mandarintools.com Open in urlscan Pro
216.164.45.51 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://mandarintools.com/
Submission Tags: falconsandbox
Submission: On March 30 via api (March 30th 2022, 2:38:02 pm UTC) from US — Scanned from DE

Summary HTTP 41 Redirects Behaviour Indicators

Summary

This website contacted 14 IPs in 2 countries across 9 domains to perform 41 HTTP transactions. The main IP is 216.164.45.51, located in Silver Spring, United States and belongs to RCN-AS, US. The main domain is mandarintools.com.

This is the only time mandarintools.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	216.164.45.51 216.164.45.51	6079 (RCN-AS) (RCN-AS)
2 4	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	2610:80:0:10d... 2610:80:0:10d::80	6079 (RCN-AS) (RCN-AS)
1	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
41	14

5 216.164.45.51 (Silver Spring, United States)

ASN6079 (RCN-AS, US)
PTR: fbsd.web.rcn.net

mandarintools.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2610:80:0:10d::80 (United States)

ASN6079 (RCN-AS, US)

www.mandarintools.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 98 tpc.googlesyndication.com — Cisco Umbrella Rank: 125	324 KB
6	mandarintools.com mandarintools.com www.mandarintools.com	43 KB
5	google.com 2 redirects www.google.com — Cisco Umbrella Rank: 7 adservice.google.com — Cisco Umbrella Rank: 76	3 KB
4	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 43	41 KB
4	gstatic.com www.gstatic.com fonts.gstatic.com	53 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 45	1 KB
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 169	37 KB
1	google.de adservice.google.de — Cisco Umbrella Rank: 8069	792 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 782	648 B
41	9

	Domain	Requested by
12	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
8	pagead2.googlesyndication.com	mandarintools.com pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com
5	mandarintools.com	mandarintools.com
4	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
4	www.google.com	2 redirects mandarintools.com tpc.googlesyndication.com
3	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	tpc.googlesyndication.com
1	www.googletagservices.com	googleads.g.doubleclick.net
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.mandarintools.com	mandarintools.com
1	www.gstatic.com	mandarintools.com
41	13

This site contains no links.

Subject Issuer	Validity	Valid
www.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh

This page contains 8 frames:

Primary Page: http://mandarintools.com/
Frame ID: DF9020AAC865B019D4D481A48C4A2C60
Requests: 1 HTTP requests in this frame

Frame: http://mandarintools.com/toolbar.html
Frame ID: 2F7ED08FFF528742DF107B59C816D5E4
Requests: 2 HTTP requests in this frame

Frame: http://mandarintools.com/cintro.html
Frame ID: E3A79C3ACE209533FE3EF11268288E84
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1796608980793545&output=html&h=60&slotname=4651638851&adk=2747413331&adf=2192821696&pi=t.ma~as.4651638851&w=468&lmt=1248525171&url=http%3A%2F%2Fmandarintools.com%2Fcintro.html&wgl=1&dt=1648651078137&bpp=12&bdt=76&idt=98&shv=r20220328&mjsv=m202203230101&ptt=5&saldr=sa&correlator=7844784179837&frm=21&ife=1&pv=2&ga_vid=1802068053.1648651078&ga_sid=1648651078&ga_hid=2139242716&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=726&ady=263&biw=1600&bih=1200&isw=1280&ish=1200&ifk=3449358402&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44760332%2C44761043%2C31063247%2C44759850&oid=2&pvsid=1020973325391351&pem=347&uas=0&nvt=1&top=http%3A%2F%2Fmandarintools.com%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1280%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.dceeu585vqrx&fsb=1&xpc=Jh78PYAZ0n&p=http%3A//mandarintools.com&dtd=111
Frame ID: AE21E758096F9D9A782B578BB23EB88D
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.html
Frame ID: 7E38A15CB167A2E07A4B727FDA25B3E9
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: C90C93C7E28CC3FAB333928D7BA3FB44
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: E8F50D43BAAC495D9A348D0CDA489737
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 85FFFF52F2006BCB61AAC2B275A82F06
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

On-line Chinese Tools

Detected technologies

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Page Statistics

41
Requests

80 %
HTTPS

85 %
IPv6

9
Domains

13
Subdomains

14
IPs

2
Countries

504 kB
Transfer

1222 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en HTTP 301
https://www.gstatic.com/prose/brandjs.js

Request Chain 22

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

41 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
mandarintools.com/ 16 KB
16 KB 350ms
128ms Document
text/html 216.164.45.51
RCN-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://mandarintools.com/
Protocol: HTTP/1.1
Server: 216.164.45.51 Silver Spring, United States, ASN6079 (RCN-AS, US),
Reverse DNS: fbsd.web.rcn.net
Software: Apache/2.4.46 / PHP/7.4.15
Resource Hash: d2730fa3f585d2acf0df1343bcb820aa2da454465317afb4c81e7321892c35d6

Request headers

Accept-Language: de-DE,de;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 30 Mar 2022 14:37:57 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.46
Transfer-Encoding: chunked
X-Powered-By: PHP/7.4.15

GET
H/1.1 200
OK toolbar.html Show response
mandarintools.com/ Frame 2F7E 3 KB
3 KB 230ms
127ms Document
text/html 216.164.45.51
RCN-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://mandarintools.com/toolbar.html
Requested by: Host: mandarintools.com
URL: http://mandarintools.com/
Protocol: HTTP/1.1
Server: 216.164.45.51 Silver Spring, United States, ASN6079 (RCN-AS, US),
Reverse DNS: fbsd.web.rcn.net
Software: Apache/2.4.46 /
Resource Hash: 5729983f5bc655a3301c054aad21a75400f55801393948407188eee0e9630b25

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://mandarintools.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 2622
Content-Type: text/html
Date: Wed, 30 Mar 2022 14:37:57 GMT
ETag: "a3e-42226f75cd340"
Keep-Alive: timeout=5, max=99
Last-Modified: Mon, 13 Nov 2006 20:44:21 GMT
Server: Apache/2.4.46

GET
H/1.1 200
OK cintro.html Show response
mandarintools.com/ Frame E3A7 14 KB
14 KB 249ms
126ms Document
text/html 216.164.45.51
RCN-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://mandarintools.com/cintro.html
Requested by: Host: mandarintools.com
URL: http://mandarintools.com/
Protocol: HTTP/1.1
Server: 216.164.45.51 Silver Spring, United States, ASN6079 (RCN-AS, US),
Reverse DNS: fbsd.web.rcn.net
Software: Apache/2.4.46 /
Resource Hash: 24dca94a336c0e389ab92ccc994a951eb87cdad1709935122e914a9023c974f0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://mandarintools.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 14298
Content-Type: text/html
Date: Wed, 30 Mar 2022 14:37:57 GMT
ETag: "37da-46f86eb4f82c0"
Keep-Alive: timeout=5, max=100
Last-Modified: Sat, 25 Jul 2009 12:32:51 GMT
Server: Apache/2.4.46

GET
H/1.1 200
OK ccdude.gif
mandarintools.com/images/ Frame 2F7E 8 KB
9 KB 126ms
126ms Image
image/gif 216.164.45.51
RCN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://mandarintools.com/images/ccdude.gif
Requested by: Host: mandarintools.com
URL: http://mandarintools.com/toolbar.html
Protocol: HTTP/1.1
Server: 216.164.45.51 Silver Spring, United States, ASN6079 (RCN-AS, US),
Reverse DNS: fbsd.web.rcn.net
Software: Apache/2.4.46 /
Resource Hash: e082a988edc3b1fab36ae4a3b198f980040aec85555f36e18ab5e0e356d42560

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://mandarintools.com/toolbar.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 30 Mar 2022 14:37:58 GMT
Last-Modified: Mon, 06 May 2002 17:27:48 GMT
Server: Apache/2.4.46
ETag: "2167-3a053a69a6d00"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 8551

GET
H/1.1 200
OK online.gif
mandarintools.com/images/ Frame E3A7 525 B
801 B 131ms
130ms Image
image/gif 216.164.45.51
RCN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://mandarintools.com/images/online.gif
Requested by: Host: mandarintools.com
URL: http://mandarintools.com/cintro.html
Protocol: HTTP/1.1
Server: 216.164.45.51 Silver Spring, United States, ASN6079 (RCN-AS, US),
Reverse DNS: fbsd.web.rcn.net
Software: Apache/2.4.46 /
Resource Hash: 8c1628593bc8eacb4c957a778ae9d0c2e0e45cd837bbbc3f7d5f12a367e92566

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://mandarintools.com/cintro.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 30 Mar 2022 14:37:58 GMT
Last-Modified: Wed, 16 Dec 1998 15:42:42 GMT
Server: Apache/2.4.46
ETag: "20d-33f1dfd09a080"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 525

GET
H2

200

brandjs.js Show response
www.gstatic.com/prose/ Frame E3A7
Redirect Chain

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en
https://www.gstatic.com/prose/brandjs.js

14 KB
6 KB

30ms
8ms

Script
text/javascript

2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/prose/brandjs.js

Requested by

Host: mandarintools.com
URL: http://mandarintools.com/cintro.html

Protocol

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6395e6f9f6fbcd953f0ffa40615094c565d86c265fb5028e64dd2dc872b5ce69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://mandarintools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 08:06:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23490
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5807
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 15:14:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Thu, 31 Mar 2022 08:06:28 GMT

Redirect headers

Date: Wed, 30 Mar 2022 14:12:57 GMT
X-Content-Type-Options: nosniff
Server: sffe
Age: 1501
Content-Type: text/html; charset=UTF-8
Location: https://www.gstatic.com/prose/brandjs.js
Cache-Control: public, max-age=1800
Content-Length: 237
X-XSS-Protection: 0
Expires: Wed, 30 Mar 2022 14:42:57 GMT

GET
H/1.1 200
OK show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame E3A7 116 KB
40 KB 45ms
25ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: mandarintools.com
URL: http://mandarintools.com/cintro.html

Protocol

HTTP/1.1

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c3128cd45088e45f8cdcec326d4838ac488259ca757008a81bbb6fdfa57543d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://mandarintools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Timing-Allow-Origin: *
Date: Wed, 30 Mar 2022 14:37:58 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
ETag: 16418864503335139166
Vary: Accept-Encoding
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Content-Type: text/javascript; charset=UTF-8
Content-Length: 40192
X-XSS-Protection: 0
Expires: Wed, 30 Mar 2022 14:37:58 GMT

GET
H2 200 branding.png
www.google.com/cse/static/images/1x/en/ Frame E3A7 1 KB
2 KB 34ms
12ms Image
image/png 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/images/1x/en/branding.png

Requested by

Host: mandarintools.com
URL: http://mandarintools.com/cintro.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://mandarintools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 12:42:20 GMT
x-content-type-options: nosniff
age: 352538
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1372
x-xss-protection: 0
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Sun, 26 Mar 2023 12:42:20 GMT

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203230101/ Frame E3A7 296 KB
107 KB 57ms
35ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203230101/show_ads_impl_with_ama_fy2019.js?client=pub-1796608980793545&plah=mandarintools.com

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

31d1018ac9dc44da408d5a9ff0bba9f91ebcc7ca24dbfcb3ea788561ad0cf018

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://mandarintools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 14:37:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 109251
x-xss-protection: 0
server: cafe
etag: 11865740952481211458
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 30 Mar 2022 14:37:58 GMT

GET
H/1.1 200
OK chtools.html
www.mandarintools.com/cgi-bin/ccount.pl/ Frame E3A7 200 B
399 B 432ms
214ms Image
image/gif 2610:80:0:10d::80
RCN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.mandarintools.com/cgi-bin/ccount.pl/chtools.html
Requested by: Host: mandarintools.com
URL: http://mandarintools.com/cintro.html
Protocol: HTTP/1.1
Server: 2610:80:0:10d::80 , United States, ASN6079 (RCN-AS, US),
Reverse DNS
Software: Apache/2.4.46 /
Resource Hash: 5df48a57efebbe27d0c180e9ae763adf8cdf55c22897a3bbeec2ff1634d0a686

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://mandarintools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 30 Mar 2022 14:37:58 GMT
Server: Apache/2.4.46
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: image/gif

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame E3A7 221 B
648 B 39ms
15ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=mandarintools.com&callback=_gfp_s_&client=ca-pub-1796608980793545

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203230101/show_ads_impl_with_ama_fy2019.js?client=pub-1796608980793545&plah=mandarintools.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

aff48fdb0d94f0f76af6d79dfee460b8e9af679ba3adbff0a48d8ac00374c5b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://mandarintools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 14:37:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 204
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame E3A7 107 B
792 B 40ms
16ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=mandarintools.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://mandarintools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 30 Mar 2022 14:37:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame E3A7 107 B
549 B 41ms
18ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=mandarintools.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://mandarintools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 30 Mar 2022 14:37:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame AE21 113 KB
41 KB 784ms
759ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1796608980793545&output=html&h=60&slotname=4651638851&adk=2747413331&adf=2192821696&pi=t.ma~as.4651638851&w=468&lmt=1248525171&url=http%3A%2F%2Fmandarintools.com%2Fcintro.html&wgl=1&dt=1648651078137&bpp=12&bdt=76&idt=98&shv=r20220328&mjsv=m202203230101&ptt=5&saldr=sa&correlator=7844784179837&frm=21&ife=1&pv=2&ga_vid=1802068053.1648651078&ga_sid=1648651078&ga_hid=2139242716&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=726&ady=263&biw=1600&bih=1200&isw=1280&ish=1200&ifk=3449358402&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44760332%2C44761043%2C31063247%2C44759850&oid=2&pvsid=1020973325391351&pem=347&uas=0&nvt=1&top=http%3A%2F%2Fmandarintools.com%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1280%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.dceeu585vqrx&fsb=1&xpc=Jh78PYAZ0n&p=http%3A//mandarintools.com&dtd=111

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d526735e6076e462d52ea2142bee96a2abad1ea027e9f44035ad51771eb981ad

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CMixhe-H7vYCFSfuuwgd8XkHjQ&gqi=RmtEYsinEY7u3wPH1raQBQ&layout=/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://mandarintools.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 41117
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CMixhe-H7vYCFSfuuwgd8XkHjQ&gqi=RmtEYsinEY7u3wPH1raQBQ&layout=/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.html
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Mar 2022 14:37:59 GMT
expires: Wed, 30 Mar 2022 14:37:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 Responsive_listing.html Show response
tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/ Frame 7E38 4 KB
1 KB 33ms
9ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1796608980793545&output=html&h=60&slotname=4651638851&adk=2747413331&adf=2192821696&pi=t.ma~as.4651638851&w=468&lmt=1248525171&url=http%3A%2F%2Fmandarintools.com%2Fcintro.html&wgl=1&dt=1648651078137&bpp=12&bdt=76&idt=98&shv=r20220328&mjsv=m202203230101&ptt=5&saldr=sa&correlator=7844784179837&frm=21&ife=1&pv=2&ga_vid=1802068053.1648651078&ga_sid=1648651078&ga_hid=2139242716&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=726&ady=263&biw=1600&bih=1200&isw=1280&ish=1200&ifk=3449358402&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44760332%2C44761043%2C31063247%2C44759850&oid=2&pvsid=1020973325391351&pem=347&uas=0&nvt=1&top=http%3A%2F%2Fmandarintools.com%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1280%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.dceeu585vqrx&fsb=1&xpc=Jh78PYAZ0n&p=http%3A//mandarintools.com&dtd=111

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0f380fdee43a0103d5cd9bee42e3822ac60512f918a7ed2f805cdaefc5beadc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

age: 73027
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 1157
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 29 Mar 2022 18:20:52 GMT
etag: 11900953634711111692
expires: Wed, 30 Mar 2022 18:20:52 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 adview
googleads.g.doubleclick.net/pagead/ Frame AE21 0
0 52ms
51ms Fetch
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CpZAJRmtEYsj2Eafc7_UP8fOd6AjJp5HyaIHg9MLaD_3MltFCEAEgt8_3AWCVgoCArAegAeqv6JgDyAEJqQLBb9eze62yPqgDAcgDywSqBNUBT9AgiNpyCnn4HM4uW84sERVMTb3AyPkVR8BgGKwJEaQThMJDefs_tY0pWEAQT9Fg1cvK4bD734AqB1rnpkM7oNHFWqblyuXW1b08eCkB2XwT1y58jFt9SYRBA-6f1q4EArLAFWa5T8OPX3a7PO_hQjTkKix9YbYxCXHyBR9dZaaC1uduFXj1u2WX6HiF9fC-DxyIWk8KwxpGiKE-pScTJdL5sWVSScb8iuD430VMZqjhIMNshNLxARjTO_Jm6Fvcd4GKy6hd1C0-2-4rk064zKH0_MZxwASo_avf_AOSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAH_s-XZ6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHAPIHBBDisQbSCAkIgOGAEBABGB-ACgHICwHYEwKIFAHQFQGAFwGyFxwKGggAEhRwdWItMTc5NjYwODk4MDc5MzU0NRgA&sigh=4rjQ-3Aa0_Y&uach_m=[UACH]&template_id=494

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1796608980793545&output=html&h=60&slotname=4651638851&adk=2747413331&adf=2192821696&pi=t.ma~as.4651638851&w=468&lmt=1248525171&url=http%3A%2F%2Fmandarintools.com%2Fcintro.html&wgl=1&dt=1648651078137&bpp=12&bdt=76&idt=98&shv=r20220328&mjsv=m202203230101&ptt=5&saldr=sa&correlator=7844784179837&frm=21&ife=1&pv=2&ga_vid=1802068053.1648651078&ga_sid=1648651078&ga_hid=2139242716&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=726&ady=263&biw=1600&bih=1200&isw=1280&ish=1200&ifk=3449358402&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44760332%2C44761043%2C31063247%2C44759850&oid=2&pvsid=1020973325391351&pem=347&uas=0&nvt=1&top=http%3A%2F%2Fmandarintools.com%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1280%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.dceeu585vqrx&fsb=1&xpc=Jh78PYAZ0n&p=http%3A//mandarintools.com&dtd=111
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 30 Mar 2022 14:37:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 30 Mar 2022 14:37:59 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220328/r20110914/ Frame AE21 19 KB
8 KB 29ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220328/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 14:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 292
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7871
x-xss-protection: 0
server: cafe
etag: 7397949449432438406
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Apr 2022 14:33:07 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C90C 143 B
163 B 8ms
8ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1796608980793545&output=html&h=60&slotname=4651638851&adk=2747413331&adf=2192821696&pi=t.ma~as.4651638851&w=468&lmt=1248525171&url=http%3A%2F%2Fmandarintools.com%2Fcintro.html&wgl=1&dt=1648651078137&bpp=12&bdt=76&idt=98&shv=r20220328&mjsv=m202203230101&ptt=5&saldr=sa&correlator=7844784179837&frm=21&ife=1&pv=2&ga_vid=1802068053.1648651078&ga_sid=1648651078&ga_hid=2139242716&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=726&ady=263&biw=1600&bih=1200&isw=1280&ish=1200&ifk=3449358402&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44760332%2C44761043%2C31063247%2C44759850&oid=2&pvsid=1020973325391351&pem=347&uas=0&nvt=1&top=http%3A%2F%2Fmandarintools.com%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1280%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.dceeu585vqrx&fsb=1&xpc=Jh78PYAZ0n&p=http%3A//mandarintools.com&dtd=111
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

age: 1946
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Wed, 30 Mar 2022 14:05:33 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220328/r20110914/client/ Frame AE21 2 KB
1 KB 24ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220328/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 14:36:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 89
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Apr 2022 14:36:30 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AE21 119 KB
37 KB 58ms
16ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96a8e0be24180feea7bb576beda59048a96bdbf1528f0fe3c487ee6888e07782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 14:37:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648494235360460"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 30 Mar 2022 14:37:59 GMT

GET
H3 200 Configurable_01_122.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 7E38 74 KB
26 KB 18ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Configurable_01_122.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ef7e00750f06efee8a0074f2984b78a62c1a0f8cb971f01197532d57a78a836

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 02:49:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42493
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26222
x-xss-protection: 0
server: cafe
etag: 15511454539072389427
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 31 Mar 2022 02:49:46 GMT

GET
H3 200 Responsive_listing.js Show response
tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/ Frame 7E38 199 KB
68 KB 21ms
12ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a96924ddd5fb2ea84242905ab60d5ba262bb28e91fd6f097a077db0a63728dec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 07:29:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25692
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69148
x-xss-protection: 0
server: cafe
etag: 5199203132765013944
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 31 Mar 2022 07:29:47 GMT

GET
H3 200 Responsive_listing.css
tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/ Frame 7E38 11 KB
2 KB 17ms
8ms Stylesheet
text/css 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.css

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c2b09643e58ded9316fb73dfab3ffca42772599008066cf599bfc7fb40766c1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 21:16:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62463
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1962
x-xss-protection: 0
server: cafe
etag: 15825927903621683888
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 30 Mar 2022 21:16:56 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C90C
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

79ms
79ms

Document
text/html

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 30 Mar 2022 14:37:59 GMT
expires: Wed, 30 Mar 2022 14:37:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 30 Mar 2022 14:37:59 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 7E38 26 KB
10 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/Configurable_01_122.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 14:22:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 954
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 31 Mar 2022 14:22:05 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 7E38 6 KB
1 KB 42ms
17ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,700,300&subset=latin

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 13:29:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 30 Mar 2022 14:37:59 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 30 Mar 2022 14:37:59 GMT

GET
H3 200 12717175800467181667
tpc.googlesyndication.com/simgad/ Frame 7E38 6 KB
6 KB 8ms
7ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12717175800467181667

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

629dfa81f17068f9a89608cd86060d55ddb5d8cba79f39998ca383bd1320b327

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 07:02:39 GMT
x-content-type-options: nosniff
age: 113720
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5962
x-xss-protection: 0
last-modified: Thu, 23 Dec 2021 14:33:36 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 29 Mar 2023 07:02:39 GMT

GET
H3 200 XFpjqGQyXlGhrIMtqUZEtOx9ZrcGJnYAFO97-LZexEg.js Show response
pagead2.googlesyndication.com/bg/ Frame 7E38 35 KB
13 KB 22ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/XFpjqGQyXlGhrIMtqUZEtOx9ZrcGJnYAFO97-LZexEg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c5a63a864325e51a1ac832da94644b4ec7d66b70626760014ef7bf8b65ec448

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 13:50:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2878
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13744
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 30 Mar 2023 13:50:01 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220328/r20110914/client/ Frame AE21 15 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220328/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 14:35:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 148
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Apr 2022 14:35:31 GMT

GET
DATA 200
OK truncated
/ Frame AE21 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e8fb41ecb15b89d9751b10b27ee45dc58fff497ba49f87b765bb6481a3383757

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 7E38 15 KB
16 KB 30ms
7ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700,300&subset=latin

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 18:59:49 GMT
x-content-type-options: nosniff
age: 70690
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 29 Mar 2023 18:59:49 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 7E38 15 KB
16 KB 31ms
9ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700,300&subset=latin

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 20:07:55 GMT
x-content-type-options: nosniff
age: 66604
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 29 Mar 2023 20:07:55 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 7E38 15 KB
16 KB 36ms
14ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700,300&subset=latin

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 16:37:56 GMT
x-content-type-options: nosniff
age: 79203
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Mar 2023 16:37:56 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame E3A7 14 KB
10 KB 37ms
22ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220328&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c828f048c77d4800fa33ece829123f9df50c69eca0660eedcca82d820c8efe6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://mandarintools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 30 Mar 2022 14:37:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10695
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame E3A7 17 KB
6 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://mandarintools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 14:37:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 30 Mar 2022 14:37:59 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame E8F5 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://mandarintools.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 60
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 30 Mar 2022 14:36:59 GMT
expires: Thu, 30 Mar 2023 14:36:59 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 85FF 783 B
534 B 16ms
16ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c360ce27a00be5331d736299fcd569648bb9fe0924e313019ef5de599fb88f53

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-dl5MY4VS7aRRxemc0Uedww' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://mandarintools.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-dl5MY4VS7aRRxemc0Uedww' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 30 Mar 2022 14:37:59 GMT
expires: Wed, 30 Mar 2022 14:37:59 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 XFpjqGQyXlGhrIMtqUZEtOx9ZrcGJnYAFO97-LZexEg.js Show response
pagead2.googlesyndication.com/bg/ Frame E8F5 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/XFpjqGQyXlGhrIMtqUZEtOx9ZrcGJnYAFO97-LZexEg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c5a63a864325e51a1ac832da94644b4ec7d66b70626760014ef7bf8b65ec448

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 13:50:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2878
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13744
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 30 Mar 2023 13:50:01 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 85FF 0
0 56ms
55ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220328&jk=1020973325391351&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame E8F5 0
9 B 7ms
7ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?i994pQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 14:37:59 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E3A7 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220328&jk=1020973325391351&bg=!GhmlGV3NAAbzJazn0yU7ACkAdvg8WhyxEP-LksiqagbtO6i_yHTbidXAsn1jBDBduzKtLlyMGTIv_AIAAABYUgAAAAJoAQeZAyLqVDHvdjNU3LVRkl8UBTnKyWKWMoeafmWdRbReSK7tiqfsS-Psg2Emp3fhxl38jkpAOxI5aJSKMWtKargAYAwQGh6NXWV0yu0DoBDCLRASqB27WyNX03Z2YpYoWU5nS1qsEYJuXJo7ESg1oYEXX7YdFinWehjRObrjeBYRtS3EdPC69c5R7Z5Jj7_Umb20EpGPKSUirYbXiNB2Vq3BOHyGEhWxuXv43n83RyNrPvYjSzD0tiRtVdu4c_1yE0Aiv7W0LY7P0ZNtLRbZQJXhSlWLmXee1DRbw6NGzHXBcgVC9ciVw8tApE8sh5SeVJRjZ2afQfLU4VmhrOSIdBd0L_ueh1nZykZlyxTS8ZT-g-JWEMbjXwV-UEFXOsDdDI93hZcKzd97uBAO6tUd3os1S5hkCfzGnFM88_n-Nlnv5RNtIP7qwxwA7tpD67HRlfbaJTxxo8tHbUKM-zGUhtf-49NiZ2SUmTK2Sg4AXEzRxv3kmcJ1OuV7kDRrZJ9VRv7egoK3zzXYrEmmJzsdVDnncgQS220cadiw7Ag5EDzWVkz29vQcuDKUUdGSQWoTAwuRlAVN6PeldiqhLdeyhtknGNh-QGw7lJ_6wWhr1C1VQixLc1-yRGFXZA2P6VPz-Jzgnl-s1hINOF8ueBPQIBn3WKfzidycyy4cm_ijWpHjxefXiE5kZ7Pp5KtkSDVS6tGnuhqHLjxdNKDopAqpJiLo2vUrXr2LVitf6a-Z36ahFl7_RoHdmZubhhL9MHlk8jVaHWU3adsA6rIS03wOwr2Br799cBdWd3D9jXAfKhVlks5cQstbSx91acA5n1MIK3HSNxBbAAyaFFa_VBBFjZt-pR8yDhV7I624gIXuP-mmFLsgNC9_oGL9LxEAnyPjrXfLE87TsmDhwCi1kd-TkQVlukWat11fZY5E6GRFeDvEMlePdMHm1W8kQkVKeAMw3TTgw9AogeLQC3az2OCl7qrzhNhK6I-t6bAEWezdljWDbpVlRWbRs4foKq9fj4l_LGeUQIYJcYRakMAcD0fwnXWxgzvuX3T8DmM6IOnc2YnyKpl5BR8x

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://mandarintools.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 14:38:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame AE21 42 B
64 B 42ms
42ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstO9hhPTf4mImcfEf45VGCUxTE2q1IcK5emZqwYIVTh6cY0ChgoF8rk6qAunYWFDZ94n925QNLoQp6aAaIOxoamEk8fXdtqYMwqrdd6O8xxNtyI2g4TJQ&sai=AMfl-YTpQKikwZOl-3dAs35Qc7nIlGW9smY0Hq6X-ipCDiAlMFHrfK2wIHwMk1mev9Du87AL076vosEQjE3q&sig=Cg0ArKJSzAK591P_FjcVEAE&id=lidar2&mcvt=1000&p=0,0,60,468&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220328&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=2&adk=2747413331&rs=2&la=0&cr=0&vs=4&r=v&rst=1648651078249&rpt=960&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 14:38:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.mandarintools.com/	1970-01-20 11:19:07	Name: __gads Value: ID=9fec37f94af708c4-2279346a68cd0057:T=1648651078:RT=1648651078:S=ALNI_Mb7k_cphAo4SCLdAArHg6NwMQZ_Bw
.doubleclick.net/	1970-01-20 11:19:07	Name: IDE Value: AHWqTUkIfOuhT-SdFEEcWQKO73lBovpKaq5lfKH6TZwKoH3jvEwIKzKqexQjQsHGOgU
.doubleclick.net/	1970-01-20 01:57:34	Name: DSID Value: NO_DATA

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
mandarintools.com
pagead2.googlesyndication.com
partner.googleadservices.com
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.mandarintools.com
142.250.181.226
216.164.45.51
2610:80:0:10d::80
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2003
2a00:1450:4001:811::2002
2a00:1450:4001:827::2002
2a00:1450:4001:827::2003
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::200a
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2004
2a00:1450:4001:831::2002
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0ef7e00750f06efee8a0074f2984b78a62c1a0f8cb971f01197532d57a78a836
0f380fdee43a0103d5cd9bee42e3822ac60512f918a7ed2f805cdaefc5beadc5
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
24dca94a336c0e389ab92ccc994a951eb87cdad1709935122e914a9023c974f0
2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396
31d1018ac9dc44da408d5a9ff0bba9f91ebcc7ca24dbfcb3ea788561ad0cf018
331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5729983f5bc655a3301c054aad21a75400f55801393948407188eee0e9630b25
5c5a63a864325e51a1ac832da94644b4ec7d66b70626760014ef7bf8b65ec448
5df48a57efebbe27d0c180e9ae763adf8cdf55c22897a3bbeec2ff1634d0a686
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
629dfa81f17068f9a89608cd86060d55ddb5d8cba79f39998ca383bd1320b327
6395e6f9f6fbcd953f0ffa40615094c565d86c265fb5028e64dd2dc872b5ce69
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
6c828f048c77d4800fa33ece829123f9df50c69eca0660eedcca82d820c8efe6
8c1628593bc8eacb4c957a778ae9d0c2e0e45cd837bbbc3f7d5f12a367e92566
96a8e0be24180feea7bb576beda59048a96bdbf1528f0fe3c487ee6888e07782
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a96924ddd5fb2ea84242905ab60d5ba262bb28e91fd6f097a077db0a63728dec
aff48fdb0d94f0f76af6d79dfee460b8e9af679ba3adbff0a48d8ac00374c5b9
c2b09643e58ded9316fb73dfab3ffca42772599008066cf599bfc7fb40766c1d
c3128cd45088e45f8cdcec326d4838ac488259ca757008a81bbb6fdfa57543d4
c360ce27a00be5331d736299fcd569648bb9fe0924e313019ef5de599fb88f53
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3
d2730fa3f585d2acf0df1343bcb820aa2da454465317afb4c81e7321892c35d6
d526735e6076e462d52ea2142bee96a2abad1ea027e9f44035ad51771eb981ad
e082a988edc3b1fab36ae4a3b198f980040aec85555f36e18ab5e0e356d42560
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8fb41ecb15b89d9751b10b27ee45dc58fff497ba49f87b765bb6481a3383757
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

mandarintools.com Open in urlscan Pro 216.164.45.51 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

41 Requests

80 %HTTPS

85 %IPv6

9 Domains

13 Subdomains

14 IPs

2 Countries

504 kBTransfer

1222 kBSize

3 Cookies

0 Outgoing links

Redirected requests

41 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

mandarintools.com Open in urlscan Pro
216.164.45.51 Public Scan

Screenshot
Live screenshot

Full Image

41
Requests

80 %
HTTPS

85 %
IPv6

9
Domains

13
Subdomains

14
IPs

2
Countries

504 kB
Transfer

1222 kB
Size

3
Cookies

41 HTTP transactions
1 data transactions