123.wo80.com Open in urlscan Pro
47.52.97.92 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://138mg.com/
Effective URL:
http://123.wo80.com/
Submission: On December 18 via api (December 18th 2023, 8:07:50 pm UTC) from BY — Scanned from DE

Summary HTTP 43 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 12 IPs in 4 countries across 10 domains to perform 43 HTTP transactions. The main IP is 47.52.97.92, located in Hong Kong, Hong Kong and belongs to ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN. The main domain is 123.wo80.com.

This is the only time 123.wo80.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	47.52.97.92 47.52.97.92	45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.)
9	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	240e:946:6002... 240e:946:6002:211:3::3dd	58540 (CHINATELE...) (CHINATELECOM-SHANDONG-JINAN-IDC Jinan)
10	2a00:1450:400... 2a00:1450:4001:808::2006	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
3 4	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
3 5	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 4	185.89.210.180 185.89.210.180	29990 (ASN-APPNEX) (ASN-APPNEX)
2	172.217.16.198 172.217.16.198	15169 (GOOGLE) (GOOGLE)
43	12

5 47.52.97.92 (Hong Kong, Hong Kong)

ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)

138mg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
123.wo80.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 240e:946:6002:211:3::3dd (China)

ASN58540 (CHINATELECOM-SHANDONG-JINAN-IDC Jinan,250000, CN)

s104.cnzz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:808::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.130 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.64.151.101 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.89.210.180 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f198.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 tpc.googlesyndication.com — Cisco Umbrella Rank: 148	249 KB
12	doubleclick.net 3 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 219 ad.doubleclick.net — Cisco Umbrella Rank: 139	56 KB
10	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 300	275 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 578	3 KB
4	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 229	3 KB
3	wo80.com 123.wo80.com	7 KB
2	138mg.com 138mg.com	754 B
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 206	65 KB
1	cnzz.com s104.cnzz.com	554 B
0	baidu.com Failed hm.baidu.com Failed
43	10

	Domain	Requested by
10	s0.2mdn.net	138mg.com s0.2mdn.net
9	pagead2.googlesyndication.com	123.wo80.com pagead2.googlesyndication.com 138mg.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
6	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
4	tpc.googlesyndication.com	138mg.com googleads.g.doubleclick.net tpc.googlesyndication.com
3	123.wo80.com	138mg.com 123.wo80.com
2	ad.doubleclick.net	138mg.com
2	138mg.com	138mg.com
1	www.googletagservices.com	googleads.g.doubleclick.net
1	s104.cnzz.com	123.wo80.com
0	hm.baidu.com Failed	123.wo80.com
43	13

This site contains links to these domains. Also see Links.

Domain
wpa.qq.com

Subject Issuer	Validity	Valid
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh

This page contains 10 frames:

Primary Page: http://123.wo80.com/
Frame ID: 51E510C4BF62A4B700E10FB3CD8C9A82
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/zrt_lookup_fy2021.html
Frame ID: 1826A7ACD9602FA5135433AF00643947
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1038899752628949&output=html&adk=1812271804&adf=3025194257&lmt=1702930067&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x945_l%7C260x540_r&format=0x0&url=http%3A%2F%2F123.wo80.com%2F&ea=0&pra=5&wgl=1&easpi=1&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&dt=1702930067604&bpp=5&bdt=117&idt=173&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1728739954213&frm=20&pv=2&ga_vid=863456830.1702930068&ga_sid=1702930068&ga_hid=397283454&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44798934%2C95320870%2C95320885&oid=2&pvsid=264118561900519&tmod=1016298906&uas=0&nvt=1&fsapi=1&ref=http%3A%2F%2F138mg.com%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=187
Frame ID: DAACEB7E0ACAD378F23B90C9672C73EE
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1038899752628949&output=html&h=90&slotname=6193086372&adk=2908076280&adf=349719028&pi=t.ma~as.6193086372&w=1000&lmt=1702930067&format=1000x90&url=http%3A%2F%2F123.wo80.com%2F&ea=0&wgl=1&dt=1702930067723&bpp=2&bdt=237&idt=75&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1728739954213&frm=20&pv=1&ga_vid=863456830.1702930068&ga_sid=1702930068&ga_hid=397283454&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=300&ady=120&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44798934%2C95320870%2C95320885&oid=2&pvsid=264118561900519&tmod=1016298906&uas=0&nvt=1&ref=http%3A%2F%2F138mg.com%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=78
Frame ID: F7EDD30BFA0D18796DB25EA50B93B62B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1038899752628949&output=html&h=460&slotname=2468114964&adk=290542049&adf=3743024056&pi=t.ma~as.2468114964&w=400&lmt=1702930067&format=400x460&url=http%3A%2F%2F123.wo80.com%2F&ea=0&wgl=1&dt=1702930067725&bpp=10&bdt=238&idt=78&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1000x90&nras=1&correlator=1728739954213&frm=20&pv=1&ga_vid=863456830.1702930068&ga_sid=1702930068&ga_hid=397283454&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=889&ady=275&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44798934%2C95320870%2C95320885&oid=2&pvsid=264118561900519&tmod=1016298906&uas=0&nvt=1&ref=http%3A%2F%2F138mg.com%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=80
Frame ID: 2EDCCA010A6F5427C2E2C2F247B0A05D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1038899752628949&output=html&h=450&slotname=1184302271&adk=3722479938&adf=1423434336&pi=t.ma~as.1184302271&w=1000&lmt=1702930067&format=1000x450&url=http%3A%2F%2F123.wo80.com%2F&ea=0&wgl=1&dt=1702930067745&bpp=1&bdt=259&idt=60&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1000x90%2C400x460&nras=1&correlator=1728739954213&frm=20&pv=1&ga_vid=863456830.1702930068&ga_sid=1702930068&ga_hid=397283454&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=300&ady=808&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44798934%2C95320870%2C95320885&oid=2&pvsid=264118561900519&tmod=1016298906&uas=0&nvt=1&ref=http%3A%2F%2F138mg.com%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=62
Frame ID: 6D240100CB4F65F699E742006CD94F82
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMYwtPDmAEwAQ&v=APEucNUZu5yQZYbkoF9CJ0CvppeEvs9H-Oq_qLrYjs9R_N72smRpXN3YSuCEiv5-5-5_YwBt6UL_1XvXO5mda8S9H0td1T7X8pCBvCGRemuX3WmLa_r-Lfzp_rs9kmjFXfC7B8JTwdQJrnGO7t_PN6vN0IlupM2P_qOENWunxhc7B89RvUaOVgI
Frame ID: C0AF0DF30BD3400A4BD6ADBA6A337C19
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Frame ID: 196B33C0EE498C288A5D1A77B5C733AD
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 21E4E6DC3A2F1D69C463168FF9D40E4C
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/13571457216632613580/index.html?ev=01_250
Frame ID: FF0054E24229A033806ABAECD5594002
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

138mg.com

Page URL History Show full URLs

http://138mg.com/ Page URL
http://123.wo80.com/ Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Page Statistics

43
Requests

74 %
HTTPS

55 %
IPv6

10
Domains

13
Subdomains

12
IPs

4
Countries

654 kB
Transfer

1729 kB
Size

9
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: http://wpa.qq.com/msgrd?v=3&uin=99362012&site=qq&menu=yes
Title: 99362012

Search URL Search Domain Scan URL

URL: http://wpa.qq.com/msgrd?v=3&uin=768975&site=qq&menu=yes
Title: 768975

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://138mg.com/ Page URL
http://123.wo80.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 24

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK1l1o4Pgj1H-5Bs7QWVrH8&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK1l1o4Pgj1H-5Bs7QWVrH8&google_cver=1&C=1

Request Chain 25

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZYCmlENX6ichp9hOsEIYDwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK1l1o4Pgj1H-5Bs7QWVrH8&google_cver=1

Request Chain 26

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEAiAZF1_wMsmdS4SixO0bvc&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAiAZF1_wMsmdS4SixO0bvc%26google_cver%3D1

Request Chain 27

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE4OTQ1Mzc2NDkyNTQxMTY4

43 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
138mg.com/ 56 B
314 B 1049ms
224ms Document
text/html 47.52.97.92
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to

Full URL: http://138mg.com/
Protocol: HTTP/1.1
Server: 47.52.97.92 Hong Kong, Hong Kong, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software: nginx / PHP/7.0.12
Resource Hash: b8d969ed05c3126fbfb485bbca45ad3e4aa9a06c5625c27b3e51faa3cd67483b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Dec 2023 20:07:44 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Powered-By: PHP/7.0.12

GET
H/1.1 200
OK 1.js Show response
138mg.com/js/ 63 B
440 B 194ms
194ms Script
application/x-javascript 47.52.97.92
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to

Full URL: http://138mg.com/js/1.js
Requested by: Host: 138mg.com
URL: http://138mg.com/
Protocol: HTTP/1.1
Server: 47.52.97.92 Hong Kong, Hong Kong, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software: nginx /
Resource Hash: d6954a408293e9a96be0825bf57878d7391b583327f3760b106fd11658ca05d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://138mg.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Mon, 18 Dec 2023 20:07:44 GMT
Content-Encoding: gzip
Last-Modified: Thu, 12 Dec 2019 20:45:08 GMT
Server: nginx
ETag: W/"5df2a6d4-3f"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=432000
Connection: keep-alive
Expires: Sat, 23 Dec 2023 20:07:44 GMT

GET
H/1.1 200
OK Primary Request / Show response
123.wo80.com/ 13 KB
4 KB 2084ms
1266ms Document
text/html 47.52.97.92
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to

Full URL: http://123.wo80.com/
Requested by: Host: 138mg.com
URL: http://138mg.com/
Protocol: HTTP/1.1
Server: 47.52.97.92 Hong Kong, Hong Kong, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software: nginx / PHP/7.0.12
Resource Hash: e11a96c01485cdf01070f6449ad523027d77ba8ea23decb1059cc7393e5cfc1c

Request headers

Referer: http://138mg.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html;charset=utf-8
Date: Mon, 18 Dec 2023 20:07:47 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Powered-By: PHP/7.0.12

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
51 KB 90ms
70ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: 123.wo80.com
URL: http://123.wo80.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b38e9be911cecefd634080552ac0f84f02435555f6765e397b94a10d24a5c96a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://123.wo80.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 20:07:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51359
x-xss-protection: 0
server: cafe
etag: 4913046370200736098
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 18 Dec 2023 20:07:47 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/ 399 KB
135 KB 75ms
75ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1038899752628949&plah=123.wo80.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ac0f24aa853f716ee2e959e1941db1c07c9e29a3e300719970abdc0c6bd566c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://123.wo80.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 20:07:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137956
x-xss-protection: 0
server: cafe
etag: 15811136488760777750
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 18 Dec 2023 20:07:47 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/ Frame 1826 9 KB
4 KB 26ms
6ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://123.wo80.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 22689
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 18 Dec 2023 13:49:38 GMT
etag: 5585625838579639069
expires: Mon, 01 Jan 2024 13:49:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK authcode.php
123.wo80.com/ 592 B
1016 B 244ms
244ms Image
image/png 47.52.97.92
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://123.wo80.com/authcode.php
Requested by: Host: 123.wo80.com
URL: http://123.wo80.com/
Protocol: HTTP/1.1
Server: 47.52.97.92 Hong Kong, Hong Kong, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software: nginx / PHP/7.0.12
Resource Hash: d4372891ad37d902a187abc4d2c1c3ca35bcef4bc29c5bc632e84fda51dc5f4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://123.wo80.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Dec 2023 20:07:47 GMT
Content-Encoding: gzip
Server: nginx
X-Powered-By: PHP/7.0.12
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK r_qq.png
123.wo80.com/images/ 2 KB
2 KB 245ms
245ms Image
image/png 47.52.97.92
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://123.wo80.com/images/r_qq.png
Requested by: Host: 123.wo80.com
URL: http://123.wo80.com/
Protocol: HTTP/1.1
Server: 47.52.97.92 Hong Kong, Hong Kong, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software: nginx /
Resource Hash: 60d095601383cf021355d96a73fabc772e65394f140ca417167302707938ab28

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://123.wo80.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Mon, 18 Dec 2023 20:07:47 GMT
Content-Encoding: gzip
Last-Modified: Mon, 05 Mar 2018 19:41:32 GMT
Server: nginx
ETag: W/"5a9d9d6c-6be"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: image/png
Connection: keep-alive

GET
H/1.1 200
OK stat.php Show response
s104.cnzz.com/ 0
554 B 1659ms
203ms Script
text/plain 240e:946:6002:211:3::3dd
CHINATELECOM-SHAN...

General

Check archive.org

Show headers Download Go to

Full URL: http://s104.cnzz.com/stat.php?id=403447&web_id=403447&show=pic1
Requested by: Host: 123.wo80.com
URL: http://123.wo80.com/
Protocol: HTTP/1.1
Server: 240e:946:6002:211:3::3dd , China, ASN58540 (CHINATELECOM-SHANDONG-JINAN-IDC Jinan,250000, CN),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://123.wo80.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 20:06:33 GMT
content-encoding: gzip
Via: cache7.l2ea120-8[0,0,200-0,H], cache15.l2ea120-8[0,0], cache4.cn4653[18,18,200-0,M], cache5.cn4653[20,0]
Server: Tengine
Age: 75
X-Swift-CacheTime: 15
vary: accept-encoding
Ali-Swift-Global-Savetime: 1702929994
X-Cache: MISS TCP_REFRESH_MISS dirn:-2:-2
cache-control: public, max-age=90
Connection: keep-alive
X-Swift-SaveTime: Mon, 18 Dec 2023 20:07:49 GMT
Timing-Allow-Origin: *
Content-Length: 20
EagleId: 968afc1917029300692881207e

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DAAC 12 KB
5 KB 481ms
480ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1038899752628949&output=html&adk=1812271804&adf=3025194257&lmt=1702930067&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x945_l%7C260x540_r&format=0x0&url=http%3A%2F%2F123.wo80.com%2F&ea=0&pra=5&wgl=1&easpi=1&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&dt=1702930067604&bpp=5&bdt=117&idt=173&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1728739954213&frm=20&pv=2&ga_vid=863456830.1702930068&ga_sid=1702930068&ga_hid=397283454&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44798934%2C95320870%2C95320885&oid=2&pvsid=264118561900519&tmod=1016298906&uas=0&nvt=1&fsapi=1&ref=http%3A%2F%2F138mg.com%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=187

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1038899752628949&plah=123.wo80.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0c72457e76341b7d3399a0faea9157dc02fb59063cf3ddc0d7b01fbc8cb8e5a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://123.wo80.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 5129
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 18 Dec 2023 20:07:48 GMT
expires: Mon, 18 Dec 2023 20:07:48 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 40ms
40ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&id=kefu&cls=kefu&ign=false&pw=1600&ph=1200&x=1575&y=1175

Requested by

Host: 123.wo80.com
URL: http://123.wo80.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://123.wo80.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 20:07:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F7ED 712 B
577 B 390ms
390ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1038899752628949&output=html&h=90&slotname=6193086372&adk=2908076280&adf=349719028&pi=t.ma~as.6193086372&w=1000&lmt=1702930067&format=1000x90&url=http%3A%2F%2F123.wo80.com%2F&ea=0&wgl=1&dt=1702930067723&bpp=2&bdt=237&idt=75&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1728739954213&frm=20&pv=1&ga_vid=863456830.1702930068&ga_sid=1702930068&ga_hid=397283454&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=300&ady=120&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44798934%2C95320870%2C95320885&oid=2&pvsid=264118561900519&tmod=1016298906&uas=0&nvt=1&ref=http%3A%2F%2F138mg.com%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=78

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3cd8994d46ed8c70b88498134d9a7c8e3eb70ddf3f74fc77bf20bd996d7ca5af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://123.wo80.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 356
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 18 Dec 2023 20:07:48 GMT
expires: Mon, 18 Dec 2023 20:07:48 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2EDC 112 KB
44 KB 704ms
704ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1038899752628949&output=html&h=460&slotname=2468114964&adk=290542049&adf=3743024056&pi=t.ma~as.2468114964&w=400&lmt=1702930067&format=400x460&url=http%3A%2F%2F123.wo80.com%2F&ea=0&wgl=1&dt=1702930067725&bpp=10&bdt=238&idt=78&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1000x90&nras=1&correlator=1728739954213&frm=20&pv=1&ga_vid=863456830.1702930068&ga_sid=1702930068&ga_hid=397283454&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=889&ady=275&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44798934%2C95320870%2C95320885&oid=2&pvsid=264118561900519&tmod=1016298906&uas=0&nvt=1&ref=http%3A%2F%2F138mg.com%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=80

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

95557fe443d49cb1f7ff571a7a34e0fd5a90f0358f1f14f68329786311cb1567

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://123.wo80.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 45356
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 18 Dec 2023 20:07:48 GMT
expires: Mon, 18 Dec 2023 20:07:48 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6D24 712 B
381 B 412ms
411ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1038899752628949&output=html&h=450&slotname=1184302271&adk=3722479938&adf=1423434336&pi=t.ma~as.1184302271&w=1000&lmt=1702930067&format=1000x450&url=http%3A%2F%2F123.wo80.com%2F&ea=0&wgl=1&dt=1702930067745&bpp=1&bdt=259&idt=60&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1000x90%2C400x460&nras=1&correlator=1728739954213&frm=20&pv=1&ga_vid=863456830.1702930068&ga_sid=1702930068&ga_hid=397283454&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=300&ady=808&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44798934%2C95320870%2C95320885&oid=2&pvsid=264118561900519&tmod=1016298906&uas=0&nvt=1&ref=http%3A%2F%2F138mg.com%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=62

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1411159541cac6ddebd6686720730031f06643e65a5c1ce05febcf4de8504b15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://123.wo80.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 357
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 18 Dec 2023 20:07:48 GMT
expires: Mon, 18 Dec 2023 20:07:48 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C0AF 624 B
246 B 48ms
48ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMYwtPDmAEwAQ&v=APEucNUZu5yQZYbkoF9CJ0CvppeEvs9H-Oq_qLrYjs9R_N72smRpXN3YSuCEiv5-5-5_YwBt6UL_1XvXO5mda8S9H0td1T7X8pCBvCGRemuX3WmLa_r-Lfzp_rs9kmjFXfC7B8JTwdQJrnGO7t_PN6vN0IlupM2P_qOENWunxhc7B89RvUaOVgI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1038899752628949&output=html&h=460&slotname=2468114964&adk=290542049&adf=3743024056&pi=t.ma~as.2468114964&w=400&lmt=1702930067&format=400x460&url=http%3A%2F%2F123.wo80.com%2F&ea=0&wgl=1&dt=1702930067725&bpp=10&bdt=238&idt=78&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1000x90&nras=1&correlator=1728739954213&frm=20&pv=1&ga_vid=863456830.1702930068&ga_sid=1702930068&ga_hid=397283454&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=889&ady=275&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44798934%2C95320870%2C95320885&oid=2&pvsid=264118561900519&tmod=1016298906&uas=0&nvt=1&ref=http%3A%2F%2F138mg.com%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=80

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1038899752628949&output=html&h=460&slotname=2468114964&adk=290542049&adf=3743024056&pi=t.ma~as.2468114964&w=400&lmt=1702930067&format=400x460&url=http%3A%2F%2F123.wo80.com%2F&ea=0&wgl=1&dt=1702930067725&bpp=10&bdt=238&idt=78&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1000x90&nras=1&correlator=1728739954213&frm=20&pv=1&ga_vid=863456830.1702930068&ga_sid=1702930068&ga_hid=397283454&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=889&ady=275&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44798934%2C95320870%2C95320885&oid=2&pvsid=264118561900519&tmod=1016298906&uas=0&nvt=1&ref=http%3A%2F%2F138mg.com%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=80
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 18 Dec 2023 20:07:48 GMT
expires: Mon, 18 Dec 2023 20:07:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 196B 111 KB
39 KB 46ms
8ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: 138mg.com
URL: http://138mg.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sun, 17 Dec 2023 20:46:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84070
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 18 Dec 2023 20:46:38 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame 196B 7 KB
3 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: 138mg.com
URL: http://138mg.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 02:43:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62662
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 Jan 2024 02:43:26 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 196B 23 KB
9 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: 138mg.com
URL: http://138mg.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sun, 17 Dec 2023 20:43:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84288
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9269
x-xss-protection: 0
server: cafe
etag: 11706523405290302210
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Dec 2023 20:43:00 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 196B 41 KB
14 KB 31ms
9ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: 138mg.com
URL: http://138mg.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 13:49:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 541112
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Dec 2024 13:49:16 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 196B 3 KB
1 KB 29ms
8ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 13:15:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24754
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 Jan 2024 13:15:14 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 196B 20 KB
9 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 13:49:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22713
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 Jan 2024 13:49:15 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 196B 203 KB
65 KB 42ms
22ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 20:07:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Dec 2023 20:07:48 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 196B 42 B
63 B 43ms
43ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Bjmeyyi4l93xPSW6j9_rXtUbBrLM6zR2Var13gCW_wHUA_6lKdoTqCMc3Ut_2MvXZT9orv3PuGIgsHIBtmgB8_vWxKlkhRFaw1qr5uJVaAeMQAGL4

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 20:07:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 196B 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7197492a734ca11c318dd1cfb3401a4c1b54126a08bd5d12b8f1119d66368f1c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 21E4 38 KB
13 KB 9ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 541112
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 13:49:16 GMT
expires: Wed, 11 Dec 2024 13:49:16 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame C0AF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK1l1o4Pgj1H-5Bs7QWVrH8&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK1l1o4Pgj1H-5Bs7QWVrH8&google_cver=1&C=1

43 B
335 B

36ms
33ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK1l1o4Pgj1H-5Bs7QWVrH8&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMYwtPDmAEwAQ&v=APEucNUZu5yQZYbkoF9CJ0CvppeEvs9H-Oq_qLrYjs9R_N72smRpXN3YSuCEiv5-5-5_YwBt6UL_1XvXO5mda8S9H0td1T7X8pCBvCGRemuX3WmLa_r-Lfzp_rs9kmjFXfC7B8JTwdQJrnGO7t_PN6vN0IlupM2P_qOENWunxhc7B89RvUaOVgI
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 20:07:48 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h5NbciZgm20tpdFOv%2BexmoUi2n24vz9CzLYo0Jgud4RLtVVNuFsb60qwHaaRcOA07trwsqWz82pqnjtBuhELjuADuOG4eJ54%2FAubN3TXysgjiJZsErLYQ%2BEVkdYE1Poho2vtTe4nBy8R%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 837a08c1589a90d4-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 18 Dec 2023 20:07:48 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3oEdCqrCN6IsxEeuLvJEXVSc0DfsS7brZ5%2FYjutiSrUc0VbVMtXSL%2FY%2FHG4FgBtfWse2IMbGA0AeF2VfbW3wYer54hR0%2FFTeYI78fOANnSWI%2B854hznplohuhLth4%2FBAbeJ0U482qBZJxA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEK1l1o4Pgj1H-5Bs7QWVrH8&google_cver=1&C=1
cache-control: no-cache
cf-ray: 837a08c1286690d4-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame C0AF
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZYCmlENX6ichp9hOsEIYDwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK1l1o4Pgj1H-5Bs7QWVrH8&google_cver=1

43 B
770 B

22ms
22ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK1l1o4Pgj1H-5Bs7QWVrH8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMYwtPDmAEwAQ&v=APEucNUZu5yQZYbkoF9CJ0CvppeEvs9H-Oq_qLrYjs9R_N72smRpXN3YSuCEiv5-5-5_YwBt6UL_1XvXO5mda8S9H0td1T7X8pCBvCGRemuX3WmLa_r-Lfzp_rs9kmjFXfC7B8JTwdQJrnGO7t_PN6vN0IlupM2P_qOENWunxhc7B89RvUaOVgI
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 20:07:48 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b%2FsBMfrJyEs1uwj46%2BVL0ffNi3VYJJ4br73n9HwrPMLUV99%2F5nly91TmJsBdH5lIeVNTfWzIsokuuZHzhHphjJotA1N4UVEE0uDCqr1ZJ%2BEGz1C%2BlS5sUzAZbK5Ih6sRnxucbw5Dp9a4hw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 837a08c1a92c9134-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 18 Dec 2023 20:07:48 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK1l1o4Pgj1H-5Bs7QWVrH8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame C0AF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEAiAZF1_wMsmdS4SixO0bvc&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAiAZF1_wMsmdS4SixO0bvc%26google_cver%3D1

43 B
889 B

22ms
17ms

Image
image/gif

185.89.210.180
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAiAZF1_wMsmdS4SixO0bvc%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMYwtPDmAEwAQ&v=APEucNUZu5yQZYbkoF9CJ0CvppeEvs9H-Oq_qLrYjs9R_N72smRpXN3YSuCEiv5-5-5_YwBt6UL_1XvXO5mda8S9H0td1T7X8pCBvCGRemuX3WmLa_r-Lfzp_rs9kmjFXfC7B8JTwdQJrnGO7t_PN6vN0IlupM2P_qOENWunxhc7B89RvUaOVgI

Protocol

Server

185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 20:07:48 GMT
an-x-request-uuid: 77d3fdd9-72df-4089-be31-95272fa4ba9d
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 45.141.152.72; 45.141.152.72; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Dec 2023 20:07:48 GMT
an-x-request-uuid: 0f5f295a-8d36-49f8-82ff-b47519e86f42
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAiAZF1_wMsmdS4SixO0bvc%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 45.141.152.72; 45.141.152.72; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame C0AF
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE4OTQ1Mzc2NDkyNTQxMTY4

170 B
243 B

17ms
16ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE4OTQ1Mzc2NDkyNTQxMTY4

Requested by

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 20:07:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Dec 2023 20:07:48 GMT
an-x-request-uuid: d4283b6e-5429-412f-bf76-25598b920be1
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE4OTQ1Mzc2NDkyNTQxMTY4
x-proxy-origin: 45.141.152.72; 45.141.152.72; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/13571457216632613580/ Frame FF00 29 KB
6 KB 22ms
7ms Document
text/html 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13571457216632613580/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a45f2ec8bec6c801fbce6c76da9370e44914a051dd91fc40c9948d4239294caf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 373005
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5723
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 12:31:03 GMT
expires: Fri, 13 Dec 2024 12:31:03 GMT
last-modified: Thu, 14 Dec 2023 11:10:21 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 196B 0
0 93ms
53ms Fetch
image/gif 172.217.16.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjstJA3nqWMs1mw7XFqU8L-v5pF5R1ZuOC7ztHGKVkvMQKMa6rwk6Yl1GoToGjRYtXvshn28z1JbB4tZsRFadJXgHMM9IT_l0CjnbN90eFw7K_7POoMNfDqCcTKOhq5IgfsPnQ6CcDgIV4w_q5F6MfxJ-be475It4yhLkUF5FRR0S8NowsZug0JgA_hVmXt6bC6GI-r2cRVjyCI4ylgLXVdR5TZtrBiEH5kGB0HjIXt2w8WvK512UQC8Cl--6ZoYmRCTy_ADUoRtgLuP9urUUKPgpLo-igrMbfAyFXUBZP_tG_MQWXzadENkT5S_2PgdCP5OlQnpIJrQzzDfbJdbQfHp6S8UF0bPuOSPbBX-A7Zbvu3JGfxlziceu-j6-v-s1FNTc6ehw9kpKeadTUv1jv0b5nQBcgoO2Gg3IbpPKSnSmOve4WIYavyO246a4TIvCEAhx0okNOxqZyiSbRhu7l_8YL_1WISSwCwz4k5wxgau73ehpG1SiBeK-M64qnxjhOYggYZOMImys8C-dL_ZyXF-oR_JUHv-hd8uSrZQb1IHHbShVHw8j8PHd9KoiULAKkF1o3ggZH5vHSVO_H11yz-DMnexEYvNap0fzI0NwdlwSWfzYgxHJwjwU1Rf8aLoAWzhzn54rtzEx6cdvMJ4G2EOBsAXhUCoakmBCIsWJj9eut5qctfKOvnETZyt8MPkGPUjk4amtJt5CWdd5L8h-toqo-P2GDKDJhwGeS_W4p09VBMzgOz5TL31umMzc4pUa-VnsFsBvdupO9RJ2yQ5PZRLNVnMBgj0V3AJE-La-NqQtMsqm4WtW1dbSKI-FfiqUMnbF8EJO9pYMLTSOSRFOR1ez8FAT-9SfV6fSjnPaDZppAwAfbPeTFBmGmD4DYd-1MGdhDNL7UppD0xLrPpPpW5NyFKhu7ySf1CDUIPKFZo-6TCncrEMvTcbK72aJP0iKgNgBcBNSXxREMl15zqAB60a7mk_6caoQ4kxAr0w7ZtjrX-HZ8BX3Ks6DYbv6BHboZguBlQ6tl3r0RFvCIGinijX5dBlXREvmbGLl5Dzl_Nhk5O1JEVRT9ytYapqqPcxq1N8e0ezDpMSofE1rex2m8MqyCq2R_ioyIPekdZYfWNjMjk_KgoV80In1lQw15o6ZSwxeiiYh8nUmbhVBDbWnJiSC1VVhp9r-bkqSIIdz8nL7zbLlyxno7JSrqqQQ1ONVYElg2zVXm0qLSKluLMiVd_v6kPw3XgcFMZzXtgSBEdf7vrma99fYdnHoPgwejp4HCFyhp1rXYlARDZcMGzuE5YI&sai=AMfl-YTqoVgPghCBjaRZHmpkqKn-Lpgoa8mtUdsuws2C8--EoBjJDuGjSaIbdYPvOlmmR2vYPIocIbshxfqw0Uhd-BmkeypC29iwGT98Bw9ZAae7E7_bRpKealDIutZc554-rYYHw1kj4w8TQn7ef1mgkatbabzE_QCA-FbPI5gnkbro7ob3XC-qkCjucSed6iE-sfcRYPvQ7k4emw9kmFDmngNAwK4sqDytUgTtHsFxMXWmoom2I8ayOOhp61EV93BMWT-19UngpCxjq54ej-e0Cg45a9irKPgJR9eR3nqUIKQlVcPk9haPfv8iTwdfUg2fZ3ZbIOUl4BHHc6C2kWvdp2_Hg_bAHe9tDiznKPzIfTHP9bIpSfKicodrJBEDFxUSK7X29l8CPICRippAyMn5KLQ8MTbx-3dkUd6q8OAWhIhKN8q_sf-sWZ4t8KgZTArEpKx4K3cTSwUaqig_vNnW2oXoqTXpTAeqLoQfqOVgAFx_T4ewcn3D8cG8aokb0T-aQ5rQ&sig=Cg0ArKJSzFWdUQTugRzPEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9iaXRkZWZlbmRlci5jb20saHR0cHM6Ly9iaXRkZWZlbmRlci5kZQ&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=62&cbvp=1&cstd=60&cisv=r20231207.97734&arae=0&ftch=1&adurl=

Requested by

Host: 138mg.com
URL: http://138mg.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f198.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 18 Dec 2023 20:07:48 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 8f0cec8041c165cafb6d32d04ed8f04b.js Show response
s0.2mdn.net/sadbundle/13571457216632613580/ Frame FF00 135 KB
39 KB 7ms
7ms Script
application/x-javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13571457216632613580/8f0cec8041c165cafb6d32d04ed8f04b.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13571457216632613580/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8eb600d1bfa136d87da7690cd2032c1906a76dcc1df0dc43fd0eb219d5356e68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13571457216632613580/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Fri, 13 Dec 2024 12:31:03 GMT
date: Thu, 14 Dec 2023 12:31:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 373005
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39491
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:10:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 21E4 39 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sun, 17 Dec 2023 19:37:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 88206
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 16 Dec 2024 19:37:42 GMT

GET
H3 200 9c69f07deadda884c61396a404004929.svg
s0.2mdn.net/sadbundle/13571457216632613580/media/ Frame FF00 1 KB
643 B 13ms
13ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13571457216632613580/media/9c69f07deadda884c61396a404004929.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13571457216632613580/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa3efcb1022504df85ff9f59acd76923266eb8a078b3e746457223967d82ba2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13571457216632613580/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Fri, 13 Dec 2024 12:31:03 GMT
date: Thu, 14 Dec 2023 12:31:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 373005
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 613
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:10:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 540f418f1b60c9ea99e68eb3170f0f70.png
s0.2mdn.net/sadbundle/13571457216632613580/media/ Frame FF00 17 KB
17 KB 11ms
11ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13571457216632613580/media/540f418f1b60c9ea99e68eb3170f0f70.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13571457216632613580/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b2275f4fd4e1567fa43a5716514b1cfe996bdfd17ecc2fdf19ef7fc804e28d47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13571457216632613580/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Fri, 13 Dec 2024 12:31:03 GMT
date: Thu, 14 Dec 2023 12:31:03 GMT
x-content-type-options: nosniff
age: 373005
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17513
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:10:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 f557f36e85ef403c7fba15e973896f31.jpg
s0.2mdn.net/sadbundle/13571457216632613580/media/ Frame FF00 10 KB
10 KB 24ms
24ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13571457216632613580/media/f557f36e85ef403c7fba15e973896f31.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13571457216632613580/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ead09f48ac08e2d625705224ad109afce0ffa3d195fa88dcb3150feee30f86f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13571457216632613580/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Fri, 13 Dec 2024 12:31:03 GMT
date: Thu, 14 Dec 2023 12:31:03 GMT
x-content-type-options: nosniff
age: 373005
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9783
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:10:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 6d7052ff6df13eae564657f4b45cc79a.svg
s0.2mdn.net/sadbundle/13571457216632613580/media/ Frame FF00 5 KB
3 KB 25ms
24ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13571457216632613580/media/6d7052ff6df13eae564657f4b45cc79a.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13571457216632613580/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

caf195ab94cbfaf21aaae06763f8600b9801e4a8423311963e8e913cddc06150

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13571457216632613580/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Fri, 13 Dec 2024 12:31:03 GMT
date: Thu, 14 Dec 2023 12:31:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 373005
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2640
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:10:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 ibm_plex_sans_700_normal.ttf
s0.2mdn.net/sadbundle/13571457216632613580/fonts/ Frame FF00 172 KB
75 KB 15ms
15ms Font
font/ttf 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13571457216632613580/fonts/ibm_plex_sans_700_normal.ttf

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13571457216632613580/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

856c41d7d47bba74b107e526ef8f49968fb2a3a129cdc3c5ef5899ba3c2dc181

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/13571457216632613580/index.html?ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Fri, 13 Dec 2024 12:31:03 GMT
date: Thu, 14 Dec 2023 12:31:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 373005
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 76650
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:10:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 ibm_plex_sans_500_normal.ttf
s0.2mdn.net/sadbundle/13571457216632613580/fonts/ Frame FF00 173 KB
80 KB 13ms
13ms Font
font/ttf 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13571457216632613580/fonts/ibm_plex_sans_500_normal.ttf

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13571457216632613580/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11ddde88c29ef7e51f5c03da7fde285085469879139d006f631a62dba9bbd069

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/13571457216632613580/index.html?ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Fri, 13 Dec 2024 12:31:03 GMT
date: Thu, 14 Dec 2023 12:31:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 373005
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 81411
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:10:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 455bb1663a54e4b87edb5835b561c90b.png
s0.2mdn.net/sadbundle/13571457216632613580/media/ Frame FF00 7 KB
7 KB 7ms
6ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13571457216632613580/media/455bb1663a54e4b87edb5835b561c90b.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13571457216632613580/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6528221c96dda1dfc6d39b83b757bcccb0c692e9e1a472d67faaa16037c3891

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13571457216632613580/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Fri, 13 Dec 2024 12:31:04 GMT
date: Thu, 14 Dec 2023 12:31:04 GMT
x-content-type-options: nosniff
age: 373004
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6745
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 11:10:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 196B 0
0 45ms
45ms Fetch
image/gif 172.217.16.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjstJA3nqWMs1mw7XFqU8L-v5pF5R1ZuOC7ztHGKVkvMQKMa6rwk6Yl1GoToGjRYtXvshn28z1JbB4tZsRFadJXgHMM9IT_l0CjnbN90eFw7K_7POoMNfDqCcTKOhq5IgfsPnQ6CcDgIV4w_q5F6MfxJ-be475It4yhLkUF5FRR0S8NowsZug0JgA_hVmXt6bC6GI-r2cRVjyCI4ylgLXVdR5TZtrBiEH5kGB0HjIXt2w8WvK512UQC8Cl--6ZoYmRCTy_ADUoRtgLuP9urUUKPgpLo-igrMbfAyFXUBZP_tG_MQWXzadENkT5S_2PgdCP5OlQnpIJrQzzDfbJdbQfHp6S8UF0bPuOSPbBX-A7Zbvu3JGfxlziceu-j6-v-s1FNTc6ehw9kpKeadTUv1jv0b5nQBcgoO2Gg3IbpPKSnSmOve4WIYavyO246a4TIvCEAhx0okNOxqZyiSbRhu7l_8YL_1WISSwCwz4k5wxgau73ehpG1SiBeK-M64qnxjhOYggYZOMImys8C-dL_ZyXF-oR_JUHv-hd8uSrZQb1IHHbShVHw8j8PHd9KoiULAKkF1o3ggZH5vHSVO_H11yz-DMnexEYvNap0fzI0NwdlwSWfzYgxHJwjwU1Rf8aLoAWzhzn54rtzEx6cdvMJ4G2EOBsAXhUCoakmBCIsWJj9eut5qctfKOvnETZyt8MPkGPUjk4amtJt5CWdd5L8h-toqo-P2GDKDJhwGeS_W4p09VBMzgOz5TL31umMzc4pUa-VnsFsBvdupO9RJ2yQ5PZRLNVnMBgj0V3AJE-La-NqQtMsqm4WtW1dbSKI-FfiqUMnbF8EJO9pYMLTSOSRFOR1ez8FAT-9SfV6fSjnPaDZppAwAfbPeTFBmGmD4DYd-1MGdhDNL7UppD0xLrPpPpW5NyFKhu7ySf1CDUIPKFZo-6TCncrEMvTcbK72aJP0iKgNgBcBNSXxREMl15zqAB60a7mk_6caoQ4kxAr0w7ZtjrX-HZ8BX3Ks6DYbv6BHboZguBlQ6tl3r0RFvCIGinijX5dBlXREvmbGLl5Dzl_Nhk5O1JEVRT9ytYapqqPcxq1N8e0ezDpMSofE1rex2m8MqyCq2R_ioyIPekdZYfWNjMjk_KgoV80In1lQw15o6ZSwxeiiYh8nUmbhVBDbWnJiSC1VVhp9r-bkqSIIdz8nL7zbLlyxno7JSrqqQQ1ONVYElg2zVXm0qLSKluLMiVd_v6kPw3XgcFMZzXtgSBEdf7vrma99fYdnHoPgwejp4HCFyhp1rXYlARDZcMGzuE5YI&sai=AMfl-YTqoVgPghCBjaRZHmpkqKn-Lpgoa8mtUdsuws2C8--EoBjJDuGjSaIbdYPvOlmmR2vYPIocIbshxfqw0Uhd-BmkeypC29iwGT98Bw9ZAae7E7_bRpKealDIutZc554-rYYHw1kj4w8TQn7ef1mgkatbabzE_QCA-FbPI5gnkbro7ob3XC-qkCjucSed6iE-sfcRYPvQ7k4emw9kmFDmngNAwK4sqDytUgTtHsFxMXWmoom2I8ayOOhp61EV93BMWT-19UngpCxjq54ej-e0Cg45a9irKPgJR9eR3nqUIKQlVcPk9haPfv8iTwdfUg2fZ3ZbIOUl4BHHc6C2kWvdp2_Hg_bAHe9tDiznKPzIfTHP9bIpSfKicodrJBEDFxUSK7X29l8CPICRippAyMn5KLQ8MTbx-3dkUd6q8OAWhIhKN8q_sf-sWZ4t8KgZTArEpKx4K3cTSwUaqig_vNnW2oXoqTXpTAeqLoQfqOVgAFx_T4ewcn3D8cG8aokb0T-aQ5rQ&sig=Cg0ArKJSzFWdUQTugRzPEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9iaXRkZWZlbmRlci5jb20saHR0cHM6Ly9iaXRkZWZlbmRlci5kZQ&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=192&vt=11&dtpt=130&dett=3&cstd=60&cisv=r20231207.97734&arae=0&ftch=1&adurl=

Requested by

Host: 138mg.com
URL: http://138mg.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f198.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 20:07:48 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 21E4 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BVZmIlKaAZdwEv469wA_z46DgDAAAAAA4AeAEAg&bg=!z8ylzIPNAAY3kmNgF5I7ADQBe5WfOEfO7uN9jGSz1JB91QubxoTwwzYIL8FfNlwuGu-6WzLOTzHU0xfFy637Jv9KglnbAgAAADVSAAAAAmgBB5kDPDubbJb7E-1dE44QdB7RCa8iSuBGJp2l51XMR3riMj7tCUgMr0GZuaGPEAZpiDoANMlopkUR7aeXxEP_7QnMIYBfchHsLIu5tYJ9RvFs-a6Vm8G3tJ2zGsouarXoTbSlpJ9tNQ3Jxg4sj3Xb-SDEpEe2v7mCNH4apmIUeaFo_x0CA1zsrHLGn5P7sfvezoaBrMsFCbRa3_QlZo4n3X0Hyvd7neStXmsg-Vzvn2SQor2xELkt_67tq8I2vB-yI5OssfXoQ1k7h6TqGjOjh-coR5RC_xKlCDtWFId6dsJRPr53ILVk4_oPsVOW4B1Lo4uoIzjmEzlVySmxkfGMEXugqbZat-PU0zGyIgWqmOE_NzKiIY3mcUkWhG3eQF9wPtIf8rIwpxBSafZqQTsxJnr8xdwIsAMTgLjw12p-bW9gOLskEiQlfbS4FBwvAioDgWh1UtoRq4OcoPMySN08NEzjfHvClsErplkrOUGmMv6cw89P6Dk9JVHrUT6eYfgE6qD7csr2OWWziOrOw_IptjcZF1Z0qlvj9xPH0_BbC2BXrr3RRkUroBwZb6ZP3LX2_5nB7cIhaE39iAlFuf9yKVi1gnOF9uQmiJ4wkwKXtL7FWEeHA-kH9g-RIuml11fqifVY-Mvi4aQp1rZ8M01022x1SymRVW1C-XuScvRb1FpILi5ubArlBXreQP1ism_GPptrLrPSCj4MXkSms1PXNfIEiLwLkuU0IRRNytjES9HXJHBsIUCR6x_nOYHUrOysBKrvsPnZn2ZqsT1ioPTOHa6xy9dGSaNI-8KciwMHoJTLRiegOQaZjijTrDLvRUAr5W6jvWFeBq-baGwhsJBz_DQAxQweAMVVKSbJMBSHZm4Ba3C9cP3nDfm8ToaSJyI3BtdcGGXLu9-rdHgoLxjx2C2Lx3XzEcwc-TMg61ul95dAME8ZDPp-WW8HjNM5-NI7mmRvi7kMVpNEicqoKQudwqjUTj90vgGfA2x4BtDWlsHVUQGOr70fbdwLdMwHUWRTnF0iBXnotT2_IGGwYDt6nhbiJzsNQmnft8XRRl0t0VjVUnRtfUyHPbjZ613gcQJFQbdw514y3nLvgVHvlciyLw

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 20:07:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET hm.js
hm.baidu.com/ 0
0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 196B 42 B
64 B 58ms
44ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssZ7QyINWRokKrt9Sia4I2W5lJjv0OnqVM7HZzATla27oGGjEN5YFQG2bYSPhR3sXd_90-OfUhxny1rxf7BwSg7MCzDtMth1ghQ0YvFh31VEHZrJLDCtZblarn-VHEJPSCUHV3oAKVW58Wa1roNRVWGXjiI&sai=AMfl-YT-v4z9f0GZc9AFiUzWaz_U18HQ-_FHHScv9Oml7vBgZzdMxnAm1xmERX12zWp_8nhjOYA30jbPUiE-6yfUGL6GXf6oJ5bg1Gp1T5U5_1VKstw1vt3eoGUcS8q2x0Cu-unHGmmmtoxFilZOEy1j&sig=Cg0ArKJSzMkHZHF2Mf2oEAE&cid=CAQSTgAvHhf_SWVz0BTw6aPw5Yd3JH-hsVsbLKGaA1tjD9l_tQ8LuYHpjFDDuoXQNofk1OFAy94etZKDdW9jgeBk8mYTtsJSaeHsAw5ZoTQ2GxgB&id=lidar2&mcvt=1000&p=0,0,280,336&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231213&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=290542049&rs=2&la=0&cr=0&vs=4&r=v&rst=1702930068518&rpt=250&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Dec 2023 20:07:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: hm.baidu.com
URL: https://hm.baidu.com/hm.js?a482c90dcde69602577fa45525d7d7b7

Verdicts & Comments Add Verdict or Comment

38 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
123.wo80.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: m87qmpt66vav9847ubk9se7ms3
.wo80.com/	1970-01-21 02:23:46	Name: __gads Value: ID=714e95d68f68716c:T=1702930067:RT=1702930067:S=ALNI_MbD87rDdaxwHhGRgNL9ohvHuCyvrw
.wo80.com/	1970-01-21 02:23:46	Name: __gpi Value: UID=00000d2178727625:T=1702930067:RT=1702930067:S=ALNI_Mbu63EQdFvRrVSPVGzQVHafPLEOkQ
.doubleclick.net/	1970-01-21 02:23:46	Name: IDE Value: AHWqTUmgS2MeZBdroK1GUkB0h2a3odW_JXk85YrMv-X1CX_8FdL_OpZb6Cg-Y5T0
.adnxs.com/	1970-01-20 19:11:46	Name: uuid2 Value: 566468122677493230
.casalemedia.com/	1970-01-21 01:47:46	Name: CMID Value: ZYCmlENX6ichp9hOsEIYDwAA
.casalemedia.com/	1970-01-20 19:11:46	Name: CMPS Value: 3250
.casalemedia.com/	1970-01-20 19:11:46	Name: CMPRO Value: 3250
.adnxs.com/	1970-01-20 19:11:46	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GTt@uP5=!@wnfH8K6pQK`!5=E<*L5?%K9ipX#n3^_BS6(e2=/[R0MmbWrPAcbH-ZH[3(%nugO%v4VB%nm.E)s_Ni

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

123.wo80.com
138mg.com
ad.doubleclick.net
cm.g.doubleclick.net
dsum-sec.casalemedia.com
googleads.g.doubleclick.net
hm.baidu.com
ib.adnxs.com
pagead2.googlesyndication.com
s0.2mdn.net
s104.cnzz.com
tpc.googlesyndication.com
www.googletagservices.com
hm.baidu.com
142.250.186.130
172.217.16.198
172.64.151.101
185.89.210.180
240e:946:6002:211:3::3dd
2a00:1450:4001:803::2001
2a00:1450:4001:808::2006
2a00:1450:4001:80f::2002
2a00:1450:4001:812::2002
2a00:1450:4001:830::2002
47.52.97.92
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c72457e76341b7d3399a0faea9157dc02fb59063cf3ddc0d7b01fbc8cb8e5a0
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
11ddde88c29ef7e51f5c03da7fde285085469879139d006f631a62dba9bbd069
1411159541cac6ddebd6686720730031f06643e65a5c1ce05febcf4de8504b15
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3cd8994d46ed8c70b88498134d9a7c8e3eb70ddf3f74fc77bf20bd996d7ca5af
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a
60d095601383cf021355d96a73fabc772e65394f140ca417167302707938ab28
7197492a734ca11c318dd1cfb3401a4c1b54126a08bd5d12b8f1119d66368f1c
856c41d7d47bba74b107e526ef8f49968fb2a3a129cdc3c5ef5899ba3c2dc181
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
8eb600d1bfa136d87da7690cd2032c1906a76dcc1df0dc43fd0eb219d5356e68
95557fe443d49cb1f7ff571a7a34e0fd5a90f0358f1f14f68329786311cb1567
9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a45f2ec8bec6c801fbce6c76da9370e44914a051dd91fc40c9948d4239294caf
a6528221c96dda1dfc6d39b83b757bcccb0c692e9e1a472d67faaa16037c3891
ac0f24aa853f716ee2e959e1941db1c07c9e29a3e300719970abdc0c6bd566c1
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2275f4fd4e1567fa43a5716514b1cfe996bdfd17ecc2fdf19ef7fc804e28d47
b38e9be911cecefd634080552ac0f84f02435555f6765e397b94a10d24a5c96a
b8d969ed05c3126fbfb485bbca45ad3e4aa9a06c5625c27b3e51faa3cd67483b
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
caf195ab94cbfaf21aaae06763f8600b9801e4a8423311963e8e913cddc06150
d4372891ad37d902a187abc4d2c1c3ca35bcef4bc29c5bc632e84fda51dc5f4c
d6954a408293e9a96be0825bf57878d7391b583327f3760b106fd11658ca05d0
e11a96c01485cdf01070f6449ad523027d77ba8ea23decb1059cc7393e5cfc1c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ead09f48ac08e2d625705224ad109afce0ffa3d195fa88dcb3150feee30f86f0
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fa3efcb1022504df85ff9f59acd76923266eb8a078b3e746457223967d82ba2e

123.wo80.com Open in urlscan Pro 47.52.97.92 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

43 Requests

74 %HTTPS

55 %IPv6

10 Domains

13 Subdomains

12 IPs

4 Countries

654 kBTransfer

1729 kBSize

9 Cookies

2 Outgoing links

Page URL History

Redirected requests

43 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

123.wo80.com Open in urlscan Pro
47.52.97.92 Public Scan

Screenshot
Live screenshot

Full Image

43
Requests

74 %
HTTPS

55 %
IPv6

10
Domains

13
Subdomains

12
IPs

4
Countries

654 kB
Transfer

1729 kB
Size

9
Cookies

43 HTTP transactions
1 data transactions