2606:4700:3033::ac43:8fe2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.todawa55.asia/images/common/search.gif
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:8fe2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f89a06d4661e5607389bec9499b0d799fb723f1319cdb5fd1024fa5d70161075

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/home.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 273271
alt-svc: h3=":443"; ma=86400
content-length: 1782
last-modified: Wed, 18 Sep 2019 05:26:59 GMT
server: cloudflare
etag: "5d81c023-6f6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hz%2FcqTueK6x177jBP2m5k9%2BtibE4XNybxH27oi5xOwBb76at70SovugKHkMPJQV3MPNvZSQLDhOh949jXUudF%2F47zME7Kq7zFiSAhESAvIJAEKK11gksehoIoSDhJ7qV2qMn85POq2%2Fpc6Sp7gTACg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 84643fd8f86a5c3d-AMS
expires: Mon, 12 Feb 2024 02:25:22 GMT

GET
H3 200 img_19.png
www.todawa55.asia/images/ 1 KB
2 KB 21ms
21ms Image
image/png 2606:4700:3033::ac43:8fe2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.todawa55.asia/images/img_19.png
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:8fe2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed0e54d3733153667e0c73b418b4a4219087f69af048f715e8c0d360112b0571

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/home.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 398082
alt-svc: h3=":443"; ma=86400
content-length: 1535
last-modified: Wed, 08 Jun 2022 13:48:46 GMT
server: cloudflare
etag: "62a0a8be-5ff"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vVj0t8Wk1q21FzmZU6%2BdB8aYj62GtNWw1iCBrOiNbyg0SVvI3ptuorgAv%2FwtodsSgbpX9j5uyAR40jVnmZqWoemj9lX%2BVeShhd8b1wEgv7VYg7%2Flpw0dGg166FmdKsHpl3KsSDAMbyzJpAK7i4%2B1Mg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 84643fd9188b5c3d-AMS
expires: Sat, 10 Feb 2024 15:45:11 GMT

GET
H/1.1 200
OK bet1_380.jpg
i.keezip.com/ad/ 42 KB
42 KB 3699ms
481ms Image
image/jpeg 202.97.174.25
CHINA169-BACKBONE...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.keezip.com/ad/bet1_380.jpg
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 202.97.174.25 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software: nginx/1.15.11 /
Resource Hash: 783361ed917fad413a4249d12774f5b0be1e4e75495da00e3b3e9edb1e10926f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 06:19:52 GMT
Last-Modified: Tue, 31 Jan 2023 16:21:48 GMT
Server: nginx/1.15.11
ETag: "63d9401c-a8a2"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43170

GET
H/1.1 200
OK wn-xg_1.jpg
i.keezip.com/ad/ 60 KB
60 KB 1277ms
540ms Image
image/jpeg 202.97.174.25
CHINA169-BACKBONE...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.keezip.com/ad/wn-xg_1.jpg
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 202.97.174.25 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software: nginx/1.15.11 /
Resource Hash: a4d9e2cbab3e0d55a661df4ffba7c67a137191d93b5e1714cf56b5eafb052c07

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 06:19:53 GMT
Last-Modified: Tue, 10 May 2022 08:41:28 GMT
Server: nginx/1.15.11
ETag: "627a2538-ee19"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 60953

GET
H/1.1 200
OK ww-ot_m.jpg
i.keezip.com/ad/ 51 KB
51 KB 1275ms
463ms Image
image/jpeg 202.97.174.25
CHINA169-BACKBONE...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.keezip.com/ad/ww-ot_m.jpg
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 202.97.174.25 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software: nginx/1.15.11 /
Resource Hash: fd3a78c44240fc968612ed1a66b1ddf9f2e88ee172a587673e20a3d2709194c3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 06:19:53 GMT
Last-Modified: Wed, 31 Aug 2022 14:18:44 GMT
Server: nginx/1.15.11
ETag: "630f6dc4-ca78"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 51832

GET
H/1.1 200
OK drugpharm_m2.gif
i.keezip.com/ad/ 69 KB
69 KB 1334ms
466ms Image
image/gif 202.97.174.25
CHINA169-BACKBONE...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.keezip.com/ad/drugpharm_m2.gif
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 202.97.174.25 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software: nginx/1.15.11 /
Resource Hash: 899cd99a24a6950e11055aef298623208bde99364981f3a8b48b2c8580ca3d14

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 06:19:53 GMT
Last-Modified: Sun, 26 Mar 2023 05:15:08 GMT
Server: nginx/1.15.11
ETag: "641fd4dc-114db"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 70875

GET
H/1.1 200
OK nulpurn_380.gif
i.keezip.com/ad/ 195 KB
195 KB 1398ms
482ms Image
image/gif 202.97.174.25
CHINA169-BACKBONE...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.keezip.com/ad/nulpurn_380.gif
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 202.97.174.25 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software: nginx/1.15.11 /
Resource Hash: 6bd415fb0978ecddc6a9a1e77da54a17e77044f2a7c3d1fb9c6dbe82d2a5dbeb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 06:19:53 GMT
Last-Modified: Wed, 06 Dec 2023 03:43:02 GMT
Server: nginx/1.15.11
ETag: "656fedc6-30ccd"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 199885

GET
H/1.1 200
OK herbnewming.gif
i.keezip.com/ad/ 142 KB
142 KB 1500ms
513ms Image
image/gif 202.97.174.25
CHINA169-BACKBONE...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.keezip.com/ad/herbnewming.gif
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 202.97.174.25 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software: nginx/1.15.11 /
Resource Hash: cf2b04e65eac6603f6472fe3b58bda2918c4a4fdbe0a5878eda75da7d43b4925

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 06:19:53 GMT
Last-Modified: Tue, 29 Aug 2023 08:14:39 GMT
Server: nginx/1.15.11
ETag: "64eda8ef-236fc"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 145148

GET
H/1.1 200
OK filecast_m.gif
i.keezip.com/ad/ 10 KB
10 KB 232ms
231ms Image
image/gif 202.97.174.25
CHINA169-BACKBONE...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.keezip.com/ad/filecast_m.gif
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 202.97.174.25 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software: nginx/1.15.11 /
Resource Hash: 27ce170f477b80957c55e1939c87820de82f8ce1bc71571477bf78de9ba34ed4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 06:19:53 GMT
Last-Modified: Sun, 02 Apr 2023 02:29:00 GMT
Server: nginx/1.15.11
ETag: "6428e86c-28e1"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10465

GET
H/1.1 200
OK sekder.gif
i.keezip.com/ad/ 20 KB
20 KB 330ms
330ms Image
image/gif 202.97.174.25
CHINA169-BACKBONE...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.keezip.com/ad/sekder.gif
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 202.97.174.25 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software: nginx/1.15.11 /
Resource Hash: d22868dbb660acc95fec8868fbbcf2979c3ec66becf9a1e9b64c8a2252553196

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 06:19:53 GMT
Last-Modified: Fri, 24 Nov 2023 05:09:15 GMT
Server: nginx/1.15.11
ETag: "65602ffb-501e"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 20510

GET
H3 200 icon_new.gif
www.todawa55.asia/images/ 511 B
995 B 22ms
21ms Image
image/gif 2606:4700:3033::ac43:8fe2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.todawa55.asia/images/icon_new.gif
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:8fe2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8a57e51ca4ccf80a78e91a18e4a45c93f6f266a7d9d8ff54c93d2f7bd33ccd5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/home.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:55 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 419492
alt-svc: h3=":443"; ma=86400
content-length: 511
last-modified: Thu, 19 Sep 2019 13:42:13 GMT
server: cloudflare
etag: "5d8385b5-1ff"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZqSEcY4nCdCq9Ub4u1tf92zG3MoSjcpapgBu642c1AfBDpl8bcJi7m6RsVudb1aatCDdMN0RnMDQT4Smi1SNW0Shg4auYobEnRxeFxUPHk5N%2B9bf5Sg7zrYyU8luMtuqFZVpsn%2FXVym%2FtmMTIiqimQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 84643fea085a5c3d-AMS
expires: Sat, 10 Feb 2024 09:48:22 GMT

GET
H3 200 icon_nonew.gif
www.todawa55.asia/images/ 1 KB
2 KB 23ms
23ms Image
image/gif 2606:4700:3033::ac43:8fe2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.todawa55.asia/images/icon_nonew.gif
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:8fe2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e1bdc4c80ed0efafe91180d84a9516d1b468a47ec7bf03db4230e527e014cdd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/home.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:55 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 419492
alt-svc: h3=":443"; ma=86400
content-length: 1245
last-modified: Sat, 12 Oct 2019 14:47:22 GMT
server: cloudflare
etag: "5da1e77a-4dd"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9UyLrRYK%2Fp%2BHYAHxNWlF0IO3t%2FLuj3U9a5kH7F8sgh9CTVQkNT88MR8v%2BAqueExS4AZvDYclPrEI8yR6Y1AqmNzy56J4F2xJuATpKevwWRoE5T1Xk%2FqasIyMXmJxYsnPrOTmAMxMVrjESFxSMqsaLA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 84643fea085c5c3d-AMS
expires: Sat, 10 Feb 2024 09:48:23 GMT

GET
H/1.1 200
OK drugpharm2.gif
i.keezip.com/ad/ 70 KB
70 KB 342ms
341ms Image
image/gif 202.97.174.25
CHINA169-BACKBONE...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.keezip.com/ad/drugpharm2.gif
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 202.97.174.25 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software: nginx/1.15.11 /
Resource Hash: 1131f045ddc50292cb1ed4af9659a0850359a37bc401e4a9ef7062a52abb836f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 06:19:53 GMT
Last-Modified: Tue, 31 Oct 2023 07:49:40 GMT
Server: nginx/1.15.11
ETag: "6540b194-118c1"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 71873

GET
H/1.1 200
OK bet1_250.jpg
i.keezip.com/ad/ 77 KB
78 KB 300ms
300ms Image
image/jpeg 202.97.174.25
CHINA169-BACKBONE...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.keezip.com/ad/bet1_250.jpg
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 202.97.174.25 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software: nginx/1.15.11 /
Resource Hash: 01f68ef3a7eef7b7cc21cacca00a0c191f172d4327e4f04399191ffaac8cae49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 06:19:54 GMT
Last-Modified: Tue, 31 Jan 2023 16:22:24 GMT
Server: nginx/1.15.11
ETag: "63d94040-135ab"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 79275

GET
H/1.1 200
OK nulpurn_200.gif
i.keezip.com/ad/ 35 KB
35 KB 232ms
232ms Image
image/gif 202.97.174.25
CHINA169-BACKBONE...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.keezip.com/ad/nulpurn_200.gif
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 202.97.174.25 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software: nginx/1.15.11 /
Resource Hash: f34285967052f4d10e4732af244d5db654ab1b685b9f505cf770dbc186bc7171

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 06:19:54 GMT
Last-Modified: Tue, 22 Aug 2023 14:00:52 GMT
Server: nginx/1.15.11
ETag: "64e4bf94-8c57"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 35927

GET
H2 200 jquery-3.6.0.slim.js Show response
code.jquery.com/ 230 KB
68 KB 37ms
6ms Script
application/javascript 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.slim.js
Requested by: Host: ad.abchub.site
URL: https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 1f058e34466ba6ea21f79d5c403d68bf61d42b9cc0e43c09d433545da33a16c6

Request headers

Referer: https://www.todawa55.asia/
Origin: https://www.todawa55.asia
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Tue, 16 Jan 2024 06:19:55 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 10583791
x-cache: HIT, HIT
content-length: 68992
x-served-by: cache-lga21921-LGA, cache-fra-etou8220048-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1705385996.815696,VS0,VE0
etag: W/"28feccc0-3974d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 1814, 5

GET
H/1.1 200
OK PelicanC.dll Show response
ad.aceplanet.co.kr/cgi-bin/ 2 KB
3 KB 1119ms
278ms Script
text/html 221.165.139.2
KIXS-AS-KR Korea ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.aceplanet.co.kr/cgi-bin/PelicanC.dll?impr?pageid=05yZ&out=script
Requested by: Host: ad.abchub.site
URL: https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 221.165.139.2 Osan, Korea, Republic Of, ASN4766 (KIXS-AS-KR Korea Telecom, KR),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 72863df27774cdc732cd14c6373ed2fbb25b7baaba2456673bf8685e784e6e83

Request headers

Referer: https://www.todawa55.asia/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
Pragma: no-cache
Date: Tue, 16 Jan 2024 06:19:56 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: Microsoft-IIS/10.0
Connection: close
Content-type: text/html

GET
H2 200 tend.js Show response
js.ad4989.co.kr/common/js/ 35 KB
7 KB 2041ms
221ms Script
application/javascript 1.224.180.63
BROADBANDIDC-AS-K...

General

Check archive.org

Show headers Download Go to

Full URL: https://js.ad4989.co.kr/common/js/tend.js
Requested by: Host: ad.abchub.site
URL: https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 1.224.180.63 , Korea, Republic Of, ASN45370 (BROADBANDIDC-AS-KR BROADBANDIDC, KR),
Reverse DNS
Software: /
Resource Hash: 1e18c00f7d939493d0e4c97c057493a49da1e1d7847b151fbd2772f3ac502904

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:56 GMT
content-encoding: gzip
last-modified: Wed, 20 Oct 2021 07:20:32 GMT
accept-ranges: bytes
etag: "616fc340:1aea"
content-length: 6890
content-type: application/javascript

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 97 KB
29 KB 167ms
79ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: ad.aceplanet.co.kr
URL: https://ad.aceplanet.co.kr/cgi-bin/PelicanC.dll?impr?pageid=05yZ&out=script

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1ddab0c0c4ec363b5ed78e00da71dfcf03c6c7238154fae1b68a8033f7d9c585

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:57 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29467
x-xss-protection: 0
server: cafe
etag: 260 / 19738 / 31080328 / config-hash: 6457213104751266546
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 16 Jan 2024 06:19:57 GMT

GET
H/1.1 200
OK PelicanC.dll Show response
ad.abchub.site/cgi-bin/ 3 KB
3 KB 977ms
286ms Script
text/html 221.165.139.2
KIXS-AS-KR Korea ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 221.165.139.2 Osan, Korea, Republic Of, ASN4766 (KIXS-AS-KR Korea Telecom, KR),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 2d930af4bd5419bf72222580b88380a552e44fc551211bea4f14fee9800c4c59

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
Pragma: no-cache
Date: Tue, 16 Jan 2024 06:19:57 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: Microsoft-IIS/10.0
Connection: close
Content-type: text/html

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401080101/ 437 KB
138 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401080101/pubads_impl.js?cb=31080328

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c211e8775861eb70a495edc9b39d509002676809a57ed8090817e78f764b57fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 16:19:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50417
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 140670
x-xss-protection: 0
server: cafe
etag: 10621281385585276585
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 14 Jan 2025 16:19:40 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 62 B
73 B 55ms
41ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.todawa55.asia

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0b8c223bbef14a2a75a979428d5d3451a07a9260d2781f7039e0aa9bfaab29ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49
x-xss-protection: 0
expires: Tue, 16 Jan 2024 06:19:57 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 22 KB
10 KB 394ms
394ms Fetch
text/plain 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1921558338542951&correlator=4059664593939265&eid=31079958%2C31080255%2C31080289%2C31080299%2C31080440%2C31079234%2C31080328&output=ldjh&gdfp_req=1&vrg=202401080101&ptt=17&impl=fif&iu_parts=21682743634%3A22431107073%2CS011%2Cplaystore%2Cga02%2Cpc%2Cpost_right_bottom_btf_300x250&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4%2F5&prev_iu_szs=300x250&ifi=1&sfv=1-0-40&eri=4&sc=1&cookie_enabled=1&cdm=www.todawa55.asia&abxe=1&dt=1705385997153&adxs=1268&adys=1176&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=%2F%2Fplay-store.co.kr&loc=https%3A%2F%2Fwww.todawa55.asia%2Fhome.php&vis=1&psz=300x-1&msz=300x-1&fws=512&ohw=0&ga_vid=1914930727.1705385997&ga_sid=1705385997&ga_hid=807460746&ga_fc=false&dlt=1705385993101&idt=4011&adks=3759869028&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401080101/pubads_impl.js?cb=31080328

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1da39645fa9186e3081f77fd5662070e1c6940dfc1774ddf6308ad90804a2509

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:57 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10046
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.todawa55.asia
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame FA71 6 KB
3 KB 73ms
14ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401080101/pubads_impl.js?cb=31080328

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.todawa55.asia/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 06:19:57 GMT
expires: Wed, 15 Jan 2025 06:19:57 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D9F6 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401080101/pubads_impl.js?cb=31080328

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.todawa55.asia/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 06:19:57 GMT
expires: Wed, 15 Jan 2025 06:19:57 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 90C0 624 B
827 B 69ms
47ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-9TjwAEwAQ&v=APEucNUIhVObElz4LP5pV6vvPX_v1_PJJzDJRKJGhqlojQAFK4eQD7lj951yb0LHwANdeXvySAhQIWOVmqCxvQeMAtJyyCEH5c9HihmjgwqQyi63hf2yJxbWNicT3Ntbf2fk2xRUoAkbP5j8sqtox1A-ETkiaV5KiXKQqBnacQMWArX0ZrfKd9xgIuwLGNcr4JorGt6Y7uWS

Requested by

Host: 489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com
URL: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 06:19:57 GMT
expires: Tue, 16 Jan 2024 06:19:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame D9F6 89 KB
31 KB 128ms
106ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com
URL: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:57 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 16 Jan 2024 06:19:57 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D9F6 42 B
401 B 62ms
41ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DewpZM_QHorQkpVGtwocl57Mjutn0Skoq5xYmFtMi04s3dk1gkmpOZG27wDQX6_u_P-iT7AnVivxk2GB-IXqf1LfQuorTCfj9SvMJYD7XucRf7V_g

Requested by

Host: 489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com
URL: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 06:19:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame D9F6 3 KB
1 KB 31ms
9ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/window_focus_fy2021.js

Requested by

Host: 489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com
URL: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 17:56:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44588
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 Jan 2024 17:56:49 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame D9F6 20 KB
9 KB 29ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com
URL: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 19:20:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39586
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 Jan 2024 19:20:11 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame D9F6 205 KB
65 KB 72ms
44ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com
URL: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66227
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704891455226136"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 16 Jan 2024 06:19:57 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 90C0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN4zsTsDeYrd5qTevu45kEs&google_cver=1

43 B
339 B

26ms
24ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN4zsTsDeYrd5qTevu45kEs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-9TjwAEwAQ&v=APEucNUIhVObElz4LP5pV6vvPX_v1_PJJzDJRKJGhqlojQAFK4eQD7lj951yb0LHwANdeXvySAhQIWOVmqCxvQeMAtJyyCEH5c9HihmjgwqQyi63hf2yJxbWNicT3Ntbf2fk2xRUoAkbP5j8sqtox1A-ETkiaV5KiXKQqBnacQMWArX0ZrfKd9xgIuwLGNcr4JorGt6Y7uWS
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 06:19:57 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7WKZZ5CUf51tS8iDpeqIPLOrZcRSi%2BfY6fFHjPpl4FDqKFbxGHhfAPzvjDi8kT8P%2BjqHZ2e%2F5UgWGvOwkpdOLTO75QOFNoYYOODFA4JsBxw8oaeic9ZANaK5%2BgZrN7aLzAYaBzaFFI0iVw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 84643ff5e9c2692e-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 06:19:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN4zsTsDeYrd5qTevu45kEs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 90C0
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZaYgDSdb-wFurkgVUlJYOAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN4zsTsDeYrd5qTevu45kEs&google_cver=1

43 B
769 B

25ms
25ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN4zsTsDeYrd5qTevu45kEs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-9TjwAEwAQ&v=APEucNUIhVObElz4LP5pV6vvPX_v1_PJJzDJRKJGhqlojQAFK4eQD7lj951yb0LHwANdeXvySAhQIWOVmqCxvQeMAtJyyCEH5c9HihmjgwqQyi63hf2yJxbWNicT3Ntbf2fk2xRUoAkbP5j8sqtox1A-ETkiaV5KiXKQqBnacQMWArX0ZrfKd9xgIuwLGNcr4JorGt6Y7uWS
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 06:19:57 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hYrNCxF4ts0IW7uvWwnIgzNtIJ7PF373GThP5nSPTAGnv6XVBYaATjmFecTaFrvjZT6FZZRd9anvqEd%2FXbHFE6c1ODUatGIzPGDiSEUtqssDyffO6t5GBvMp30CD2MV3vgyKllpBZv%2BkBA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 84643ff619dc30fa-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 06:19:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN4zsTsDeYrd5qTevu45kEs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 90C0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEIHUvvkadsm4H2MIE6_EfFg&google_cver=1

43 B
1007 B

14ms
13ms

Image
image/gif

185.89.210.141
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEIHUvvkadsm4H2MIE6_EfFg&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-9TjwAEwAQ&v=APEucNUIhVObElz4LP5pV6vvPX_v1_PJJzDJRKJGhqlojQAFK4eQD7lj951yb0LHwANdeXvySAhQIWOVmqCxvQeMAtJyyCEH5c9HihmjgwqQyi63hf2yJxbWNicT3Ntbf2fk2xRUoAkbP5j8sqtox1A-ETkiaV5KiXKQqBnacQMWArX0ZrfKd9xgIuwLGNcr4JorGt6Y7uWS

Protocol

Server

185.89.210.141 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 06:19:57 GMT
an-x-request-uuid: 6ab7aa44-98a1-4ca3-90a2-295b37393587
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 138.199.38.133; 138.199.38.133; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 06:19:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEIHUvvkadsm4H2MIE6_EfFg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 90C0
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjU1OTQyNzE5MTM2MDM2MTk5Mg%3D%3D

170 B
243 B

16ms
16ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjU1OTQyNzE5MTM2MDM2MTk5Mg%3D%3D

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 06:19:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 06:19:57 GMT
an-x-request-uuid: dcaf84ab-daeb-4dfd-8c62-667a21f46c80
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjU1OTQyNzE5MTM2MDM2MTk5Mg%3D%3D
x-proxy-origin: 138.199.38.133; 138.199.38.133; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D9F6 0
58 B 42ms
42ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2469396600861&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 06:19:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D9F6 0
56 B 42ms
42ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2469396600861&version=m202309260101&ct=76&x=1&cor=11222926653185358000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 06:19:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame D9F6 106 KB
40 KB 53ms
51ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B3UbysnTdBlTo2kJZ78NxTCgsAS0q1eGzfOKhilhyYzlNwPUyTw_NvcYbw0LsGXFerc6eVGS0A6goRRPdiUoAJyTt8wx4eCwSIrmZj2gV79Cl2fPWcBxHecYI-5AoLBZXXLgoeJHCfgMNThKTySKkxqhm28K35m3X75deYyun5hvG4uc8&dbm_d=AKAmf-Aq8_RPXIBdcUuo-I4NzUNdyOpys4IbYCs5ssC7GQYHSMBvmnWJx_jw1khZNedxJvUdJzhcq6ki0nNUSs5eYytBgdYZLc43dffydFu9t1hcv7tK0AGDiM3-_a2lV_v95O_B5KEOchJpP7nfoqkHk9FcDvTT5D9I5Tg5Qre9NV6K_CH92z__CLLXH1iS9WVumkplOhDNDf9wAqMzMrBonL6_qw9TQ6Hv-nfvl-hox1Vse_P-xAdmboGvP6zNMDxH0z2_ucosV5evCKQaVgyOZvBHcn-rB5-yAuB4LxWasclI1vu42SMm6HOZgLLk-d6W1T_GiMU4CUxU7g0dBiZH4epXUZ6x4O6_Xk4ti9L5kky4zBnElL29KOSoMdtNhe-yNhzmWg6blPaxaMi7EeufFNVJ-Mh2nFpL5pnibvV00dNgfp_B4-u1QrEWPprIpIZh6fxWdHQWfitU4n5n_nN0nuW1oM_MnrwvWechX725XPJWg-2hzzzOkq9v--Qaw9Vt3OV-Rt7-HFADLcw-oQhWURd2pr0iK60eaGQjf2EYkhWHfrqlLrPUCYbmEfZBBG9moMlFjusVQLrnmDoH4zXx9U8yRGYsGCUlpiqKNJBlp76OJOdj2Ht02FdSFGTjeM4tbRJ9dciqBkdTKiqTNgEgsmZL9WN2j9x09-4SOEXkkrkwE2g33CvK3yYLSdWm_-IOWkh2cX9gtnWqWnBJ5B5oC0GqN19zAuKA4Qd4s_xgGADRUexk7caJaWNaXsbK3WorT29YIO755Xq4pcC4TzQfE_2oHuwrWXTiQGLbHFh7x4flutJ5egD6yixoMszVBfytZTfpyN163iFSGzHiOvnqYZhvdbjYAViozILgkOqhr2GOhs1L3euF0qGiwLdP4e0Bd2ytpgUU7H_4GkGMLKTwphs-JDYLifUA9IPQEOl5r3jhxcLtX4Ny1oXwcXuetEekRahci53TRzLUAEDMnsskxGTEhKPVKXlBJD3TPxezvvmkasry-rUxvy1ezhlMwUaO0KfsonMqLnofkLgV2mN26AWv3JFyIUgOPthXAp0fKJu95drFNRbDLSP7yzJUR2YM6mpY4GyZnfrVvzMgBo6L6oe1dsaKK4DpDOuq5cVVPImJXaaB5LSm0bGgvpkw3H4Hv5iYhOnK9sOJgSup1ex3zNoAUEjSnYWVq3SZeJcEt0-qEPquTzViVYaj9vmswKhUVCIepMuntYLGTvy3cz6Xs-pp4ZPHkWXavL_eXYhZJnwHNywqO4fga2pbEMftukqg_g0OiPeGcJFSk9W2TYvtHxLvrYbRWy0z8UevgWGOjKFDeje-CCKKlJk-bo1q5WNsaBYWXguZGqgJYHh82uBtSM3wwiueD4JPoIplYl0wbVx5F66_bPeR-g2dzf5CZKjcw5bw64des-lm961UI6NXHuM09jwfnhYM3GWFwOCd63EA8_J72QBI4MVUoHu5KB0SB5uDRfWPfTweNjJqQiYcWMAL4MYesBrBfYhKa1JZKQERKZsB4oGObgPpgCRmt8VWWCvPmhdaormROGurbhP4kAm_dnWjRn36r1TO9vKMiDcNUDpDLVe8z8NoxiuDuZ-eI1pmcVtkOiTo3BI2Udq7mnA04zPlceR5s5s0KxjFtP3t6dJ_3JfEepi7tW0Vx46T3JItZ5wB6kZakn9s3eKQAju3JPq1D8cZgMNEA-zSo9VX1ZPwb8-vFLq0dZ0xmzCWlGj8reMi4ik92NYM1xKe-QgjyNxsBer1idIDbjug9otBcAX_vdimCP_cY4k7LtH1L8zl-wZ9PtKKSadHbhzIu3GjjJbym5BtcMgrD92QZzBtQdx3dQitjg__Fx96BMzv9bP4DArJFU76PMNQEUcMxZQFeUkykzt_2dNnXdYShhXoZ5grzq8m0tMOWJu7-XSGK9HBEoF-gwdWPQCPJeD80CHLMxxfQOpgp8F9Fwgp5TTwlGNIBFn59n4x_9CQFKysAJnqCEJOevePCCSpl_sbQ0Y5duPj-ZUZ7zYHtkgJTTgHoG7sTxVimE1xbY3G8BeFiEjHQjr3pxI6_Q80VWxN8Krl4HjSxuhj6UuNDNtLt-TyquC2KTaYo-Dnokk9mKA8_X3oBkaRWurWgWwmId06EtDQZwNMnQFYvOSor5_-HXHsfTk4w0CLyh8uMDyqnD-O2UOOX01LvgW6J2vOmQB3kZG935pSJ1DreduRCzMQQ1bqj4q5VkFKkMeHZd09zaRMugM4LayI2Fb3Sl6gS1C1CXqCkHPPdWu2A_2JMMm0erEgYMEVyzMNhUIGG28JnTLYRbqIVB17xhixytyl6Fpks8u-3NQrOH7VKBb29Aq8TQI6dS2PPBXWRP6Pb4qs5OcTd52jCf3JPej7gI6iYPcIanJtK3yhhmNz8EMyd7l3jEOE7pEQiOcSsd8_-3H2jhFZPj3qivt3l_t3746KAgkTVMTUrNR3umt5UEiy0v_LvVCBRT26R4ois0YFhjmTWFXGkWL28BmulWVWCTLFvOmA6AtNw-8dP5a7iFbqBlDuCaiV8maEl0ym9q_OJ_ICZ_v2hB7EHWiyOYxeDTN43TA7jpguXzkD_MKaXtLqlHgIwTopibmRi7ysSMum7gGORKUC7UfLr-JsePFsAKt7nYGKuB4xqsQ22j4iePy8bsDUSKvcONrcojc_5fAqw9bTxdIxJW3Ykp-hg_tTbhckI1G9z6-Xe9M8MkYgCj_3WztxTYJB8uNyQYEcGCb0GaJyC4V7bjZrLGH9k37NBHcSpAiPcDxL7pYANs1k63Hm_PCZxLwBXY6TFLCVH4k2RyHDU6qjLhSYSQm1m4jyIaaZA76Ll9HFk86N2XbGMD6Hjd96nDMEIcDTLKZnr4b3sX4J2s4RjiHFJtlxqbVbm4a1ob7n-9yGq0Z_AxPYMl_Lq95NTbWILPM9TisiBiODtrfTSiLASV5wg9p3wkwpuflcpo0xKNTP1u2W3P6K9U0A5yFt39qVQw1SdSf3pNK5a-teZnLBDw9bqXJxI3qgKDekOwbhxYefftDk7hp5ahUaar7gzd-v325tW-rwdTgUVn9Bssjyz66ED34VpFMB5TjrXBLhUjjiLlf51cLHTPHTb76oGM6rdh4m4mVmUo9SeU9VK2h6lfgRIV3Qi5kKuGHVw81Nz9W_D0odMjF147OJ6bMrfje8tK5Vk-m2U8nNSAD8cvcfw8sJHk8V97CTshIq3gJc_CVOar-ngs6a3BYNddf1i7iKTiTYmdCq_r8fQjn3xBf3LjvTbIiZpV8drVkermaaLcX8RSSkx6DJfZxL_2WsA_Rse2Af7ioafhh4dpJ4wp5-6Ah1bLH3ywX7r7Tj70gNB161Gaaxl3kFK_aC3EEw6_7tqBavDWWJOX0pu-h5EAgsWmgWPvnbGPMi7Bdq9CY7JbRKH6guwjc9NZUfVtVe0QeZXdaecdtdVHJ5QYoSnE91iJycqMyVwLp9uOlax9bIaWqpze6xve0qZ-sG_yks8xSyxHhrXwYc0nEIvjcFbob4SLDZtoql8Fl2mkSNU7LdRsumG9PzEKPbxlPW2gtaYOvpG2wxfoJOwT_JRiwO_E3nbnuKdPnCLXcbTi3VH_pF2d9aSfLMu9UzGgz1aOpNENdDehkg4Nvg6aPtEDhFj5Pwv7Th1uPXjJIV9xFDRE2qAHk7zIWhmfdo5yByrY0MQWay7mRFJLKRCGOoMHvhzL9YLrumYXLoeANozjw4EH1Fxfdax2csXMq3ErhpnEZ8Q0Re_zFtN5ujAh_l0r87KmC1VA0sRLWmpkaRaYTG8PkHfntaT0YEwXe-1uXi-5NfE_9WBjTx8W5IQ7BXq71B774XyretSf1a5jk41v0Au8hhIHxuQHJZbmBPSLX6wa4-Y8FCx8w2OOc&cid=CAQSLQAvHhf_it8ZLINW4FRAtvm_927ABO8jatycyq5Rd4ykESwrroKLoI_wpslT7RgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.todawa55.asia%2F&ds=l&xdt=1&iif=1&cor=11222926653185358000&adk=356101034&idt=134&cac=0&dtd=9

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

233ade9318d5d92f291e7e9f19839b44ee986945511fa9aecd98b6c67a7c8ebf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 06:19:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40589
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame D9F6 172 KB
61 KB 29ms
7ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/
Origin: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 23:49:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23453
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 16 Jan 2024 23:49:04 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240109/r20110914/elements/html/ Frame D9F6 11 KB
4 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240109/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B3UbysnTdBlTo2kJZ78NxTCgsAS0q1eGzfOKhilhyYzlNwPUyTw_NvcYbw0LsGXFerc6eVGS0A6goRRPdiUoAJyTt8wx4eCwSIrmZj2gV79Cl2fPWcBxHecYI-5AoLBZXXLgoeJHCfgMNThKTySKkxqhm28K35m3X75deYyun5hvG4uc8&dbm_d=AKAmf-Aq8_RPXIBdcUuo-I4NzUNdyOpys4IbYCs5ssC7GQYHSMBvmnWJx_jw1khZNedxJvUdJzhcq6ki0nNUSs5eYytBgdYZLc43dffydFu9t1hcv7tK0AGDiM3-_a2lV_v95O_B5KEOchJpP7nfoqkHk9FcDvTT5D9I5Tg5Qre9NV6K_CH92z__CLLXH1iS9WVumkplOhDNDf9wAqMzMrBonL6_qw9TQ6Hv-nfvl-hox1Vse_P-xAdmboGvP6zNMDxH0z2_ucosV5evCKQaVgyOZvBHcn-rB5-yAuB4LxWasclI1vu42SMm6HOZgLLk-d6W1T_GiMU4CUxU7g0dBiZH4epXUZ6x4O6_Xk4ti9L5kky4zBnElL29KOSoMdtNhe-yNhzmWg6blPaxaMi7EeufFNVJ-Mh2nFpL5pnibvV00dNgfp_B4-u1QrEWPprIpIZh6fxWdHQWfitU4n5n_nN0nuW1oM_MnrwvWechX725XPJWg-2hzzzOkq9v--Qaw9Vt3OV-Rt7-HFADLcw-oQhWURd2pr0iK60eaGQjf2EYkhWHfrqlLrPUCYbmEfZBBG9moMlFjusVQLrnmDoH4zXx9U8yRGYsGCUlpiqKNJBlp76OJOdj2Ht02FdSFGTjeM4tbRJ9dciqBkdTKiqTNgEgsmZL9WN2j9x09-4SOEXkkrkwE2g33CvK3yYLSdWm_-IOWkh2cX9gtnWqWnBJ5B5oC0GqN19zAuKA4Qd4s_xgGADRUexk7caJaWNaXsbK3WorT29YIO755Xq4pcC4TzQfE_2oHuwrWXTiQGLbHFh7x4flutJ5egD6yixoMszVBfytZTfpyN163iFSGzHiOvnqYZhvdbjYAViozILgkOqhr2GOhs1L3euF0qGiwLdP4e0Bd2ytpgUU7H_4GkGMLKTwphs-JDYLifUA9IPQEOl5r3jhxcLtX4Ny1oXwcXuetEekRahci53TRzLUAEDMnsskxGTEhKPVKXlBJD3TPxezvvmkasry-rUxvy1ezhlMwUaO0KfsonMqLnofkLgV2mN26AWv3JFyIUgOPthXAp0fKJu95drFNRbDLSP7yzJUR2YM6mpY4GyZnfrVvzMgBo6L6oe1dsaKK4DpDOuq5cVVPImJXaaB5LSm0bGgvpkw3H4Hv5iYhOnK9sOJgSup1ex3zNoAUEjSnYWVq3SZeJcEt0-qEPquTzViVYaj9vmswKhUVCIepMuntYLGTvy3cz6Xs-pp4ZPHkWXavL_eXYhZJnwHNywqO4fga2pbEMftukqg_g0OiPeGcJFSk9W2TYvtHxLvrYbRWy0z8UevgWGOjKFDeje-CCKKlJk-bo1q5WNsaBYWXguZGqgJYHh82uBtSM3wwiueD4JPoIplYl0wbVx5F66_bPeR-g2dzf5CZKjcw5bw64des-lm961UI6NXHuM09jwfnhYM3GWFwOCd63EA8_J72QBI4MVUoHu5KB0SB5uDRfWPfTweNjJqQiYcWMAL4MYesBrBfYhKa1JZKQERKZsB4oGObgPpgCRmt8VWWCvPmhdaormROGurbhP4kAm_dnWjRn36r1TO9vKMiDcNUDpDLVe8z8NoxiuDuZ-eI1pmcVtkOiTo3BI2Udq7mnA04zPlceR5s5s0KxjFtP3t6dJ_3JfEepi7tW0Vx46T3JItZ5wB6kZakn9s3eKQAju3JPq1D8cZgMNEA-zSo9VX1ZPwb8-vFLq0dZ0xmzCWlGj8reMi4ik92NYM1xKe-QgjyNxsBer1idIDbjug9otBcAX_vdimCP_cY4k7LtH1L8zl-wZ9PtKKSadHbhzIu3GjjJbym5BtcMgrD92QZzBtQdx3dQitjg__Fx96BMzv9bP4DArJFU76PMNQEUcMxZQFeUkykzt_2dNnXdYShhXoZ5grzq8m0tMOWJu7-XSGK9HBEoF-gwdWPQCPJeD80CHLMxxfQOpgp8F9Fwgp5TTwlGNIBFn59n4x_9CQFKysAJnqCEJOevePCCSpl_sbQ0Y5duPj-ZUZ7zYHtkgJTTgHoG7sTxVimE1xbY3G8BeFiEjHQjr3pxI6_Q80VWxN8Krl4HjSxuhj6UuNDNtLt-TyquC2KTaYo-Dnokk9mKA8_X3oBkaRWurWgWwmId06EtDQZwNMnQFYvOSor5_-HXHsfTk4w0CLyh8uMDyqnD-O2UOOX01LvgW6J2vOmQB3kZG935pSJ1DreduRCzMQQ1bqj4q5VkFKkMeHZd09zaRMugM4LayI2Fb3Sl6gS1C1CXqCkHPPdWu2A_2JMMm0erEgYMEVyzMNhUIGG28JnTLYRbqIVB17xhixytyl6Fpks8u-3NQrOH7VKBb29Aq8TQI6dS2PPBXWRP6Pb4qs5OcTd52jCf3JPej7gI6iYPcIanJtK3yhhmNz8EMyd7l3jEOE7pEQiOcSsd8_-3H2jhFZPj3qivt3l_t3746KAgkTVMTUrNR3umt5UEiy0v_LvVCBRT26R4ois0YFhjmTWFXGkWL28BmulWVWCTLFvOmA6AtNw-8dP5a7iFbqBlDuCaiV8maEl0ym9q_OJ_ICZ_v2hB7EHWiyOYxeDTN43TA7jpguXzkD_MKaXtLqlHgIwTopibmRi7ysSMum7gGORKUC7UfLr-JsePFsAKt7nYGKuB4xqsQ22j4iePy8bsDUSKvcONrcojc_5fAqw9bTxdIxJW3Ykp-hg_tTbhckI1G9z6-Xe9M8MkYgCj_3WztxTYJB8uNyQYEcGCb0GaJyC4V7bjZrLGH9k37NBHcSpAiPcDxL7pYANs1k63Hm_PCZxLwBXY6TFLCVH4k2RyHDU6qjLhSYSQm1m4jyIaaZA76Ll9HFk86N2XbGMD6Hjd96nDMEIcDTLKZnr4b3sX4J2s4RjiHFJtlxqbVbm4a1ob7n-9yGq0Z_AxPYMl_Lq95NTbWILPM9TisiBiODtrfTSiLASV5wg9p3wkwpuflcpo0xKNTP1u2W3P6K9U0A5yFt39qVQw1SdSf3pNK5a-teZnLBDw9bqXJxI3qgKDekOwbhxYefftDk7hp5ahUaar7gzd-v325tW-rwdTgUVn9Bssjyz66ED34VpFMB5TjrXBLhUjjiLlf51cLHTPHTb76oGM6rdh4m4mVmUo9SeU9VK2h6lfgRIV3Qi5kKuGHVw81Nz9W_D0odMjF147OJ6bMrfje8tK5Vk-m2U8nNSAD8cvcfw8sJHk8V97CTshIq3gJc_CVOar-ngs6a3BYNddf1i7iKTiTYmdCq_r8fQjn3xBf3LjvTbIiZpV8drVkermaaLcX8RSSkx6DJfZxL_2WsA_Rse2Af7ioafhh4dpJ4wp5-6Ah1bLH3ywX7r7Tj70gNB161Gaaxl3kFK_aC3EEw6_7tqBavDWWJOX0pu-h5EAgsWmgWPvnbGPMi7Bdq9CY7JbRKH6guwjc9NZUfVtVe0QeZXdaecdtdVHJ5QYoSnE91iJycqMyVwLp9uOlax9bIaWqpze6xve0qZ-sG_yks8xSyxHhrXwYc0nEIvjcFbob4SLDZtoql8Fl2mkSNU7LdRsumG9PzEKPbxlPW2gtaYOvpG2wxfoJOwT_JRiwO_E3nbnuKdPnCLXcbTi3VH_pF2d9aSfLMu9UzGgz1aOpNENdDehkg4Nvg6aPtEDhFj5Pwv7Th1uPXjJIV9xFDRE2qAHk7zIWhmfdo5yByrY0MQWay7mRFJLKRCGOoMHvhzL9YLrumYXLoeANozjw4EH1Fxfdax2csXMq3ErhpnEZ8Q0Re_zFtN5ujAh_l0r87KmC1VA0sRLWmpkaRaYTG8PkHfntaT0YEwXe-1uXi-5NfE_9WBjTx8W5IQ7BXq71B774XyretSf1a5jk41v0Au8hhIHxuQHJZbmBPSLX6wa4-Y8FCx8w2OOc&cid=CAQSLQAvHhf_it8ZLINW4FRAtvm_927ABO8jatycyq5Rd4ykESwrroKLoI_wpslT7RgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.todawa55.asia%2F&ds=l&xdt=1&iif=1&cor=11222926653185358000&adk=356101034&idt=134&cac=0&dtd=9

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 11:31:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 67708
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 14415875674906819925
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 Jan 2024 11:31:29 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240109/r20110914/ Frame D9F6 31 KB
12 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240109/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 23:06:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26017
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11885
x-xss-protection: 0
server: cafe
etag: 16863283086342074828
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 Jan 2024 23:06:20 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame D9F6 41 KB
14 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 20:07:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 295929
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 11 Jan 2025 20:07:48 GMT

GET
DATA 200
OK truncated
/ Frame D9F6 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67edb509acfba93e4c45e35538d85c240fb1a7e4c03f9654b15fbcf29b75749f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 8535 38 KB
13 KB 18ms
18ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 281347
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 00:10:50 GMT
expires: Sun, 12 Jan 2025 00:10:50 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/5163474105338435392/ Frame 773F 673 B
438 B 32ms
15ms Document
text/html 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5163474105338435392/index.html?e=69&leftOffset=0&topOffset=0&c=MUXJxTL5ze&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4233dc4fc9a83dd7505d7ed3b551bb53123c4b216bd93ba02a1bb1e9a0d3bd9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 409
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 06:19:57 GMT
expires: Wed, 15 Jan 2025 06:19:57 GMT
last-modified: Mon, 15 Jan 2024 14:16:14 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame D9F6 0
0 99ms
63ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstZWhnfulX0h7Ey8zButpAgoNBe9QbR5cSeLdniX_wv9cJkqfABh1VJWNxyeXdDlWL37ahuldD6AdGg48OHhSg2uUdETd6BYl2X1PdcF3IpqVKU9IMWsaVrjT_c8pKjdk1qhMlVDNpvZbdOuK7b8ks-1NTpHBKnPQD2Ua_Cl1cx70B68xR-Sy5IgH3-dO5DTYDfOM00Z6deGAR6tVfejpF2Ixya8LKEzHY5OacJZmSlwohtssgS2zDRKk5I6YlFxilWjnT2K-yyXHaJo1X5XDa3OHqXf1QC0OgEVkUeFHzI_KxCt0DMzOUcwHXp38O_kTthirRsev0H8-mwbBdOyAsKFUrvorPfXfvFWSYOsQJiYU8g9cz0s6alJu3z306Xb751sNOZr7POs4YulMu5IruXY9asrK6mX6dDEWxE09flkv9V69Mw01MW8PnohjN7WJ2NFUDGCF9khCYv1Ye-rJqTPLDW5dzHQ4YEmq-_pHs_DmYqTuZPno4g2Yy2OFQdXRhF0NlF92ZneXR1q3RenDHDe4nfL8wIrVIDF1xV7D6qeUkwxo2t-b-U6ki06-df-qK_Gedig8Ow6wJbkXjrP0tbArggVcBRRH9Ot_ncuauE97ItttdMQA2fUQqAuqZvyjH9L1LBoTM9TSFCxqf_PCBniHUvDTUjKfwwEvDHBjnW_EsDroCQwv6KfyS6Jwy_0BWfG5ZVC9sCew6YB0pwGUN_aQOMj7_a2gORvqnhIHjSARzQGjxclaN16_WzvCqUIniZ7n1KUjQ3h876VH5V4mzA1wgqk5R_G2dt6d5kP_5Y-ehbKmZojhmmm1xfBIo2S6_AwCIMrZSmLjiHV92GppjU2hZzhBd_BDIQG5anOA0IDfKfBdu4hHyR6C6LSLQqSBgw0faTyL-xQCM18FhSms4RkYmOxaZpfYl5dZLVjFEp8L9vbGVA7S6t60Adt2D4qJbiCKnvOFzmLAr5GYDPnC33pyGjXEJgP9bZzUkWFXDWhbbzphahH_Umh4zSewdYNYCVnUCTN_zHonEzr3bjSXTbX75BvX_p7fud5Mi_TZ-v3jwwKxHufj074N7nc7ln6C7fmw1R9lEH7uHxAXuv4dqktVst6vfXbpArAk6FcYOLg3yPvX76XNlJuVmJtLerSTtGF0vHTsbEZb8leEJuRBBSxozlnVi7GyPSNCUsiuQqIFW3WoUk8vUqy_mPoBD4WWs1f65h5_vJlqIPhlz24ab7yGzlNIM_pp7lKOnJ4Bkog7wUjjC5FrZqlSoLI7Q7u0aVQ9Fqh-ja4JPx13wasfC7CUxM5klC2FBQNybdW7TdpMrHqAM87XqlEowOEkGJKwvt7LNrTVOb_SC1naNapClT9Nn68Z_w0H3CIMmS4ONIxHrx-0E8oHC-fDVJ7zhAqwt0FHd4Y67WpCDD9zzYUIZTu_Mhe78FIU5TatlW2-AA9gFg3olwu79w2uskTGYiGzRs2lW-KogfC0Gh2T3KvQ_LnqsTWg&sai=AMfl-YQpBjucWez47ypwJWxLiIWb-QEOfbVfrUmuWeMtE-0fy2cUKfOVnkvkAl0nq8yDOSD1RWbvscmd-R94n2G9UhoCePksBkkS0oOCICG99Jc5pz4hDRXlbK4IoUdx4wG2SWzxCbEf4KHAq1gaSA2oz1fBbP5zCQu_sGib0CrpHKjzM712Xb50GMrcJB0MChLANNqzYIsDStwIfu9JyyyAlJQ3mD-892aUt8_FTi0lJ_0&sig=Cg0ArKJSzGSZfHXBSabvEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=67&cbvp=1&cstd=62&cisv=r20240109.11626&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 16 Jan 2024 06:19:57 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 jquery-3.6.0.slim.js Show response
code.jquery.com/ 230 KB
68 KB 6ms
6ms Script
application/javascript 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.slim.js
Requested by: Host: ad.abchub.site
URL: https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 1f058e34466ba6ea21f79d5c403d68bf61d42b9cc0e43c09d433545da33a16c6

Request headers

Referer: https://www.todawa55.asia/
Origin: https://www.todawa55.asia
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Tue, 16 Jan 2024 06:19:57 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 10583793
x-cache: HIT, HIT
content-length: 68992
x-served-by: cache-lga21921-LGA, cache-fra-etou8220048-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1705385998.890118,VS0,VE0
etag: W/"28feccc0-3974d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 1814, 6

GET
H/1.1 200
OK PelicanC.dll Show response
ad.aceplanet.co.kr/cgi-bin/ 2 KB
3 KB 1119ms
280ms Script
text/html 221.165.139.2
KIXS-AS-KR Korea ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.aceplanet.co.kr/cgi-bin/PelicanC.dll?impr?pageid=05yZ&out=script
Requested by: Host: ad.abchub.site
URL: https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 221.165.139.2 Osan, Korea, Republic Of, ASN4766 (KIXS-AS-KR Korea Telecom, KR),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 72863df27774cdc732cd14c6373ed2fbb25b7baaba2456673bf8685e784e6e83

Request headers

Referer: https://www.todawa55.asia/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
Pragma: no-cache
Date: Tue, 16 Jan 2024 06:19:58 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: Microsoft-IIS/10.0
Connection: close
Content-type: text/html

GET
H2 200 tend.js Show response
js.ad4989.co.kr/common/js/ 35 KB
7 KB 221ms
220ms Script
application/javascript 1.224.180.63
BROADBANDIDC-AS-K...

General

Check archive.org

Show headers Download Go to

Full URL: https://js.ad4989.co.kr/common/js/tend.js
Requested by: Host: ad.abchub.site
URL: https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 1.224.180.63 , Korea, Republic Of, ASN45370 (BROADBANDIDC-AS-KR BROADBANDIDC, KR),
Reverse DNS
Software: /
Resource Hash: 1e18c00f7d939493d0e4c97c057493a49da1e1d7847b151fbd2772f3ac502904

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:57 GMT
content-encoding: gzip
last-modified: Wed, 20 Oct 2021 07:20:32 GMT
accept-ranges: bytes
etag: "616fc340:1aea"
content-length: 6890
content-type: application/javascript

GET
H3 200 DVIFsDrJQ2KCdn08kgozSZwsnEs3maKbf_4WD5VqFaw.js Show response
pagead2.googlesyndication.com/bg/ Frame 8535 51 KB
19 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/DVIFsDrJQ2KCdn08kgozSZwsnEs3maKbf_4WD5VqFaw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d5205b03ac9436282767d3c920a33499c2c9c4b3799a29b7ffe160f956a15ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:20:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 277170
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19609
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 12 Jan 2025 01:20:27 GMT

GET
H/1.1 200
OK WebLog.dll Show response
engine.tend-table.com/cgi-bin/ Frame F6FC 566 B
669 B 3167ms
292ms Document
text/html 221.165.139.2
KIXS-AS-KR Korea ...

General

Check archive.org

Show headers Download Go to

Full URL: https://engine.tend-table.com/cgi-bin/WebLog.dll?servicename=CONF&keyword=&ref=aHR0cHM6Ly93d3cudG9kYXdhNTUuYXNpYS9ob21lLnBocA==&inflow=&adurl=//ad.abchub.site&lang=utf-8&tm=1705385997888
Requested by: Host: js.ad4989.co.kr
URL: https://js.ad4989.co.kr/common/js/tend.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 221.165.139.2 Osan, Korea, Republic Of, ASN4766 (KIXS-AS-KR Korea Telecom, KR),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 68965e881254c13e5f4cc5820bc9c2c32ebfcc478ad38e8663e1db4fc120678a

Request headers

Referer: https://www.todawa55.asia/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: close
Date: Tue, 16 Jan 2024 06:20:00 GMT
Server: Microsoft-IIS/10.0

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 773F 120 KB
41 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5163474105338435392/index.html?e=69&leftOffset=0&topOffset=0&c=MUXJxTL5ze&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5163474105338435392/index.html?e=69&leftOffset=0&topOffset=0&c=MUXJxTL5ze&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 12:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64588
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 16 Jan 2024 12:23:29 GMT

GET
H3 200 template-2d058155.js Show response
s0.2mdn.net/sadbundle/5163474105338435392/ Frame 773F 37 KB
13 KB 13ms
13ms Script
application/x-javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5163474105338435392/template-2d058155.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5163474105338435392/index.html?e=69&leftOffset=0&topOffset=0&c=MUXJxTL5ze&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55ee9510e78623f5fd1309067dc6e7a15f70d48e23e5658a0aa81be100ad232b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5163474105338435392/index.html?e=69&leftOffset=0&topOffset=0&c=MUXJxTL5ze&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Tue, 14 Jan 2025 14:17:12 GMT
date: Mon, 15 Jan 2024 14:17:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57765
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13540
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 14:16:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 index-70c4f56f.css
s0.2mdn.net/sadbundle/5163474105338435392/ Frame 773F 4 KB
1 KB 9ms
9ms Stylesheet
text/css 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5163474105338435392/index-70c4f56f.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5163474105338435392/index.html?e=69&leftOffset=0&topOffset=0&c=MUXJxTL5ze&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

70c4f56f8e13e9387d9c65b17636a678eb6ccf82a8255cb1d2eb9192f7e478bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5163474105338435392/index.html?e=69&leftOffset=0&topOffset=0&c=MUXJxTL5ze&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Tue, 14 Jan 2025 14:17:12 GMT
date: Mon, 15 Jan 2024 14:17:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57765
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1455
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 14:16:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame D9F6 0
0 56ms
55ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstZWhnfulX0h7Ey8zButpAgoNBe9QbR5cSeLdniX_wv9cJkqfABh1VJWNxyeXdDlWL37ahuldD6AdGg48OHhSg2uUdETd6BYl2X1PdcF3IpqVKU9IMWsaVrjT_c8pKjdk1qhMlVDNpvZbdOuK7b8ks-1NTpHBKnPQD2Ua_Cl1cx70B68xR-Sy5IgH3-dO5DTYDfOM00Z6deGAR6tVfejpF2Ixya8LKEzHY5OacJZmSlwohtssgS2zDRKk5I6YlFxilWjnT2K-yyXHaJo1X5XDa3OHqXf1QC0OgEVkUeFHzI_KxCt0DMzOUcwHXp38O_kTthirRsev0H8-mwbBdOyAsKFUrvorPfXfvFWSYOsQJiYU8g9cz0s6alJu3z306Xb751sNOZr7POs4YulMu5IruXY9asrK6mX6dDEWxE09flkv9V69Mw01MW8PnohjN7WJ2NFUDGCF9khCYv1Ye-rJqTPLDW5dzHQ4YEmq-_pHs_DmYqTuZPno4g2Yy2OFQdXRhF0NlF92ZneXR1q3RenDHDe4nfL8wIrVIDF1xV7D6qeUkwxo2t-b-U6ki06-df-qK_Gedig8Ow6wJbkXjrP0tbArggVcBRRH9Ot_ncuauE97ItttdMQA2fUQqAuqZvyjH9L1LBoTM9TSFCxqf_PCBniHUvDTUjKfwwEvDHBjnW_EsDroCQwv6KfyS6Jwy_0BWfG5ZVC9sCew6YB0pwGUN_aQOMj7_a2gORvqnhIHjSARzQGjxclaN16_WzvCqUIniZ7n1KUjQ3h876VH5V4mzA1wgqk5R_G2dt6d5kP_5Y-ehbKmZojhmmm1xfBIo2S6_AwCIMrZSmLjiHV92GppjU2hZzhBd_BDIQG5anOA0IDfKfBdu4hHyR6C6LSLQqSBgw0faTyL-xQCM18FhSms4RkYmOxaZpfYl5dZLVjFEp8L9vbGVA7S6t60Adt2D4qJbiCKnvOFzmLAr5GYDPnC33pyGjXEJgP9bZzUkWFXDWhbbzphahH_Umh4zSewdYNYCVnUCTN_zHonEzr3bjSXTbX75BvX_p7fud5Mi_TZ-v3jwwKxHufj074N7nc7ln6C7fmw1R9lEH7uHxAXuv4dqktVst6vfXbpArAk6FcYOLg3yPvX76XNlJuVmJtLerSTtGF0vHTsbEZb8leEJuRBBSxozlnVi7GyPSNCUsiuQqIFW3WoUk8vUqy_mPoBD4WWs1f65h5_vJlqIPhlz24ab7yGzlNIM_pp7lKOnJ4Bkog7wUjjC5FrZqlSoLI7Q7u0aVQ9Fqh-ja4JPx13wasfC7CUxM5klC2FBQNybdW7TdpMrHqAM87XqlEowOEkGJKwvt7LNrTVOb_SC1naNapClT9Nn68Z_w0H3CIMmS4ONIxHrx-0E8oHC-fDVJ7zhAqwt0FHd4Y67WpCDD9zzYUIZTu_Mhe78FIU5TatlW2-AA9gFg3olwu79w2uskTGYiGzRs2lW-KogfC0Gh2T3KvQ_LnqsTWg&sai=AMfl-YQpBjucWez47ypwJWxLiIWb-QEOfbVfrUmuWeMtE-0fy2cUKfOVnkvkAl0nq8yDOSD1RWbvscmd-R94n2G9UhoCePksBkkS0oOCICG99Jc5pz4hDRXlbK4IoUdx4wG2SWzxCbEf4KHAq1gaSA2oz1fBbP5zCQu_sGib0CrpHKjzM712Xb50GMrcJB0MChLANNqzYIsDStwIfu9JyyyAlJQ3mD-892aUt8_FTi0lJ_0&sig=Cg0ArKJSzGSZfHXBSabvEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=138&vt=11&dtpt=71&dett=3&cstd=62&cisv=r20240109.11626&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:57 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8535 0
20 B 47ms
46ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B8GPMDSCmZaLuLdPpx_APgamGgAQAAAAAOAHgBAI&bg=!IyClIG_NAAZ1R9vHVUc7ADQBe5WfOFK3ZZfEFaVihQUWIHffXDtZNUJjdYDa64rvdN5v-fZNA9ek6_0QUX6B5W-YAlnzAgAAADhSAAAAAmgBBwoAKTnj400MLP3ksBSHi3aS6q0f5JYQDJ2KzPMhlcG2yvyZeGYLj-SskR_MmQMXBLZs1K53fYlnXvHUaTgaBrqtMTB2O2vk-Z3EsVQp-M8ojCqeTaOCXPULZc7mOWPqOx4IaO1_e7LvqPwCiizdEQmkSIiu11rpG_9qpH8DrkPFhs0VFlvJ0dHizSLusaK19deVNxZq8f82NDv99poFtxuHJ2T7xr7gn07EwM6M4eYnpaehp9RVCjw3BQtzuYfuB8i0kyOHTHM2oyRtUKe-Ag5HeLRGwdfYDZvLTDar4EG4857ZKMyhclNVWdynqht-9t_Vlxx3eW1PBmjuqP7eR0_Q10x3J4FGHPOUPh81YewpkQsnAyrs_UznX3teiGVjAbL5n9TAeKF1k3FUuYf8OkxmaoV_1KvGBAjjVbGIyda1dC4cThJiii56x9gT5Y9ZBoKIt3f4vpsWtfy2EshhotHYkEvsHgyx4jQYE4utFr2bB0FuZpNqhhRGQqokMieHUYeJ11uSO6s99AodWLL9woqLCIX0dB9LJVwND5StY8f0PmAcYklhChLaiJFS7XV0X92jjZL4zp8HS5wVuLS5TQWVAslp3UGtCf9txzmuir0ETPkWlsnChGTF4qp_hhKkqbaf8e7qHcmrtEDhj8bYrsZ3xergNIvaLd-1t9Kvg5w9Wx54BMlDNuzA9ld5BCK_xZHFRPW8kdkWbJqepJRUl3D9FaftRSfUUJLJzyUJSfNsE9la24kSIscEFly4-L5Qttp4tN_gqRT78tXa4O12TTrGAZIiWpFtRPrkR6NlydF6lnyZPTIK-XIBewOZ2LJIDC8Ykl58CH0i38cPhybgqxa7ZwKb30629XozlxUQoiS2KF9ZA_8d3GXD1Vk5QeeB4y6H7qNhhUL6oYhAmxZo2ycfH7VGvU8t3U9J4QN0gL2X-NoXArD6kyjsFWP6UnaV278agDgLsgA3DscBcJ31_UNTfolDDv9xilqXTYKfF012PQJYYD2ZojxhgGSEtQiGjrmiMWjZanQnmFH27M5O9CuK8DVJg5t-XE0uHfDGoYLNZMl2tH-9w86OsBJ70aIK7pDHNvWhAYEEEniQUODYYkhuASe9fLs

Requested by

Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 06:19:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 773F 8 KB
6 KB 86ms
48ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

da6a68848e9f6eb725ba97564e63a29e915336ef9b3225a26975751ee2be76ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5876
x-xss-protection: 0

GET
H3 200 kacheln.svg
s0.2mdn.net/4528404/1693566003742/ Frame 773F 1 KB
508 B 9ms
8ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1693566003742/kacheln.svg

Requested by

Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f53e834474e33540f149e24fb765f3ccbb808b07c2e650ae1aafdb165611c15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5163474105338435392/index.html?e=69&leftOffset=0&topOffset=0&c=MUXJxTL5ze&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 09:00:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76758
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 482
x-xss-protection: 0
last-modified: Fri, 01 Sep 2023 11:00:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 16 Jan 2024 09:00:39 GMT

GET
H3 200 agata.png
s0.2mdn.net/4528404/ Frame 773F 2 MB
2 MB 14ms
13ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/agata.png

Requested by

Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96ba8dcd11d2e05a343a7dfe34dbae7c1fb48cda32eec0532d006b0ef2e20e37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5163474105338435392/index.html?e=69&leftOffset=0&topOffset=0&c=MUXJxTL5ze&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 09:05:54 GMT
x-content-type-options: nosniff
age: 76443
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2436365
x-xss-protection: 0
last-modified: Fri, 01 Sep 2023 10:30:05 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 16 Jan 2024 09:05:54 GMT

GET
H3 200 logo.svg
s0.2mdn.net/4528404/1687521602712/ Frame 773F 5 KB
2 KB 12ms
11ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1687521602712/logo.svg

Requested by

Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0d80991c6e4b62d5c77985c1e293aad44cc120e03aee7ae6936c79d25a0e467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5163474105338435392/index.html?e=69&leftOffset=0&topOffset=0&c=MUXJxTL5ze&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 17:08:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 47486
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1913
x-xss-protection: 0
last-modified: Fri, 23 Jun 2023 12:00:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 16 Jan 2024 17:08:31 GMT

GET
H3 200 cta_mit-pfeil_01.svg
s0.2mdn.net/4528404/1687937402098/ Frame 773F 2 KB
1 KB 13ms
12ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1687937402098/cta_mit-pfeil_01.svg

Requested by

Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a9cba16c5a30dc7cc3bdcbba2a45e9e2e28ec4437894302c6676369ed0ec732

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5163474105338435392/index.html?e=69&leftOffset=0&topOffset=0&c=MUXJxTL5ze&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 15:56:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51821
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1134
x-xss-protection: 0
last-modified: Wed, 28 Jun 2023 07:30:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 16 Jan 2024 15:56:16 GMT

GET
H3 200 stoerer-links-oben-pink.svg
s0.2mdn.net/4528404/1698156002479/ Frame 773F 566 B
403 B 10ms
9ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1698156002479/stoerer-links-oben-pink.svg

Requested by

Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62d8e57ac9942eeefb1d01232cc721f5a059607dfb5272c0bd259397beb1550c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5163474105338435392/index.html?e=69&leftOffset=0&topOffset=0&c=MUXJxTL5ze&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 09:15:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75886
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 377
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 14:00:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 16 Jan 2024 09:15:11 GMT

GET
H3 200 beste-d-netzt-vertikal.svg
s0.2mdn.net/4528404/1693818003522/ Frame 773F 4 KB
2 KB 14ms
13ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1693818003522/beste-d-netzt-vertikal.svg

Requested by

Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a8932f2b80fe5bfb96d164927d1071e51fd267bee9efdafdeed14ada1bbd663

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5163474105338435392/index.html?e=69&leftOffset=0&topOffset=0&c=MUXJxTL5ze&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 05:59:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1228
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1708
x-xss-protection: 0
last-modified: Mon, 04 Sep 2023 09:00:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 Jan 2024 05:59:29 GMT

GET
H3 200 logo-d0d80991.svg
s0.2mdn.net/sadbundle/5163474105338435392/ Frame 773F 5 KB
2 KB 15ms
14ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5163474105338435392/logo-d0d80991.svg

Requested by

Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0d80991c6e4b62d5c77985c1e293aad44cc120e03aee7ae6936c79d25a0e467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5163474105338435392/index.html?e=69&leftOffset=0&topOffset=0&c=MUXJxTL5ze&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Tue, 14 Jan 2025 14:17:16 GMT
date: Mon, 15 Jan 2024 14:17:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57761
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1913
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 14:16:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 InterstateCondensedBlack.woff2
s0.2mdn.net/creatives/assets/4925812/ Frame 773F 14 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4925812/InterstateCondensedBlack.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5163474105338435392/index-70c4f56f.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3b7bf416424abed17314649bb71a1de7a3afc6af66840d04b730e69652e27ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5163474105338435392/index-70c4f56f.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:11:03 GMT
x-content-type-options: nosniff
age: 535
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14644
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 09:13:06 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 16 Jan 2024 06:26:03 GMT

GET
H3 200 InterstateCondensed.woff2
s0.2mdn.net/creatives/assets/4925812/ Frame 773F 28 KB
28 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4925812/InterstateCondensed.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5163474105338435392/index-70c4f56f.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

241bb801b29748e542884f7b902c02f12f6a318ba97f70224986634926dbc433

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5163474105338435392/index-70c4f56f.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:13:57 GMT
x-content-type-options: nosniff
age: 361
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28596
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 09:13:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 16 Jan 2024 06:28:57 GMT

GET
H3 200 kacheln.svg
s0.2mdn.net/4528404/1693566003742/ Frame 773F 1 KB
512 B 7ms
6ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1693566003742/kacheln.svg

Requested by

Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f53e834474e33540f149e24fb765f3ccbb808b07c2e650ae1aafdb165611c15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5163474105338435392/index.html?e=69&leftOffset=0&topOffset=0&c=MUXJxTL5ze&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 09:00:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76759
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 482
x-xss-protection: 0
last-modified: Fri, 01 Sep 2023 11:00:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 16 Jan 2024 09:00:39 GMT

GET
H3 200 agata.png
s0.2mdn.net/4528404/ Frame 773F 2 MB
2 MB 7ms
7ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/agata.png

Requested by

Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96ba8dcd11d2e05a343a7dfe34dbae7c1fb48cda32eec0532d006b0ef2e20e37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5163474105338435392/index.html?e=69&leftOffset=0&topOffset=0&c=MUXJxTL5ze&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 09:05:54 GMT
x-content-type-options: nosniff
age: 76444
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2436365
x-xss-protection: 0
last-modified: Fri, 01 Sep 2023 10:30:05 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 16 Jan 2024 09:05:54 GMT

GET
H2 200 dc_oe=ChMI4qjn9KHhgwMV0_QRCB2BlAFAEAAYACD2we5cQhMIt6XF9KHhgwMVgdi7CB3d2wwn;dc_eps=AHas8cAK6MY2BpXBnHefFViooL4NcWUmod1ztS3dzd6NRBF8Q927mb1KCwIR7q0PziA0ffGJGMvg5G8;stragg=1;&timestamp=1705385998058;s...
ade.googlesyndication.com/ddm/activity/ Frame D9F6 42 B
401 B 79ms
44ms Image
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI4qjn9KHhgwMV0_QRCB2BlAFAEAAYACD2we5cQhMIt6XF9KHhgwMVgdi7CB3d2wwn;dc_eps=AHas8cAK6MY2BpXBnHefFViooL4NcWUmod1ztS3dzd6NRBF8Q927mb1KCwIR7q0PziA0ffGJGMvg5G8;stragg=1;&timestamp=1705385998058;str=nextSlide;strtype=1

Requested by

Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 06:19:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 773F 17 KB
6 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 16 Jan 2024 06:19:58 GMT

GET
H3 200 MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js Show response
pagead2.googlesyndication.com/bg/ Frame 34C6 39 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 11:41:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 67135
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15229
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 Jan 2025 11:41:03 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D9F6 42 B
64 B 45ms
44ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuFBLSlLXq4vzleSk2rmT1ODM3qlllf2rhPwWmmRHN7WPh2mnYBJa7W1X2J0fybFtQ6q1aQCsneBgK9ffEYAbsgsNjFA6w-FflWPjY7oybEvtz37AMhXwWTTAK-Ddk8G21cYq_UnTGPL69qDTXTUDXawUak&sai=AMfl-YQvhmqZvMhcHy83tKlVfSEx0tUDl_tk1nIvuwSyIcddnpiZyx6ctt3nKdcnZhJZxP7XMs3ggm-WfSObXGiYF_5I-dEv18SWKzPnxCBJ&sig=Cg0ArKJSzI_6cbidFVcoEAE&cid=CAQSLQAvHhf_it8ZLINW4FRAtvm_927ABO8jatycyq5Rd4ykESwrroKLoI_wpslT7RgB&id=lidar2&mcvt=1000&p=926,1268,1176,1568&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240110&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3759869028&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1705385997566&rpt=273&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 06:19:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D9F6 0
20 B 44ms
43ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2469396600861&version=m202309260101&ct=76&x=1&cor=11222926653185358000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 06:19:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 97 KB
29 KB 82ms
81ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: ad.aceplanet.co.kr
URL: https://ad.aceplanet.co.kr/cgi-bin/PelicanC.dll?impr?pageid=05yZ&out=script

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

306fc11d154762a1394fc97ff900bc670c2b5ad2c4cf1bfcbec4570591a238e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29247
x-xss-protection: 0
server: cafe
etag: 144 / 19738 / 31080327 / config-hash: 6457213104751266546
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 16 Jan 2024 06:19:59 GMT

GET
H3 200 img_19.png
www.todawa55.asia/images/ 1 KB
2 KB 19ms
19ms Image
image/png 2606:4700:3033::ac43:8fe2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.todawa55.asia/images/img_19.png
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:8fe2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed0e54d3733153667e0c73b418b4a4219087f69af048f715e8c0d360112b0571

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/home.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 398088
alt-svc: h3=":443"; ma=86400
content-length: 1535
last-modified: Wed, 08 Jun 2022 13:48:46 GMT
server: cloudflare
etag: "62a0a8be-5ff"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IHqfJsf3vWo9cQVUJ9WgH678CszqiZSPAXcsPKyN8RHmj6dBVNVo%2Bon9Xm0D2qaE7VgiB12xMJITEgIvAEdBK%2F5sKEm38U0v7wLLQ29pL%2BHigG4ctjGXdjWAT95we%2FWYhXGI1SwGfgRtobQxV%2BWIQA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 84643ffdd99b5c3d-AMS
expires: Sat, 10 Feb 2024 15:45:11 GMT

GET
H3 200 icon_new.gif
www.todawa55.asia/images/ 511 B
1002 B 20ms
20ms Image
image/gif 2606:4700:3033::ac43:8fe2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.todawa55.asia/images/icon_new.gif
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:8fe2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8a57e51ca4ccf80a78e91a18e4a45c93f6f266a7d9d8ff54c93d2f7bd33ccd5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/home.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 419496
alt-svc: h3=":443"; ma=86400
content-length: 511
last-modified: Thu, 19 Sep 2019 13:42:13 GMT
server: cloudflare
etag: "5d8385b5-1ff"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qduBBLfyl5GHvFOivu%2BJ7yDa7mU93DQ7yXhDYbpOsglldxjD4LrKDGZ0hmbu07SGCZIbAgYVwX%2Fd%2FlFm2XnWjGBqE1ixSQIBVQngOduvSphF5ORr9bEl93TTbpGhEK%2BmkXzc3ws5igi%2FnPvpNFsuXA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 84643ffdd99c5c3d-AMS
expires: Sat, 10 Feb 2024 09:48:22 GMT

GET
H3 200 icon_nonew.gif
www.todawa55.asia/images/ 1 KB
2 KB 21ms
21ms Image
image/gif 2606:4700:3033::ac43:8fe2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.todawa55.asia/images/icon_nonew.gif
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/home.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:8fe2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e1bdc4c80ed0efafe91180d84a9516d1b468a47ec7bf03db4230e527e014cdd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/home.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 419496
alt-svc: h3=":443"; ma=86400
content-length: 1245
last-modified: Sat, 12 Oct 2019 14:47:22 GMT
server: cloudflare
etag: "5da1e77a-4dd"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BEMR5GU97T49FnHXpxUP3DqtUfbI0Pp6Uwn%2FX3rVlfCwTSYFwG6ryr6F2c9JaqG5S1920h2Zb%2Fk5rtP0dNjfqlSsr2QnfuQjyX0qEgaNhfCEyw1AjdgkvlEQDzB6WC%2BKn8zumaya26C%2FeU09MzIXig%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 84643ffdd99d5c3d-AMS
expires: Sat, 10 Feb 2024 09:48:23 GMT

GET
H3 200 main_bg.gif
www.todawa55.asia/images/common/ 1 KB
2 KB 23ms
22ms Image
image/gif 2606:4700:3033::ac43:8fe2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.todawa55.asia/images/common/main_bg.gif
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/css/common.css?v5
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:8fe2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e5ce83a1abacd834f7e44a3be40475fdbb8034a7a1f1da33ab6ad985d0b94a2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/css/common.css?v5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 273276
alt-svc: h3=":443"; ma=86400
content-length: 1215
last-modified: Wed, 18 Sep 2019 07:12:58 GMT
server: cloudflare
etag: "5d81d8fa-4bf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5OKm%2BJFHsMrRNWf2UxZ5TbctyLVfg9QWD%2BqK5PbctYEXk%2B5wLHANEgMohgvNIQrtNF3x%2FNj0rgUHYxylkgBSy996enVA2ULtRxVG6LR5MNe8v%2Fhpsn7mepv51i6m9TXmcoWDFhwshfkXXqOpeKCw6g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 84643ffde9a25c3d-AMS
expires: Mon, 12 Feb 2024 02:25:23 GMT

GET
H3 200 more.gif
www.todawa55.asia/images/main/ 1 KB
2 KB 20ms
20ms Image
image/gif 2606:4700:3033::ac43:8fe2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.todawa55.asia/images/main/more.gif
Requested by: Host: www.todawa55.asia
URL: https://www.todawa55.asia/css/main.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:8fe2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7985a42dd917c9daf4cd2288e298caab5320df9927ee0ccdf43fed99f2cacf2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:19:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 419488
alt-svc: h3=":443"; ma=86400
content-length: 1192
last-modified: Wed, 18 Sep 2019 05:26:59 GMT
server: cloudflare
etag: "5d81c023-4a8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HMCa3fIeujyTIuUpQlqnP9PMoWv4Oj9hBNXlIvEBGr0bRpRXdhyoIIRtkX6ULAYtO0Atw8uQa6FyOKNCbi1p4vjjPjAIT%2FqUbAVYkdN8AS7wPg%2BUSf%2FlDQAa5WbOZukx9N6v0sPvZuzdrcx3etPwGA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 84643ffde9a45c3d-AMS
expires: Sat, 10 Feb 2024 09:48:31 GMT

GET
H2 200 tend_child.js Show response
js.ad4989.co.kr/common/js/ Frame F6FC 14 KB
4 KB 221ms
221ms Script
application/javascript 1.224.180.63
BROADBANDIDC-AS-K...

General

Check archive.org

Show headers Download Go to

Full URL: https://js.ad4989.co.kr/common/js/tend_child.js
Requested by: Host: engine.tend-table.com
URL: https://engine.tend-table.com/cgi-bin/WebLog.dll?servicename=CONF&keyword=&ref=aHR0cHM6Ly93d3cudG9kYXdhNTUuYXNpYS9ob21lLnBocA==&inflow=&adurl=//ad.abchub.site&lang=utf-8&tm=1705385997888
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 1.224.180.63 , Korea, Republic Of, ASN45370 (BROADBANDIDC-AS-KR BROADBANDIDC, KR),
Reverse DNS
Software: /
Resource Hash: 825bb65c3cf6d63f4db6c3c26793dd0cc7e2c846b5732bffd8eaea2f0612ac87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://engine.tend-table.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:20:00 GMT
content-encoding: gzip
last-modified: Mon, 24 Feb 2020 10:01:26 GMT
accept-ranges: bytes
etag: "5e539ef6:1164"
content-length: 4452
content-type: application/javascript

GET
H/1.1 200
OK WebLog.dll Show response
engine.tend-table.com/cgi-bin/ Frame F6FC 79 B
391 B 287ms
287ms Script
text/html 221.165.139.2
KIXS-AS-KR Korea ...

General

Check archive.org

Show headers Download Go to

Full URL: https://engine.tend-table.com/cgi-bin/WebLog.dll?servicename=REF&ref=aHR0cHM6Ly93d3cudG9kYXdhNTUuYXNpYS9ob21lLnBocA==&inflow=&query=&lang=utf-8&cookieval=&tm=1705386001281&jquerycallback=foinCookie.setReferrer_local
Requested by: Host: js.ad4989.co.kr
URL: https://js.ad4989.co.kr/common/js/tend_child.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 221.165.139.2 Osan, Korea, Republic Of, ASN4766 (KIXS-AS-KR Korea Telecom, KR),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 64a0c38e91767fafc305dc34e65c52834e5d4772cd3a4c17a7662b0981055ff7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://engine.tend-table.com/cgi-bin/WebLog.dll?servicename=CONF&keyword=&ref=aHR0cHM6Ly93d3cudG9kYXdhNTUuYXNpYS9ob21lLnBocA==&inflow=&adurl=//ad.abchub.site&lang=utf-8&tm=1705385997888
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

P3P: CP='CAO PSA CONi OTR OUR DEM ONL'
Pragma: no-cache
Date: Tue, 16 Jan 2024 06:20:01 GMT
Cache-Control: no-cache
Server: Microsoft-IIS/10.0
Connection: close
Content-type: text/html

GET
H/1.1 200
OK pelicanc.dll Show response
ad.abchub.site/cgi-bin/ Frame 3260 0
372 B 831ms
278ms Document
text/html 221.165.139.2
KIXS-AS-KR Korea ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.abchub.site/cgi-bin/pelicanc.dll?adservicename=VLD&name=FOIN_CATEGORY&method=set&data=&encode_yn=N&copy_yn=Y&tm=1705386001570
Requested by: Host: js.ad4989.co.kr
URL: https://js.ad4989.co.kr/common/js/tend_child.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 221.165.139.2 Osan, Korea, Republic Of, ASN4766 (KIXS-AS-KR Korea Telecom, KR),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://engine.tend-table.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-type: text/html
Date: Tue, 16 Jan 2024 06:20:02 GMT
P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
Pragma: no-cache
Server: Microsoft-IIS/10.0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 57ms
56ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202401080101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401080101/pubads_impl.js?cb=31080328

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

404aa660e65fa1555d2aae3367bba745d05ce58a196002784fa57c972ae16ac8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:20:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12365
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401080101/pubads_impl.js?cb=31080328

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:20:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 16 Jan 2024 06:20:02 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A597 13 KB
5 KB 18ms
18ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.todawa55.asia/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 32580
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 Jan 2024 21:17:02 GMT
expires: Tue, 14 Jan 2025 21:17:02 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9230 829 B
1 KB 37ms
16ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

24c2be07ba08cbdc25f22381232324f4d712848c09a70ba4ae3ee1c044967f61

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Qsevxic7uASCOTNyAUUAIQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.todawa55.asia/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-Qsevxic7uASCOTNyAUUAIQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 06:20:02 GMT
expires: Tue, 16 Jan 2024 06:20:02 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js Show response
pagead2.googlesyndication.com/bg/ Frame A597 39 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 11:41:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 67139
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15229
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 Jan 2025 11:41:03 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9230 0
0 40ms
40ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202401080101&jk=1921558338542951&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A597 0
10 B 17ms
17ms Image
text/plain 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?zSp_vQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:20:02 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 InterstateRegular-Bold.woff2
s0.2mdn.net/creatives/assets/4925812/ Frame 773F 29 KB
29 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4925812/InterstateRegular-Bold.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5163474105338435392/index-70c4f56f.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d52c7c5050b088109075328a9e830e4bfdf6446c763b9e69c637d5c0e11d599

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5163474105338435392/index-70c4f56f.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 06:14:43 GMT
x-content-type-options: nosniff
age: 320
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29232
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 09:13:13 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 16 Jan 2024 06:29:43 GMT

GET
H3 200 logo.svg
s0.2mdn.net/4528404/1687521602712/ Frame 773F 5 KB
2 KB 7ms
7ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1687521602712/logo.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0d80991c6e4b62d5c77985c1e293aad44cc120e03aee7ae6936c79d25a0e467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5163474105338435392/index.html?e=69&leftOffset=0&topOffset=0&c=MUXJxTL5ze&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 17:08:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 47492
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1913
x-xss-protection: 0
last-modified: Fri, 23 Jun 2023 12:00:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 16 Jan 2024 17:08:31 GMT

GET
H3 200 cta_mit-pfeil_01.svg
s0.2mdn.net/4528404/1687937402098/ Frame 773F 2 KB
1 KB 8ms
7ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1687937402098/cta_mit-pfeil_01.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a9cba16c5a30dc7cc3bdcbba2a45e9e2e28ec4437894302c6676369ed0ec732

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5163474105338435392/index.html?e=69&leftOffset=0&topOffset=0&c=MUXJxTL5ze&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 15:56:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51827
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1134
x-xss-protection: 0
last-modified: Wed, 28 Jun 2023 07:30:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 16 Jan 2024 15:56:16 GMT

GET
H3 200 stoerer-links-oben-pink.svg
s0.2mdn.net/4528404/1698156002479/ Frame 773F 566 B
411 B 9ms
8ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1698156002479/stoerer-links-oben-pink.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62d8e57ac9942eeefb1d01232cc721f5a059607dfb5272c0bd259397beb1550c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5163474105338435392/index.html?e=69&leftOffset=0&topOffset=0&c=MUXJxTL5ze&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 09:15:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75892
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 377
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 14:00:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 16 Jan 2024 09:15:11 GMT

GET
H3 200 beste-d-netzt-vertikal.svg
s0.2mdn.net/4528404/1693818003522/ Frame 773F 4 KB
2 KB 9ms
9ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1693818003522/beste-d-netzt-vertikal.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a8932f2b80fe5bfb96d164927d1071e51fd267bee9efdafdeed14ada1bbd663

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5163474105338435392/index.html?e=69&leftOffset=0&topOffset=0&c=MUXJxTL5ze&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 05:59:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1234
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1708
x-xss-protection: 0
last-modified: Mon, 04 Sep 2023 09:00:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 Jan 2024 05:59:29 GMT

GET
H2 200 dc_oe=ChMI4qjn9KHhgwMV0_QRCB2BlAFAEAAYACD2we5cQhMIt6XF9KHhgwMVgdi7CB3d2wwn;dc_eps=AHas8cAK6MY2BpXBnHefFViooL4NcWUmod1ztS3dzd6NRBF8Q927mb1KCwIR7q0PziA0ffGJGMvg5G8;stragg=1;&timestamp=1705386003066;s...
ade.googlesyndication.com/ddm/activity/ Frame D9F6 42 B
107 B 46ms
45ms Image
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 06:20:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMI4qjn9KHhgwMV0_QRCB2BlAFAEAAYACD2we5cQhMIt6XF9KHhgwMVgdi7CB3d2wwn;dc_eps=AHas8cAK6MY2BpXBnHefFViooL4NcWUmod1ztS3dzd6NRBF8Q927mb1KCwIR7q0PziA0ffGJGMvg5G8;stragg=1;&timestamp=1705386003067;s...
ade.googlesyndication.com/ddm/activity/ Frame D9F6 42 B
107 B 48ms
44ms Image
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 06:20:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 44ms
44ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202401080101&jk=1921558338542951&bg=!ycqlyoXNAAaumcC-jpk7ADQBe5WfOOZ44WCp0YWyYwyP91yBTbWTMs63zu3lux9cOtrue2K01HSKxwtIP5orQ8M0gTxDAgAAADpSAAAAAWgBBwoAuSOMom2O3rX3-dQECseBV6ogFmqOJ1R4lP3cEzN1HZsRbYFqFD6FKx-OXHHrMx4RQzIcqhRwEofP6SpIAGnhr7z-vOGi8Domq1ZZEFSeUgtEZ0QRzdPrihgD7cPtDv5HIpokqx4RWzrzxJhhBGx-c3tiblWXSinIjD08osWVgAF6pQwuxX8Eero6ZVsmcbsulqPOxzxBaAmemAdp-et0kDstKFLT1uS_7XNCcv4hahhUXx9k9cXEQBk5mQK9y0e8aAe8KUOOcPtGK4jQXp-MKd9NJhZhssSNuA1ZQ7DUl9KeaWOe17_MKXYuD4Kw_gLksORPG5KbWi16_oPMNMmuOXrDkt87ah4-vU4HQsRi5RMgpp8AVf0yfj1zdQ8h481MNBs2XYnogPqN3fiUQB54DSMhDSx9_Ranc9DS_F3g5kr3z98V9gA8cPDR9aseD7nqFPM3mMIZlh1-Usxh5Z2ccKe95Pib7FqPyzoBH4jnozM-BzocdMPbKhrditYFmetU5TTP5RC9LW3jYQOFikjI7TCqWPAGpaxwfZt8rasZhUqAcgVfdmqhHSjYxSKHNf1ojo6lZtxjqnIwvPn5HWJawZ8tRwYEBDuV8fDqd99nEFIz30cX-2cKuwr2R9AcWlGxRuYaTP4EsWKzuMO2Fb9WjR5Ac_sbyq17nzGkq7VrHva5Ph_kF4cG80-V7G2xXBAAermsJK1GW-CLsLqybWcDynJE01aBDqCENpwBCeJ-XyiivItVn3S1ygxV43d_xaWKMtgJFja0wsYh057XM8zg059uMpQFXlwz3NYo5H6Y8odxrd6z2VLNXLQqAfAjXVWnGPcLjK7FLggd7i-FynoqC9lKosZBN91OLavAgPeK-dslgk695jSkIHE3rAC_MfucYrXEIM2nqfSfb8QWerpFFpwxVcyUjzX0zljfI9YEiM4rW8t6-DmAatbn7aG-Bu7ywOe4MFoU3zmVVu3o74Yz2Uhar-1lvMDdcFVQtqvwnfJQcRDPR8T8441qZBcZoKonk9k0Fr__GQ_4R7GC3ZonV0xEJJM7LznoPaexerDyAGaCCAiYjQWjRWm0o-hIsCUwLhUdp5Dl0t6E9rhU98mSvUafOell_Kp1vr10tVgje7v5hp3Rfj32fBt-ERf9dtGNkVUNJmDYv2JfZaN_J3Ewnpnj_Zh_qAV4SEU
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.todawa55.asia/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

45 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
ad.abchub.site/	1970-01-20 18:03:47	Name: FOIN_REF1 Value: https://www.todawa55.asia/
ad.abchub.site/	1970-01-21 03:19:05	Name: HEAD Value: 021050U1VJqCY
ad.aceplanet.co.kr/	1970-01-20 18:03:47	Name: FOIN_REF1 Value: https://www.todawa55.asia/
ad.aceplanet.co.kr/	1970-01-21 03:19:05	Name: HEAD Value: 021050U1VJqNa
.todawa55.asia/	1970-01-21 03:04:41	Name: __gads Value: ID=1a5f20329637ea1e:T=1705385997:RT=1705385997:S=ALNI_MbCZ1hA611veI33LU4FgEPM81sjCQ
.doubleclick.net/	1970-01-21 03:04:41	Name: IDE Value: AHWqTUluraUQI1gdUlzfImXHHQbENMFnnsZaPWo0xQajy36ETy8p6vCuLlYhYgPx
.adnxs.com/	1970-01-20 19:52:41	Name: uuid2 Value: 2559427191360361992
.casalemedia.com/	1970-01-21 02:28:41	Name: CMID Value: ZaYgDSdb-wFurkgVUlJYOAAA
.casalemedia.com/	1970-01-20 19:52:41	Name: CMPS Value: 2237
.casalemedia.com/	1970-01-20 19:52:41	Name: CMPRO Value: 2237
.adnxs.com/	1970-01-21 03:19:05	Name: XANDR_PANID Value: snR7sPT-FxnOYW3RYp2F-afHNInm0RuKUbQ6C7lAY0eehKaOdh8F7Mhe8ivBOCsoTkpeqhwv1yo0_IZ_QKGzPhVswtANUU88ccOGaYDPuog.
.adnxs.com/	1970-01-20 19:52:41	Name: anj Value: dTM7k!M41.D>6NRF']wIg2C%<DL2ua!@wnfH8K6pQK`!5=E<L5?%M1/MJS)7$-UpkBTWNkD2<%mHRT3Clw0R7!M:%nugO%v4VB%nm2!)nK$6
.doubleclick.net/	1970-01-20 22:02:17	Name: APC Value: AfxxVi7WI0fsR0JTvi8A8xc8vl6btDBvrcO3g0r4rlhHn9SWcW7YRg
engine.tend-table.com/	1970-01-21 03:19:06	Name: HEAD Value: 010050U1VJrf6
engine.tend-table.com/	1970-01-20 18:26:18	Name: FOIN_CATEGORY1 Value:
ad.abchub.site/	1970-01-20 18:03:48	Name: FOIN_CATEGORY1 Value:

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.6.0.slim.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.6.0.slim.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ad.aceplanet.co.kr/cgi-bin/PelicanC.dll?impr?pageid=05yZ&out=script, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.6.0.slim.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.6.0.slim.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ad.aceplanet.co.kr/cgi-bin/PelicanC.dll?impr?pageid=05yZ&out=script, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

489a02882f189d1a4f294150a6ab7541.safeframe.googlesyndication.com
ad.abchub.site
ad.aceplanet.co.kr
ade.googlesyndication.com
cm.g.doubleclick.net
code.jquery.com
dsum-sec.casalemedia.com
engine.tend-table.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
i.keezip.com
ib.adnxs.com
js.ad4989.co.kr
pagead2.googlesyndication.com
s0.2mdn.net
securepubads.g.doubleclick.net
todawa35.asia
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
www.todawa55.asia
1.224.180.63
104.18.36.155
142.250.186.34
172.217.16.194
172.217.18.2
185.89.210.141
202.97.174.25
221.165.139.2
2606:4700:3033::ac43:8fe2
2606:4700:3035::ac43:da96
2a00:1450:4001:802::2001
2a00:1450:4001:803::2002
2a00:1450:4001:810::2002
2a00:1450:4001:827::2002
2a00:1450:4001:828::2004
2a00:1450:4001:82b::2001
2a00:1450:4001:831::2002
2a00:1450:4001:831::2006
2a04:4e42:200::649
01f68ef3a7eef7b7cc21cacca00a0c191f172d4327e4f04399191ffaac8cae49
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0b8c223bbef14a2a75a979428d5d3451a07a9260d2781f7039e0aa9bfaab29ff
0d5205b03ac9436282767d3c920a33499c2c9c4b3799a29b7ffe160f956a15ac
1131f045ddc50292cb1ed4af9659a0850359a37bc401e4a9ef7062a52abb836f
1a8932f2b80fe5bfb96d164927d1071e51fd267bee9efdafdeed14ada1bbd663
1a9cba16c5a30dc7cc3bdcbba2a45e9e2e28ec4437894302c6676369ed0ec732
1da39645fa9186e3081f77fd5662070e1c6940dfc1774ddf6308ad90804a2509
1ddab0c0c4ec363b5ed78e00da71dfcf03c6c7238154fae1b68a8033f7d9c585
1e18c00f7d939493d0e4c97c057493a49da1e1d7847b151fbd2772f3ac502904
1f058e34466ba6ea21f79d5c403d68bf61d42b9cc0e43c09d433545da33a16c6
233ade9318d5d92f291e7e9f19839b44ee986945511fa9aecd98b6c67a7c8ebf
241bb801b29748e542884f7b902c02f12f6a318ba97f70224986634926dbc433
24c2be07ba08cbdc25f22381232324f4d712848c09a70ba4ae3ee1c044967f61
27ce170f477b80957c55e1939c87820de82f8ce1bc71571477bf78de9ba34ed4
2d930af4bd5419bf72222580b88380a552e44fc551211bea4f14fee9800c4c59
30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f
306fc11d154762a1394fc97ff900bc670c2b5ad2c4cf1bfcbec4570591a238e6
308052b1bf48d457ff68c33a498c882f75beaae17118485be2dd3163fe0c7c11
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3d322485983f9bf6aa843345c3eb6dcc06b6d60555c849a778133ac335aa4251
404aa660e65fa1555d2aae3367bba745d05ce58a196002784fa57c972ae16ac8
4233dc4fc9a83dd7505d7ed3b551bb53123c4b216bd93ba02a1bb1e9a0d3bd9f
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55ee9510e78623f5fd1309067dc6e7a15f70d48e23e5658a0aa81be100ad232b
5e5ce83a1abacd834f7e44a3be40475fdbb8034a7a1f1da33ab6ad985d0b94a2
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62d8e57ac9942eeefb1d01232cc721f5a059607dfb5272c0bd259397beb1550c
64a0c38e91767fafc305dc34e65c52834e5d4772cd3a4c17a7662b0981055ff7
66ea8b8e5fb63e30170770409f524bac18a024b210d690fa0db919212269a14a
67edb509acfba93e4c45e35538d85c240fb1a7e4c03f9654b15fbcf29b75749f
68965e881254c13e5f4cc5820bc9c2c32ebfcc478ad38e8663e1db4fc120678a
6bd415fb0978ecddc6a9a1e77da54a17e77044f2a7c3d1fb9c6dbe82d2a5dbeb
6f53e834474e33540f149e24fb765f3ccbb808b07c2e650ae1aafdb165611c15
70c4f56f8e13e9387d9c65b17636a678eb6ccf82a8255cb1d2eb9192f7e478bb
712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca
72855f862df04b84b9755977382129f3f7f22f188f02686807e0eb5df1916155
72863df27774cdc732cd14c6373ed2fbb25b7baaba2456673bf8685e784e6e83
783361ed917fad413a4249d12774f5b0be1e4e75495da00e3b3e9edb1e10926f
825bb65c3cf6d63f4db6c3c26793dd0cc7e2c846b5732bffd8eaea2f0612ac87
899cd99a24a6950e11055aef298623208bde99364981f3a8b48b2c8580ca3d14
96ba8dcd11d2e05a343a7dfe34dbae7c1fb48cda32eec0532d006b0ef2e20e37
9d52c7c5050b088109075328a9e830e4bfdf6446c763b9e69c637d5c0e11d599
9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a4d9e2cbab3e0d55a661df4ffba7c67a137191d93b5e1714cf56b5eafb052c07
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bf0d6da2b17b813749a8b61047b209827603fb1fdff3ef336df7e67fe16aefe9
c211e8775861eb70a495edc9b39d509002676809a57ed8090817e78f764b57fe
c3b7bf416424abed17314649bb71a1de7a3afc6af66840d04b730e69652e27ac
cf18a9ed9a6aa889d227de181fe071fe47062764cacd90c4423b81b6bbbee834
cf2b04e65eac6603f6472fe3b58bda2918c4a4fdbe0a5878eda75da7d43b4925
d0d80991c6e4b62d5c77985c1e293aad44cc120e03aee7ae6936c79d25a0e467
d22868dbb660acc95fec8868fbbcf2979c3ec66becf9a1e9b64c8a2252553196
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
d84d9f5eb6b461c0d9af8a9ced1400d4d79b484b46453ee0b43ac0427d30e2c3
da6a68848e9f6eb725ba97564e63a29e915336ef9b3225a26975751ee2be76ae
e1bdc4c80ed0efafe91180d84a9516d1b468a47ec7bf03db4230e527e014cdd7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7985a42dd917c9daf4cd2288e298caab5320df9927ee0ccdf43fed99f2cacf2
e8a57e51ca4ccf80a78e91a18e4a45c93f6f266a7d9d8ff54c93d2f7bd33ccd5
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ed0e54d3733153667e0c73b418b4a4219087f69af048f715e8c0d360112b0571
ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f34285967052f4d10e4732af244d5db654ab1b685b9f505cf770dbc186bc7171
f89a06d4661e5607389bec9499b0d799fb723f1319cdb5fd1024fa5d70161075
fd3a78c44240fc968612ed1a66b1ddf9f2e88ee172a587673e20a3d2709194c3

www.todawa55.asia Open in urlscan Pro 2606:4700:3033::ac43:8fe2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

104 Requests

96 %HTTPS

58 %IPv6

15 Domains

21 Subdomains

19 IPs

5 Countries

6426 kBTransfer

8010 kBSize

16 Cookies

13 Outgoing links

Page URL History

Redirected requests

104 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.todawa55.asia Open in urlscan Pro
2606:4700:3033::ac43:8fe2 Public Scan

Screenshot
Live screenshot

Full Image

104
Requests

96 %
HTTPS

58 %
IPv6

15
Domains

21
Subdomains

19
IPs

5
Countries

6426 kB
Transfer

8010 kB
Size

16
Cookies

104 HTTP transactions
1 data transactions