Submitted URL: https://todawa40.asia/
Effective URL: https://www.todawa57.asia/home.php
Submission Tags: phishingrod
Submission: On January 21 via api from DE — Scanned from DE

Summary

This website contacted 21 IPs in 5 countries across 17 domains to perform 90 HTTP transactions. The main IP is 2606:4700:3030::ac43:d43a, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.todawa57.asia.
TLS certificate: Issued by GTS CA 1P5 on November 27th 2023. Valid for: 3 months.
This is the only time www.todawa57.asia was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 17 2606:4700:303... 13335 (CLOUDFLAR...)
6 211.226.25.200 4766 (KIXS-AS-K...)
11 202.97.174.25 4837 (CHINA169-...)
1 2a04:4e42::649 54113 (FASTLY)
2 112.214.46.111 10036 (CNM-AS-KR...)
4 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
10 2a00:1450:400... 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 4 142.250.185.130 15169 (GOOGLE)
3 5 104.18.36.155 13335 (CLOUDFLAR...)
3 4 185.89.210.141 29990 (ASN-APPNEX)
2 216.58.206.38 15169 (GOOGLE)
15 2a02:26f0:350... 20940 (AKAMAI-ASN1)
4 2606:4700::68... 13335 (CLOUDFLAR...)
1 211.226.25.220 4766 (KIXS-AS-K...)
1 2a00:1450:400... 15169 (GOOGLE)
90 21
Apex Domain
Subdomains
Transfer
19 googlesyndication.com
e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 110
tpc.googlesyndication.com — Cisco Umbrella Rank: 157
109 KB
17 todawa57.asia
www.todawa57.asia
35 KB
15 bannerspace.net
client.bannerspace.net — Cisco Umbrella Rank: 64702
195 KB
11 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 209
googleads.g.doubleclick.net — Cisco Umbrella Rank: 38
cm.g.doubleclick.net — Cisco Umbrella Rank: 260
ad.doubleclick.net — Cisco Umbrella Rank: 163
210 KB
11 keezip.com
i.keezip.com
774 KB
5 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 622
3 KB
4 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 225
29 KB
4 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 253
4 KB
3 ad4989.co.kr
js.ad4989.co.kr — Cisco Umbrella Rank: 138418
cdn13.ad4989.co.kr — Cisco Umbrella Rank: 435902
228 KB
3 abchub.site
ad.abchub.site
7 KB
2 tend-table.com
engine.tend-table.com — Cisco Umbrella Rank: 129560
1 KB
2 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 336
42 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 2
1 KB
1 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 230
66 KB
1 aceplanet.co.kr
ad.aceplanet.co.kr — Cisco Umbrella Rank: 254451
3 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 760
68 KB
1 todawa40.asia
todawa40.asia
427 B
90 17
Domain Requested by
17 www.todawa57.asia 1 redirects www.todawa57.asia
15 client.bannerspace.net s0.2mdn.net
client.bannerspace.net
www.todawa57.asia
11 i.keezip.com www.todawa57.asia
10 pagead2.googlesyndication.com www.todawa57.asia
e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com
tpc.googlesyndication.com
www.googletagservices.com
securepubads.g.doubleclick.net
7 tpc.googlesyndication.com www.todawa57.asia
e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com
tpc.googlesyndication.com
securepubads.g.doubleclick.net
5 dsum-sec.casalemedia.com 3 redirects googleads.g.doubleclick.net
4 cdnjs.cloudflare.com s0.2mdn.net
4 ib.adnxs.com 3 redirects googleads.g.doubleclick.net
4 cm.g.doubleclick.net 3 redirects googleads.g.doubleclick.net
4 securepubads.g.doubleclick.net ad.aceplanet.co.kr
securepubads.g.doubleclick.net
3 ad.abchub.site www.todawa57.asia
js.ad4989.co.kr
2 engine.tend-table.com js.ad4989.co.kr
2 ad.doubleclick.net www.todawa57.asia
2 s0.2mdn.net www.todawa57.asia
s0.2mdn.net
2 e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com securepubads.g.doubleclick.net
2 js.ad4989.co.kr ad.abchub.site
engine.tend-table.com
1 www.google.com tpc.googlesyndication.com
1 cdn13.ad4989.co.kr ad.abchub.site
1 www.googletagservices.com e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com
1 googleads.g.doubleclick.net e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com
1 ad.aceplanet.co.kr ad.abchub.site
1 code.jquery.com ad.abchub.site
1 todawa40.asia 1 redirects
90 23
Subject Issuer Validity Valid
todawa57.asia
GTS CA 1P5
2023-11-27 -
2024-02-25
3 months crt.sh
ad.ad4989.co.kr
Sectigo RSA Domain Validation Secure Server CA
2023-11-29 -
2024-06-28
7 months crt.sh
i.keezip.com
TrustAsia RSA DV TLS CA G2
2023-10-12 -
2024-10-11
a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA
2023-07-11 -
2024-07-14
a year crt.sh
*.ad4989.co.kr
Sectigo RSA Domain Validation Secure Server CA
2023-01-17 -
2024-01-31
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
*.doubleclick.net
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
client.bannerspace.net
R3
2023-11-15 -
2024-02-13
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-07-03 -
2024-07-02
a year crt.sh
www.google.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh

This page contains 10 frames:

Primary Page: https://www.todawa57.asia/home.php
Frame ID: 45C60F1BBDC508B1B3A85C63E5FA7386
Requests: 40 HTTP requests in this frame

Frame: https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: D26169B4529B2552846DF5971B61D1A9
Requests: 1 HTTP requests in this frame

Frame: https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: E4E9AAF7F24F249453821386A9323C12
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHcChCgng4Y8JnUrwEwAQ&v=APEucNUnu5HZhw7PvQz4MRxUbUgtMwO6wzimTG8t0y6AG_mItEFbsPquZWPit0xHIoS86c8dQnMFs3m88hQdHvbyM9_W8ZOOBq75DIwUD6r567_72WvDdNuvHY4L0RmtpCvTQxHPoQoyd0_7NJTyngLv2y3noPsauFOYWIIVCNod_yjjIs4lYfqO-weZ0VkpgwLQe8stUNSZ
Frame ID: 777177633A3AF2A6BF3D303DCAB4BC99
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: B4B789C79B5E2CC490C351AFCB91A0D3
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/13916606041847298126/index.html?ev=01_250
Frame ID: 91E4106D83F1594A6410438B83B49FDF
Requests: 20 HTTP requests in this frame

Frame: https://engine.tend-table.com/cgi-bin/WebLog.dll?servicename=CONF&keyword=&ref=aHR0cHM6Ly93d3cudG9kYXdhNTcuYXNpYS9ob21lLnBocA==&inflow=&adurl=//ad.abchub.site&lang=utf-8&tm=1705796858777
Frame ID: 2908A79336EE466EB93A7E3AA94B79FF
Requests: 3 HTTP requests in this frame

Frame: https://ad.abchub.site/cgi-bin/pelicanc.dll?adservicename=VLD&name=FOIN_CATEGORY&method=set&data=&encode_yn=N&copy_yn=Y&tm=1705796860347
Frame ID: 196ED947264C1426A19218FD58DE906F
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 29B3F91C1F869A52743B0FFC676BD9B8
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D240D0202DF03CA64DCD98F3A502ADD9
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

토다와

Page URL History Show full URLs

  1. https://todawa40.asia/ HTTP 301
    https://www.todawa57.asia/ HTTP 302
    https://www.todawa57.asia/home.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Overall confidence: 100%
Detected patterns
  • zip\.co

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

90
Requests

96 %
HTTPS

62 %
IPv6

17
Domains

23
Subdomains

21
IPs

5
Countries

1769 kB
Transfer

2879 kB
Size

15
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://todawa40.asia/ HTTP 301
    https://www.todawa57.asia/ HTTP 302
    https://www.todawa57.asia/home.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 41
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDvpAESAZBHrsAPpO5kkLzM&google_cver=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDvpAESAZBHrsAPpO5kkLzM&google_cver=1&C=1
Request Chain 42
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Zaxk.p85LHfAlQAODk2lOQAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDvpAESAZBHrsAPpO5kkLzM&google_cver=1&google_hm=2
Request Chain 43
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEBmWKfkjAafj9nDpYfcEomM&google_cver=1 HTTP 307
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEBmWKfkjAafj9nDpYfcEomM%26google_cver%3D1
Request Chain 44
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzI1ODIxODM4NzA2NzE1ODUyNw%3D%3D

90 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request home.php
www.todawa57.asia/
Redirect Chain
  • https://todawa40.asia/
  • https://www.todawa57.asia/
  • https://www.todawa57.asia/home.php
47 KB
7 KB
Document
General
Full URL
https://www.todawa57.asia/home.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:d43a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.6.40
Resource Hash
c0cfd9aa3c9585cf19f33116277406ca6ed9c3e8384677ad71a19df3a9aae580

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
848b6e9becc765fd-AMS
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 21 Jan 2024 00:27:33 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qnUv%2BDPHm64wFT7u5LgZvoL3HrGMpgaflxcdmb%2FbPLbjgZk%2Bg1EBgTtVYPaaK8DqM2DESVPeYGe7%2FpY5mEo7o01x4194hvk%2FfBGPKBV8m5QXa5nT69ir2VYV9PAplrRMSCQ7Raseqhj72yGh%2BJLGgg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/5.6.40

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
848b6e993a6065fd-AMS
content-type
text/html; charset=UTF-8
date
Sun, 21 Jan 2024 00:27:33 GMT
location
home.php
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XyTRmJYN49ofEbk3JC8dFme8nrKvP2W8vvatb1ifxEv8BWLdOw1Z%2BHLpEmOsEVdXsEdspobg1sqp6oX2JrZj5hm4vx16nzsIZUS4XQyktmCPi8oHPYfrYSlyq0bNqnrkPihdShHz40LP7nJP1hg6qw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/5.6.40
PelicanC.dll
ad.abchub.site/cgi-bin/
3 KB
3 KB
Script
General
Full URL
https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
211.226.25.200 Yongin-si, Korea, Republic Of, ASN4766 (KIXS-AS-KR Korea Telecom, KR),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
2d930af4bd5419bf72222580b88380a552e44fc551211bea4f14fee9800c4c59

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

P3P
CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
Pragma
no-cache
Date
Sun, 21 Jan 2024 00:27:35 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
Microsoft-IIS/10.0
Connection
close
Content-type
text/html
common.css
www.todawa57.asia/css/
6 KB
2 KB
Stylesheet
General
Full URL
https://www.todawa57.asia/css/common.css?v5
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:d43a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
308052b1bf48d457ff68c33a498c882f75beaae17118485be2dd3163fe0c7c11

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/home.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:33 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 09 Sep 2021 10:45:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
26568
etag
W/"6139e5b9-179f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ocaaPoW0WO1b28gmj4OltrdahngazuyO0%2FMbigZV3zhwYg6WE25W6DvsLbhjkOzfjGuAN8WQ%2FDwObxiua2lzZhqqoLbywplkLEMyFnuS7oR36etsmy%2FWRqHe2ebp2KFX5rXTYcNIuLr7YfPPMqN3tw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
848b6e9d6d1b667f-AMS
alt-svc
h3=":443"; ma=86400
expires
Sun, 21 Jan 2024 05:04:45 GMT
main.css
www.todawa57.asia/css/
2 KB
988 B
Stylesheet
General
Full URL
https://www.todawa57.asia/css/main.css
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:d43a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf18a9ed9a6aa889d227de181fe071fe47062764cacd90c4423b81b6bbbee834

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/home.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:33 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 19 Sep 2019 13:18:56 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
26568
etag
W/"5d838040-6a1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=00Ksa%2Bj%2ByHYanaDUh8BYk2uf9bNa4oSFTpjQxzuJr%2Bq1CWHVBkfHIcmIFpseZqeJZGprDJY341XJCRHsY8iL7XQ3AREl9IC2xmJzngNGVHy%2F2sSWkrsFGuHlUD8pPyZjgKAsNxYcN1l%2BKydENmDXJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
848b6e9d6d1c667f-AMS
alt-svc
h3=":443"; ma=86400
expires
Sun, 21 Jan 2024 05:04:45 GMT
sub.css
www.todawa57.asia/css/
6 KB
2 KB
Stylesheet
General
Full URL
https://www.todawa57.asia/css/sub.css
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:d43a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
72855f862df04b84b9755977382129f3f7f22f188f02686807e0eb5df1916155

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/home.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:33 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 14 May 2021 08:41:58 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
26568
etag
W/"609e37d6-1648"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8RhaKZLvFtPIoEGcuCW2qC2sUIiM383GtRr0rfMoPJkMaK14Z6S9%2FpK%2Fukk27yq3udTRQJkbfLKPoXyEzFZlr7VLY0EN6MWAg0CcC9M0M7f8a65rwZVrcGZMZXhHCZrK6GiukSvdq8XKHQ8ZEDnpJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
848b6e9d6d1d667f-AMS
alt-svc
h3=":443"; ma=86400
expires
Sun, 21 Jan 2024 05:04:45 GMT
iconfont.css
www.todawa57.asia/css/
5 KB
4 KB
Stylesheet
General
Full URL
https://www.todawa57.asia/css/iconfont.css
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:d43a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d322485983f9bf6aa843345c3eb6dcc06b6d60555c849a778133ac335aa4251

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/home.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:33 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 08 Oct 2019 00:38:22 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
26568
etag
W/"5d9bda7e-1545"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8417poNFetspmtq82AYgI%2FZKq9T%2BmjuWsB5mSUr3RpJEjERpDKhCW5DyGtaRWoX4nfskw%2BMPVxDld%2BBPUZtgLyyHMiBOiuOrTWtLFlYGvzivLLD9PyKyp%2BVzlfXZG6F%2B%2BByzKkJUfKmG83cjC04XMA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
848b6e9d6d20667f-AMS
alt-svc
h3=":443"; ma=86400
expires
Sun, 21 Jan 2024 05:04:45 GMT
common.js
www.todawa57.asia/js/
1 KB
936 B
Script
General
Full URL
https://www.todawa57.asia/js/common.js
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:d43a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf0d6da2b17b813749a8b61047b209827603fb1fdff3ef336df7e67fe16aefe9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/home.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:33 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 19 Sep 2019 03:04:04 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
26568
etag
W/"5d82f024-5d2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FC3AdAMY95%2FquZ1Qpd5%2BCQRHNyptiPqTe5S0WbdSL4M9ZA5X1VXomKVu7YRWy%2FAoHuHc0FC1s%2BPEf8oRsUy75sS8VLAWPPc4B%2FOxEbJVJDLaTW%2BLuU5tXQswlG6ShCj5t2LWGWWnJfw47g272sD40w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
848b6e9d6d22667f-AMS
alt-svc
h3=":443"; ma=86400
expires
Sun, 21 Jan 2024 05:04:45 GMT
logo.gif
www.todawa57.asia/images/common/
2 KB
3 KB
Image
General
Full URL
https://www.todawa57.asia/images/common/logo.gif
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:d43a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
66ea8b8e5fb63e30170770409f524bac18a024b210d690fa0db919212269a14a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/home.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:33 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
282877
alt-svc
h3=":443"; ma=86400
content-length
2449
last-modified
Thu, 19 Sep 2019 04:49:56 GMT
server
cloudflare
etag
"5d8308f4-991"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ftazxkbBL8XxROIiUMSRJwYlTzgXDrUsv2B4hQr4WhGacdsdVfYrGctMdSBN3Cxs37XmDApJ3eFjX7LDwXGOKqu5YoVioTf2sIJex%2FNQ01a4zfRyy4%2Fp0ivgA4vUaymrjV9YJrgiw8SC%2BFj5bbq3Pw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
848b6e9d6d24667f-AMS
expires
Fri, 16 Feb 2024 17:52:56 GMT
search.gif
www.todawa57.asia/images/common/
2 KB
2 KB
Image
General
Full URL
https://www.todawa57.asia/images/common/search.gif
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:d43a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f89a06d4661e5607389bec9499b0d799fb723f1319cdb5fd1024fa5d70161075

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/home.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:33 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
282877
alt-svc
h3=":443"; ma=86400
content-length
1782
last-modified
Wed, 18 Sep 2019 05:26:59 GMT
server
cloudflare
etag
"5d81c023-6f6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QsJ9A5Xn%2BBISwHgAK6RbC2KkioN3GSpp0l0ZiU7%2F7Ogps694kbZR3Ct%2BkPfYW6N47Pf3FfmOdmU3kH3vNaijQlx58pb%2FzIcGD%2BKSGhgj94K2zXD6GDxl6iIUJCIZccVB544WUT9NAJWNXDKSCx3Tpw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
848b6e9d6d26667f-AMS
expires
Fri, 16 Feb 2024 17:52:56 GMT
img_19.png
www.todawa57.asia/images/
1 KB
2 KB
Image
General
Full URL
https://www.todawa57.asia/images/img_19.png
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:d43a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ed0e54d3733153667e0c73b418b4a4219087f69af048f715e8c0d360112b0571

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/home.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:33 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
282877
alt-svc
h3=":443"; ma=86400
content-length
1535
last-modified
Wed, 08 Jun 2022 13:48:46 GMT
server
cloudflare
etag
"62a0a8be-5ff"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Boh6xpnrZOvBc%2B95L9ZwmK%2FljmRg6He2zBl%2BS2iuLz4Iyy3ZEvOv5lL6ioQ3qCjohfIT0JMWSCE1BgOj6WAuvGqXF1IykQxwoSM%2BvThPIxROBixDh4LAR6OUWTJ4RiR8wIV%2BzHddnZ9SFKJlT0AmMg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
848b6e9dad55667f-AMS
expires
Fri, 16 Feb 2024 17:52:56 GMT
bet1_380.jpg
i.keezip.com/ad/
42 KB
42 KB
Image
General
Full URL
https://i.keezip.com/ad/bet1_380.jpg
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.97.174.25 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software
nginx/1.15.11 /
Resource Hash
783361ed917fad413a4249d12774f5b0be1e4e75495da00e3b3e9edb1e10926f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Sun, 21 Jan 2024 00:27:34 GMT
Last-Modified
Tue, 31 Jan 2023 16:21:48 GMT
Server
nginx/1.15.11
ETag
"63d9401c-a8a2"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43170
wn-xg_1.jpg
i.keezip.com/ad/
60 KB
60 KB
Image
General
Full URL
https://i.keezip.com/ad/wn-xg_1.jpg
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.97.174.25 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software
nginx/1.15.11 /
Resource Hash
a4d9e2cbab3e0d55a661df4ffba7c67a137191d93b5e1714cf56b5eafb052c07

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Sun, 21 Jan 2024 00:27:34 GMT
Last-Modified
Tue, 10 May 2022 08:41:28 GMT
Server
nginx/1.15.11
ETag
"627a2538-ee19"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
60953
ww-ot_m.jpg
i.keezip.com/ad/
51 KB
51 KB
Image
General
Full URL
https://i.keezip.com/ad/ww-ot_m.jpg
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.97.174.25 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software
nginx/1.15.11 /
Resource Hash
fd3a78c44240fc968612ed1a66b1ddf9f2e88ee172a587673e20a3d2709194c3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Sun, 21 Jan 2024 00:27:34 GMT
Last-Modified
Wed, 31 Aug 2022 14:18:44 GMT
Server
nginx/1.15.11
ETag
"630f6dc4-ca78"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
51832
drugpharm_m2.gif
i.keezip.com/ad/
69 KB
69 KB
Image
General
Full URL
https://i.keezip.com/ad/drugpharm_m2.gif
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.97.174.25 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software
nginx/1.15.11 /
Resource Hash
899cd99a24a6950e11055aef298623208bde99364981f3a8b48b2c8580ca3d14

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Sun, 21 Jan 2024 00:27:34 GMT
Last-Modified
Sun, 26 Mar 2023 05:15:08 GMT
Server
nginx/1.15.11
ETag
"641fd4dc-114db"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
70875
nulpurn_380.gif
i.keezip.com/ad/
195 KB
195 KB
Image
General
Full URL
https://i.keezip.com/ad/nulpurn_380.gif
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.97.174.25 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software
nginx/1.15.11 /
Resource Hash
6bd415fb0978ecddc6a9a1e77da54a17e77044f2a7c3d1fb9c6dbe82d2a5dbeb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Sun, 21 Jan 2024 00:27:34 GMT
Last-Modified
Wed, 06 Dec 2023 03:43:02 GMT
Server
nginx/1.15.11
ETag
"656fedc6-30ccd"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
199885
herbnewming.gif
i.keezip.com/ad/
142 KB
142 KB
Image
General
Full URL
https://i.keezip.com/ad/herbnewming.gif
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.97.174.25 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software
nginx/1.15.11 /
Resource Hash
cf2b04e65eac6603f6472fe3b58bda2918c4a4fdbe0a5878eda75da7d43b4925

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Sun, 21 Jan 2024 00:27:34 GMT
Last-Modified
Tue, 29 Aug 2023 08:14:39 GMT
Server
nginx/1.15.11
ETag
"64eda8ef-236fc"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
145148
filecast_m.gif
i.keezip.com/ad/
10 KB
10 KB
Image
General
Full URL
https://i.keezip.com/ad/filecast_m.gif
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.97.174.25 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software
nginx/1.15.11 /
Resource Hash
27ce170f477b80957c55e1939c87820de82f8ce1bc71571477bf78de9ba34ed4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Sun, 21 Jan 2024 00:27:34 GMT
Last-Modified
Sun, 02 Apr 2023 02:29:00 GMT
Server
nginx/1.15.11
ETag
"6428e86c-28e1"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
10465
sekder.gif
i.keezip.com/ad/
20 KB
20 KB
Image
General
Full URL
https://i.keezip.com/ad/sekder.gif
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.97.174.25 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software
nginx/1.15.11 /
Resource Hash
d22868dbb660acc95fec8868fbbcf2979c3ec66becf9a1e9b64c8a2252553196

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Sun, 21 Jan 2024 00:27:34 GMT
Last-Modified
Fri, 24 Nov 2023 05:09:15 GMT
Server
nginx/1.15.11
ETag
"65602ffb-501e"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
20510
icon_new.gif
www.todawa57.asia/images/
511 B
997 B
Image
General
Full URL
https://www.todawa57.asia/images/icon_new.gif
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:d43a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8a57e51ca4ccf80a78e91a18e4a45c93f6f266a7d9d8ff54c93d2f7bd33ccd5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/home.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:36 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
282880
alt-svc
h3=":443"; ma=86400
content-length
511
last-modified
Thu, 19 Sep 2019 13:42:13 GMT
server
cloudflare
etag
"5d8385b5-1ff"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wd332ZhBpGdbCgKjvwqjoxLH5KJAMXULXB5bRAwvJMkWPSIuoITpcy0I%2BhEU4yb47ctdurY76P7ji7RdkWFMbpI28nahJ8CjFKp0a4F40v00mGxOaoOaCz4lU4f8OaYphtu95RFHJZggDbZKjuyj%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
848b6eaf8e15667f-AMS
expires
Fri, 16 Feb 2024 17:52:56 GMT
icon_nonew.gif
www.todawa57.asia/images/
1 KB
2 KB
Image
General
Full URL
https://www.todawa57.asia/images/icon_nonew.gif
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:d43a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1bdc4c80ed0efafe91180d84a9516d1b468a47ec7bf03db4230e527e014cdd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/home.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:36 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
282879
alt-svc
h3=":443"; ma=86400
content-length
1245
last-modified
Sat, 12 Oct 2019 14:47:22 GMT
server
cloudflare
etag
"5da1e77a-4dd"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eUjOtu89ABKAjYT302ykKDPGtmE9VH8IX5fmv8vsAMutaW1XQx4Sa2ID%2BJ9pJbgPy0ntBtbKzFI05gJ1pRhvAzLg%2FBa5iVCRFl%2BoHaHU3DE4kHDYqrBZSL%2FE7GQUPdtMqrw%2B29uaWdvNJ%2BYVBI2Ocw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
848b6eaf8e16667f-AMS
expires
Fri, 16 Feb 2024 17:52:57 GMT
drugpharm2.gif
i.keezip.com/ad/
70 KB
70 KB
Image
General
Full URL
https://i.keezip.com/ad/drugpharm2.gif
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.97.174.25 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software
nginx/1.15.11 /
Resource Hash
1131f045ddc50292cb1ed4af9659a0850359a37bc401e4a9ef7062a52abb836f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Sun, 21 Jan 2024 00:27:35 GMT
Last-Modified
Tue, 31 Oct 2023 07:49:40 GMT
Server
nginx/1.15.11
ETag
"6540b194-118c1"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
71873
bet1_250.jpg
i.keezip.com/ad/
77 KB
78 KB
Image
General
Full URL
https://i.keezip.com/ad/bet1_250.jpg
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.97.174.25 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software
nginx/1.15.11 /
Resource Hash
01f68ef3a7eef7b7cc21cacca00a0c191f172d4327e4f04399191ffaac8cae49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Sun, 21 Jan 2024 00:27:35 GMT
Last-Modified
Tue, 31 Jan 2023 16:22:24 GMT
Server
nginx/1.15.11
ETag
"63d94040-135ab"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
79275
nulpurn_200.gif
i.keezip.com/ad/
35 KB
35 KB
Image
General
Full URL
https://i.keezip.com/ad/nulpurn_200.gif
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.97.174.25 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software
nginx/1.15.11 /
Resource Hash
f34285967052f4d10e4732af244d5db654ab1b685b9f505cf770dbc186bc7171

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Sun, 21 Jan 2024 00:27:35 GMT
Last-Modified
Tue, 22 Aug 2023 14:00:52 GMT
Server
nginx/1.15.11
ETag
"64e4bf94-8c57"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
35927
jquery-3.6.0.slim.js
code.jquery.com/
230 KB
68 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.6.0.slim.js
Requested by
Host: ad.abchub.site
URL: https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
1f058e34466ba6ea21f79d5c403d68bf61d42b9cc0e43c09d433545da33a16c6

Request headers

Referer
https://www.todawa57.asia/
Origin
https://www.todawa57.asia
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Sun, 21 Jan 2024 00:27:36 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
10994651
x-cache
HIT, HIT
content-length
68992
x-served-by
cache-lga21921-LGA, cache-fra-etou8220033-FRA
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1705796856.166717,VS0,VE0
etag
W/"28feccc0-3974d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
1814, 7
PelicanC.dll
ad.aceplanet.co.kr/cgi-bin/
2 KB
3 KB
Script
General
Full URL
https://ad.aceplanet.co.kr/cgi-bin/PelicanC.dll?impr?pageid=05yZ&out=script
Requested by
Host: ad.abchub.site
URL: https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
211.226.25.200 Yongin-si, Korea, Republic Of, ASN4766 (KIXS-AS-KR Korea Telecom, KR),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
72863df27774cdc732cd14c6373ed2fbb25b7baaba2456673bf8685e784e6e83

Request headers

Referer
https://www.todawa57.asia/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

P3P
CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
Pragma
no-cache
Date
Sun, 21 Jan 2024 00:27:37 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
Microsoft-IIS/10.0
Connection
close
Content-type
text/html
tend.js
js.ad4989.co.kr/common/js/
35 KB
9 KB
Script
General
Full URL
https://js.ad4989.co.kr/common/js/tend.js
Requested by
Host: ad.abchub.site
URL: https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
112.214.46.111 Guro-gu, Korea, Republic Of, ASN10036 (CNM-AS-KR DLIVE, KR),
Reverse DNS
Software
/
Resource Hash
1e18c00f7d939493d0e4c97c057493a49da1e1d7847b151fbd2772f3ac502904

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:37 GMT
content-encoding
gzip
last-modified
Wed, 20 Oct 2021 07:20:32 GMT
accept-ranges
bytes
etag
"616fc340:2272"
content-length
8818
content-type
application/javascript
gpt.js
securepubads.g.doubleclick.net/tag/js/
97 KB
29 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: ad.aceplanet.co.kr
URL: https://ad.aceplanet.co.kr/cgi-bin/PelicanC.dll?impr?pageid=05yZ&out=script
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
96bdf14559b04aa1dac81239fb038671f6caa9c7ca70b97198853498427b7123
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:37 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29367
x-xss-protection
0
server
cafe
etag
429 / 19743 / 31080550 / config-hash: 15866861927224639442
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Sun, 21 Jan 2024 00:27:37 GMT
PelicanC.dll
ad.abchub.site/cgi-bin/
3 KB
3 KB
Script
General
Full URL
https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
211.226.25.200 Yongin-si, Korea, Republic Of, ASN4766 (KIXS-AS-KR Korea Telecom, KR),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
077bf40d341eea2dd7d2eff690a4b877d8716d2d5234a58cb933598c4e63814b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

P3P
CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
Pragma
no-cache
Date
Sun, 21 Jan 2024 00:27:38 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
Microsoft-IIS/10.0
Connection
close
Content-type
text/html
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/
430 KB
135 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js?cb=31080550
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5dd0b5724f4bbac4bd58de274236fce36135ce302364b3b8ff5c4c3631e81139
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 20 Jan 2024 09:41:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
53178
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
138095
x-xss-protection
0
server
cafe
etag
16105826302836755247
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Sun, 19 Jan 2025 09:41:19 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/
68 B
84 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.todawa57.asia
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d2af7fa9c0d0aaec3746563f9a126f659fcf59523318028c2f5e2d61fe022472
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:37 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
60
x-xss-protection
0
expires
Sun, 21 Jan 2024 00:27:37 GMT
ads
securepubads.g.doubleclick.net/gampad/
110 KB
44 KB
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3947162631675289&correlator=3808979199788996&eid=31080550%2C44807746%2C31079724&output=ldjh&gdfp_req=1&vrg=202401180101&ptt=17&impl=fif&iu_parts=21682743634%3A22431107073%2CS011%2Cplaystore%2Cga02%2Cpc%2Cpost_right_bottom_btf_300x250&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4%2F5&prev_iu_szs=300x250&ifi=1&sfv=1-0-40&eri=4&sc=1&cookie_enabled=1&cdm=www.todawa57.asia&abxe=1&dt=1705796857572&adxs=1268&adys=1176&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=%2F%2Fplay-store.co.kr&loc=https%3A%2F%2Fwww.todawa57.asia%2Fhome.php&vis=1&psz=300x-1&msz=300x-1&fws=512&ohw=0&ga_vid=1564683337.1705796858&ga_sid=1705796858&ga_hid=94917368&ga_fc=false&dlt=1705796853326&idt=4205&adks=3759869028&frm=20
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js?cb=31080550
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c58b9d4e826e37b7845b649f54241ed297e05bbb7e5d6a3faf131afab9c006c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:37 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
45027
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.todawa57.asia
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D261
6 KB
3 KB
Document
General
Full URL
https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js?cb=31080550
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.todawa57.asia/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 21 Jan 2024 00:27:37 GMT
expires
Mon, 20 Jan 2025 00:27:37 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E4E9
6 KB
3 KB
Document
General
Full URL
https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js?cb=31080550
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.todawa57.asia/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 21 Jan 2024 00:27:37 GMT
expires
Mon, 20 Jan 2025 00:27:37 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pixel
googleads.g.doubleclick.net/xbbe/ Frame 7771
624 B
827 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHcChCgng4Y8JnUrwEwAQ&v=APEucNUnu5HZhw7PvQz4MRxUbUgtMwO6wzimTG8t0y6AG_mItEFbsPquZWPit0xHIoS86c8dQnMFs3m88hQdHvbyM9_W8ZOOBq75DIwUD6r567_72WvDdNuvHY4L0RmtpCvTQxHPoQoyd0_7NJTyngLv2y3noPsauFOYWIIVCNod_yjjIs4lYfqO-weZ0VkpgwLQe8stUNSZ
Requested by
Host: e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com
URL: https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
222
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 21 Jan 2024 00:27:38 GMT
expires
Sun, 21 Jan 2024 00:27:38 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
express_html_inpage_rendering_lib_200_278.js
s0.2mdn.net/879366/ Frame E4E9
111 KB
39 KB
Script
General
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/
Origin
https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 20 Jan 2024 21:44:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
9799
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39806
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 18:44:05 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sun, 21 Jan 2024 21:44:19 GMT
omrhp_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/elements/html/ Frame E4E9
8 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/elements/html/omrhp_fy2021.js
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef34301455784e8a56ecc7a80985d6fd317ddd8328b6232dc0bc3223d79c91c2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 20 Jan 2024 18:56:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
19854
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3206
x-xss-protection
0
server
cafe
etag
12640889860211258669
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 03 Feb 2024 18:56:44 GMT
abg_lite_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/ Frame E4E9
23 KB
9 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/abg_lite_fy2021.js
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 20 Jan 2024 13:33:30 GMT
content-encoding
br
x-content-type-options
nosniff
age
39248
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9276
x-xss-protection
0
server
cafe
etag
3558958386372919956
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 03 Feb 2024 13:33:30 GMT
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame E4E9
41 KB
14 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 17 Jan 2024 02:28:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
338365
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Jan 2025 02:28:13 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame E4E9
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/window_focus_fy2021.js
Requested by
Host: e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com
URL: https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 20 Jan 2024 13:28:07 GMT
content-encoding
br
x-content-type-options
nosniff
age
39571
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 03 Feb 2024 13:28:07 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame E4E9
20 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com
URL: https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 20 Jan 2024 18:28:59 GMT
content-encoding
br
x-content-type-options
nosniff
age
21519
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8492
x-xss-protection
0
server
cafe
etag
9878124937798820110
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 03 Feb 2024 18:28:59 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame E4E9
42 B
173 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AECEjkJO_nHtMnva4I-Mv8sZ9qisJs7ToCEgPFS4RNEJiCf6jRyKCbe0UtFPWbWmt8t0udDsSPe_u0HExZz5ULCRkGgKVI7EQjkKjm87bE4m8a24k
Requested by
Host: e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com
URL: https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 21 Jan 2024 00:27:38 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame E4E9
206 KB
66 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com
URL: https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66453
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1705495733332172"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 21 Jan 2024 00:27:38 GMT
rum
dsum-sec.casalemedia.com/ Frame 7771
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDvpAESAZBHrsAPpO5kkLzM&google_cver=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDvpAESAZBHrsAPpO5kkLzM&google_cver=1&C=1
43 B
773 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDvpAESAZBHrsAPpO5kkLzM&google_cver=1&C=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHcChCgng4Y8JnUrwEwAQ&v=APEucNUnu5HZhw7PvQz4MRxUbUgtMwO6wzimTG8t0y6AG_mItEFbsPquZWPit0xHIoS86c8dQnMFs3m88hQdHvbyM9_W8ZOOBq75DIwUD6r567_72WvDdNuvHY4L0RmtpCvTQxHPoQoyd0_7NJTyngLv2y3noPsauFOYWIIVCNod_yjjIs4lYfqO-weZ0VkpgwLQe8stUNSZ
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 21 Jan 2024 00:27:38 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fXzrfLKgO5jFNmJv0KtYlMCb8n0hYNe9f9%2FGNbigW7Ql8JrHY%2B4Woml%2FCztwtXNMX9oudFCDWFB3Eh2eN%2FB%2B1gYmKNflwdc2%2FoA4BXgPSfkmDRVNh5s%2FFUhthju0Jm1tULMYIDmVBvTPMg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
848b6ebccdeb58f0-TXL
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Sun, 21 Jan 2024 00:27:38 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1WnlqGmCzo4CsWybrnPHG7jjCd71O%2FqZCcUJ1drqLiCw0CO0qgm1NVvZHz0IyTwCPeIDkhdbtpnxbEEDgXlJ8wZcMNWBzonii6umH9MwCTGlF8R5BtP8WmSg4iaXk63xmA4GJofveQCcrw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location
/rum?cm_dsp_id=45&external_user_id=CAESEDvpAESAZBHrsAPpO5kkLzM&google_cver=1&C=1
cache-control
no-cache
cf-ray
848b6ebc4d33aca7-TXL
alt-svc
h3=":443"; ma=86400
content-length
0
expires
0
rum
dsum-sec.casalemedia.com/ Frame 7771
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Zaxk.p85LHfAlQAODk2lOQAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDvpAESAZBHrsAPpO5kkLzM&google_cver=1&google_hm=2
43 B
732 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDvpAESAZBHrsAPpO5kkLzM&google_cver=1&google_hm=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHcChCgng4Y8JnUrwEwAQ&v=APEucNUnu5HZhw7PvQz4MRxUbUgtMwO6wzimTG8t0y6AG_mItEFbsPquZWPit0xHIoS86c8dQnMFs3m88hQdHvbyM9_W8ZOOBq75DIwUD6r567_72WvDdNuvHY4L0RmtpCvTQxHPoQoyd0_7NJTyngLv2y3noPsauFOYWIIVCNod_yjjIs4lYfqO-weZ0VkpgwLQe8stUNSZ
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 21 Jan 2024 00:27:38 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J2yrTREscSIeYuF46weXbhsjyM9eFOTZ%2B6IOFh4qB1cTHJBifP1pvdT0yICBhEbNVsRBX3mUty%2BydHCIqm4rQ1JftYT8jac9s2cfFBnP9E2nSaRpbuIIAJEFm9kcb%2BMPhPCSqMhSXEoN5w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
848b6ebd2e7658f0-TXL
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Sun, 21 Jan 2024 00:27:38 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDvpAESAZBHrsAPpO5kkLzM&google_cver=1&google_hm=2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
329
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bounce
ib.adnxs.com/ Frame 7771
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEBmWKfkjAafj9nDpYfcEomM&google_cver=1
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEBmWKfkjAafj9nDpYfcEomM%26google_cver%3D1
43 B
1 KB
Image
General
Full URL
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEBmWKfkjAafj9nDpYfcEomM%26google_cver%3D1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHcChCgng4Y8JnUrwEwAQ&v=APEucNUnu5HZhw7PvQz4MRxUbUgtMwO6wzimTG8t0y6AG_mItEFbsPquZWPit0xHIoS86c8dQnMFs3m88hQdHvbyM9_W8ZOOBq75DIwUD6r567_72WvDdNuvHY4L0RmtpCvTQxHPoQoyd0_7NJTyngLv2y3noPsauFOYWIIVCNod_yjjIs4lYfqO-weZ0VkpgwLQe8stUNSZ
Protocol
H2
Server
185.89.210.141 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 21 Jan 2024 00:27:38 GMT
an-x-request-uuid
af4c259e-6cc5-42f0-8e29-78c1f40c0e5b
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
217.114.218.26; 217.114.218.26; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Sun, 21 Jan 2024 00:27:38 GMT
an-x-request-uuid
d544bf9f-f9e8-4c11-bcc2-546c0f9ba1b1
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
location
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEBmWKfkjAafj9nDpYfcEomM%26google_cver%3D1
cache-control
no-store, no-cache, private
x-proxy-origin
217.114.218.26; 217.114.218.26; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 7771
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzI1ODIxODM4NzA2NzE1ODUyNw%3D%3D
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzI1ODIxODM4NzA2NzE1ODUyNw%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHcChCgng4Y8JnUrwEwAQ&v=APEucNUnu5HZhw7PvQz4MRxUbUgtMwO6wzimTG8t0y6AG_mItEFbsPquZWPit0xHIoS86c8dQnMFs3m88hQdHvbyM9_W8ZOOBq75DIwUD6r567_72WvDdNuvHY4L0RmtpCvTQxHPoQoyd0_7NJTyngLv2y3noPsauFOYWIIVCNod_yjjIs4lYfqO-weZ0VkpgwLQe8stUNSZ
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 21 Jan 2024 00:27:38 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sun, 21 Jan 2024 00:27:38 GMT
an-x-request-uuid
a8b27b1a-cf2a-4469-b5e4-d84e9598faa8
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzI1ODIxODM4NzA2NzE1ODUyNw%3D%3D
x-proxy-origin
217.114.218.26; 217.114.218.26; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
truncated
/ Frame E4E9
216 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a9cd73fee636506f14dfffe4b5029b88720e57de2df377adf8502cdd59636a43

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/png
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame B4B7
38 KB
13 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
358410
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 16 Jan 2024 20:54:08 GMT
expires
Wed, 15 Jan 2025 20:54:08 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
index.html
s0.2mdn.net/sadbundle/13916606041847298126/ Frame 91E4
8 KB
3 KB
Document
General
Full URL
https://s0.2mdn.net/sadbundle/13916606041847298126/index.html?ev=01_250
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
32504538284faed1bb55612e57e9b5072bd96b983bbe927308eaec0ba2d25b33
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
293247
allow-fenced-frame-automatic-beacons
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
2713
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Wed, 17 Jan 2024 15:00:11 GMT
expires
Thu, 16 Jan 2025 15:00:11 GMT
last-modified
Wed, 14 Jul 2021 16:29:25 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
ad.doubleclick.net/pcs/ Frame E4E9
0
0
Fetch
General
Full URL
https://ad.doubleclick.net/pcs/view?xai=AKAOjstCUN0dY3yTKT2AzCv2HnAYyEFGl2fpb92nzKM8PE1ePRo2Tz3Ks5DEbOVLNT3WgtjiT_4DkQBdeGmhBYg_I3ftZKK9YdaO2BBPB0E4YSvm0gEzc3cQJdm2YUxVX7p1kJa5RhO83Bds38T0hiVgL8n6pW_bHeXOKF7zXtqLj2lsJyfYAmsORI0Vj--CvIusYcMMdQrOmOJ_88AfCWzWOSmyVazNbjhhBVnHGx93sYLyvWV3V1F94dLA-thzEMiE1TaWcPvjOhQTtW96a_WK6_IZAPbfxBgVTzhPq1pkfCuz9JiRXFNF_AQH-h8Bo0X5qXk5_LUFEfzKZNF4qW1POANbUcHcs6_Ju9cyIf4NAclyUSASYzpSHkTsyALE2g7PpRTg6KLGU6MKzOaEpk2sRrMgiTZrKR-_b5VKOmzTKZzhucowZ909zzcP4JZtEY3xpGjd-YyagoWc32uE9CF46L0V5zAK2jKGekczRp1PnPmGv-5iBxZ6yjjW7F56f-WiJdrAjahP5B4x7ff2X-NruiUOt6Ek2I6I5TB3opiFeuNVY_WB2TAiYB-QiVd3vtFP9_DzDT9BY10LOZt6DhiJdOhiWaE_KUQS2PJi3CEWrRPbZthzz_vP9mc9wSJ7M0GJ8iPHqvbcF-akVZTDsEY2A6ng7JHZ-DSyPQOEUkYxKM2COPt4n3a0CG5KB8_3U00qYaKbqfrpI0a96XHEpjfdw_1VGmsWKNH0Ztm0oM51WoyZvLC5vStZcS4LbUKNPksRhhoGMqv8p96q8c1uZmw77jkAqm3wXhVm0byaXf0QTyNTE_EmjvuNO-AC1l4V5UnH0D9teUs1bEBGDnUX18reebu8t408kyKgAlFzTXea6HHUWu-WkPwAwNml0LQbjkZEkmKnfouoL7Y9Dri6KLeVaBLyGJXYmMf5cSPRLX-kFerh1hf1juX-Kq6QyB2---5J95uvUIYT_kF_qO-mc-IZe2-Kplv4GXFV2PT5-ZUmxoOshhEg-wFHgKv0Z6VyFPimVtPXl5qyRtuSr2EI0kH9FI9Qf-6bU5z5oGrKVlyhRw51AZMxeTEjtKaelCwt5jNXCT4VrTlR0_VCbP-CBhbs36pfuIspSFapvbScXocoaMcL5Rz82hbbp9zo4CrlRi_3Lsx00uZ8Nn1o92vRP82TTxHaP6YcYfZmp8dEe-S-Yv18PIm3vvd9K4AGOaizhEr0dBgVuahnrqzbNchkNm41VAuCMPrgucMHLhBj88_iP3h7pTWEj_adLYFrwzS-d4K4Cl794JYpA0XN6_O_TDaDTBamNF8sr8oG0nLuBSiZnHnzzw5zdtn5vZiAptEThl6K5wLGVY3gKnvWs5tMqWYHWuHkeaPjftuu_7WOjwZXoKSDb_3I-z85xikf4DrnO_Mrl31JudpZf6owqUGGhCtDwGyDWnhEhkAmu2SEa3vJ9SjTNY30pm8BZ6Fqsu_1T2y3RBlqTFINGnt31_AJaJ3lL0A7VWdgczuWkcH-g9d-0ubz8KDhTQ&sai=AMfl-YSVxYJHlJVwlvOGiKq5-LUV3LZkzqDHgD3shbHkwdvt3h3yQ5rMPpNi5afhfbEAYylg_kDNjsFI4xnMuIlSleNCxe8kmY5TjYbqt-7vXbYL5YPheyi0k9DwJX82nvrueJPtVH9DQnVWWFxCBWzosSew70H0qksEL53R_9kCAGevCuI1iKRY5Tp_h7PdXP_VkPXcvOEUm8R_5d_xlGI6R_aNqyL_InnPaUZ9_D2cfi8bO-f2r4xQKZUDcXoBp6Wz_VtFyRHSdeRKVBSS9ls1xxxHXmtOz9_CueDn8U0riZxnQLVjFanGHr5apoDiymd-T7Vo36--YcqpoGsOKqH6Uv1xVQqACg&sig=Cg0ArKJSzJvea7MyLHWdEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9rbG0uZGU&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=138&cbvp=1&cstd=135&cisv=r20240118.98903&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.206.38 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-aa-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Sun, 21 Jan 2024 00:27:38 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
content-type
image/gif
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js
pagead2.googlesyndication.com/bg/ Frame B4B7
39 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 20 Jan 2024 16:36:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
28267
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15219
x-xss-protection
0
last-modified
Mon, 15 Jan 2024 09:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 19 Jan 2025 16:36:31 GMT
banner_300x250.min.css
client.bannerspace.net/111329/ Frame 91E4
5 KB
2 KB
Stylesheet
General
Full URL
https://client.bannerspace.net/111329/banner_300x250.min.css
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13916606041847298126/index.html?ev=01_250
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a289 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
a7fcfbc2cffe7086bab174053531cf4841c2ab543f9f19a78fcb12fdd425cf09
Security Headers
Name Value
Strict-Transport-Security max-age=31622400
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31622400
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 21 Jan 2024 00:27:38 GMT
last-modified
Mon, 20 Nov 2023 14:05:03 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
no-transform, max-age=1800
accept-ranges
bytes
content-length
1405
expires
Sun, 21 Jan 2024 00:57:38 GMT
royal_dutch_airlines.svg
client.bannerspace.net/111329/ Frame 91E4
6 KB
2 KB
Image
General
Full URL
https://client.bannerspace.net/111329/royal_dutch_airlines.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13916606041847298126/index.html?ev=01_250
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a289 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
09c17debd5eada55da5b146aa4ed88e227ed981ae9e8e05da411489002268a74
Security Headers
Name Value
Strict-Transport-Security max-age=31622400
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31622400
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 21 Jan 2024 00:27:38 GMT
last-modified
Mon, 20 Nov 2023 14:05:03 GMT
server
Apache
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
no-transform, max-age=1800
accept-ranges
bytes
content-length
1846
expires
Sun, 21 Jan 2024 00:57:38 GMT
winglogo.svg
client.bannerspace.net/111329/ Frame 91E4
5 KB
5 KB
Image
General
Full URL
https://client.bannerspace.net/111329/winglogo.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13916606041847298126/index.html?ev=01_250
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a289 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
fb43d06b4066924809b6d9054f4d4fd646298e057dbe0a0ec6286700ac09cd48
Security Headers
Name Value
Strict-Transport-Security max-age=31622400
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31622400
date
Sun, 21 Jan 2024 00:27:38 GMT
x-content-type-options
nosniff
last-modified
Mon, 20 Nov 2023 14:05:03 GMT
server
Apache
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
no-transform, max-age=1800
accept-ranges
bytes
content-length
5418
expires
Sun, 21 Jan 2024 00:57:38 GMT
TimelineLite.min.js
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/ Frame 91E4
12 KB
4 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/TimelineLite.min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13916606041847298126/index.html?ev=01_250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
74e018b7e6c3b5cc0e0cc790f256033b97b3783c5853529bc6101b6a7ed23159
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:38 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
3212060
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
3706
last-modified
Mon, 04 May 2020 16:10:25 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e71-3026"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ttNbQpkD4pG72Ia5UjSCdpX6ZNNhWq7cDzPxX1ixIwjQ7MMoEZz2V8TsKXnn%2B2Whr8AcTEtYixhpJBAUNlNxRPNdSuMQGIUAySO8LckBdkAu1riFh7hTBwfk1%2F8sD1J94CFXJbJCyhqsL9PECZ%2F1Ffqe"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
848b6ebe3bd11c22-FRA
expires
Fri, 10 Jan 2025 00:27:38 GMT
TweenLite.min.js
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/ Frame 91E4
26 KB
9 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/TweenLite.min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13916606041847298126/index.html?ev=01_250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:38 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
4652778
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
8578
last-modified
Mon, 04 May 2020 16:10:25 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e71-697f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rwu3sn%2FNB9JW9CWDZQfJ0LSrqOZj%2BM8YM%2FHb3WNeHBHkt9Gqxv1rAHUE85AFMmSouTxq2gg5j5yafMeE39gB8U4MPNnP%2Fsqd%2FMOvDfeYR%2F9Sj9wihBEMXlEQ0%2FzyvP4ORGJpaVkBqdOUa9gfvRMrXUuV"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
848b6ebe3bd21c22-FRA
expires
Fri, 10 Jan 2025 00:27:38 GMT
CSSPlugin.min.js
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/ Frame 91E4
38 KB
14 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/CSSPlugin.min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13916606041847298126/index.html?ev=01_250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:38 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1048579
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
13669
last-modified
Mon, 04 May 2020 16:10:25 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e71-9833"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JT8h5rWrArm0Qt5W7MFX4cMy1bslm40nh97QmV%2FsvjaJxu4UIPRSTrOFMEfQqGlBS0e87ZMwZjfrtphD6zbzOTBBcqfEh69RUJ8hqn91lo3%2BZR9xUQCiF%2FJoqWGrj08nucWc91kQTn1jHDYV104qxtk7"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
848b6ebe3bd31c22-FRA
expires
Fri, 10 Jan 2025 00:27:38 GMT
EasePack.min.js
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/ Frame 91E4
5 KB
2 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/EasePack.min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13916606041847298126/index.html?ev=01_250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37bc930c63149650677d732eea9526432bd8494c55737f45c98e7f8ad7c1e7ff
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:38 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
4390090
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1730
last-modified
Mon, 04 May 2020 16:10:25 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e71-146f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fkuyDHMwodHSav407Vre5DstaQb2LFr6ltV%2BosRXTOkN%2FhIqdObS9x78rTpJepOFHFZzbyikWFBJq475%2FhmyG%2BcF%2FO0UdEgbpwI8lfqwzQnOM0N3zMret8zylieYvNkrQd9mh76DT6d3x4ehFz4ZfW9m"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
848b6ebe3bd41c22-FRA
expires
Fri, 10 Jan 2025 00:27:38 GMT
1692257026821.gif
cdn13.ad4989.co.kr/04_f0/0P_g5/
215 KB
215 KB
Image
General
Full URL
https://cdn13.ad4989.co.kr/04_f0/0P_g5/1692257026821.gif
Requested by
Host: ad.abchub.site
URL: https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
211.226.25.220 Yongin-si, Korea, Republic Of, ASN4766 (KIXS-AS-KR Korea Telecom, KR),
Reverse DNS
Software
nginx /
Resource Hash
aeda4c5866c0c95932f86654f75821a346d15c18c9da5e4bf93d6f463aff062d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Expires
Tue, 20 Feb 2024 00:27:40 GMT
Date
Sun, 21 Jan 2024 00:27:40 GMT
Last-Modified
Mon, 01 Jan 2024 23:02:43 GMT
Server
nginx
ETag
"65934493-35b23"
Content-Type
image/gif
Cache-Control
max-age=2592000, public
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
219939
X-Proxy-Cache
HIT
img_19.png
www.todawa57.asia/images/
1 KB
2 KB
Image
General
Full URL
https://www.todawa57.asia/images/img_19.png
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:d43a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ed0e54d3733153667e0c73b418b4a4219087f69af048f715e8c0d360112b0571

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/home.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:38 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
282882
alt-svc
h3=":443"; ma=86400
content-length
1535
last-modified
Wed, 08 Jun 2022 13:48:46 GMT
server
cloudflare
etag
"62a0a8be-5ff"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ltbOZmDZc%2B%2B4C4rh7QWCL1gMF20b8dXw7dIdenItSn0jIdyIGXuLkdjU9EygODtCsEiKH2m0Gcs4q8z%2FfbpzahBFKZBplGJuXeCYIOiv7o4qN8%2BFdJdZbYmjcI6w84wGpokbjLnDV6fV%2BY2BOGYGEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
848b6ebcec25667f-AMS
expires
Fri, 16 Feb 2024 17:52:56 GMT
icon_new.gif
www.todawa57.asia/images/
511 B
1006 B
Image
General
Full URL
https://www.todawa57.asia/images/icon_new.gif
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:d43a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8a57e51ca4ccf80a78e91a18e4a45c93f6f266a7d9d8ff54c93d2f7bd33ccd5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/home.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:38 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
282882
alt-svc
h3=":443"; ma=86400
content-length
511
last-modified
Thu, 19 Sep 2019 13:42:13 GMT
server
cloudflare
etag
"5d8385b5-1ff"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hXZ6qMd7lkE%2BOhu0vNHqYihktYqE75OAfFtDfCLKmpm%2BV6LxPg%2FpJ7JH%2BLS6%2B3pkXayHfmsjruyYHafACVf0skhyLw%2BT14qgzjO6iLzHKwHI6VEg9sQBaoKjRLXWRL%2BvELufw7YmiARHBd5i2%2BmlgA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
848b6ebcec26667f-AMS
expires
Fri, 16 Feb 2024 17:52:56 GMT
icon_nonew.gif
www.todawa57.asia/images/
1 KB
2 KB
Image
General
Full URL
https://www.todawa57.asia/images/icon_nonew.gif
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:d43a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1bdc4c80ed0efafe91180d84a9516d1b468a47ec7bf03db4230e527e014cdd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/home.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:38 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
282881
alt-svc
h3=":443"; ma=86400
content-length
1245
last-modified
Sat, 12 Oct 2019 14:47:22 GMT
server
cloudflare
etag
"5da1e77a-4dd"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PSxZm7YgUKJ%2FhBIi%2BGZ7GTo%2BTFkIkJSspX9ClzLMs5vDezqNk8jSa4N3gHTWJgtaJ5m0CZv1adhT1O8dd2o%2FNLgB%2BpMPSF50TqwK4ULidbv0sQ3yGYIoVbPp5j0ECm5NHJ6C%2BplOZrkS5tJIfZF7HQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
848b6ebcec27667f-AMS
expires
Fri, 16 Feb 2024 17:52:57 GMT
main_bg.gif
www.todawa57.asia/images/common/
1 KB
2 KB
Image
General
Full URL
https://www.todawa57.asia/images/common/main_bg.gif
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/css/common.css?v5
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:d43a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5e5ce83a1abacd834f7e44a3be40475fdbb8034a7a1f1da33ab6ad985d0b94a2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/css/common.css?v5
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:38 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
282876
alt-svc
h3=":443"; ma=86400
content-length
1215
last-modified
Wed, 18 Sep 2019 07:12:58 GMT
server
cloudflare
etag
"5d81d8fa-4bf"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PvZWXhgHVAeNvusmDHtIj2O%2FzQ%2FIiH2wW75GWeDQDSF6PsnPyrUKn9FJN8Z%2F0pWMolOHjNXfXjawLe%2FaUY%2FvQD%2FT0ygcvdlZSHq9UQV8b3vxykb0sphhMKE9Zqv5QNg9B9H7IOk81%2BZK14bhInjz9g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
848b6ebcec2d667f-AMS
expires
Fri, 16 Feb 2024 17:53:02 GMT
more.gif
www.todawa57.asia/images/main/
1 KB
2 KB
Image
General
Full URL
https://www.todawa57.asia/images/main/more.gif
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/css/main.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:d43a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7985a42dd917c9daf4cd2288e298caab5320df9927ee0ccdf43fed99f2cacf2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/css/main.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:38 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
282876
alt-svc
h3=":443"; ma=86400
content-length
1192
last-modified
Wed, 18 Sep 2019 05:26:59 GMT
server
cloudflare
etag
"5d81c023-4a8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mGeESy120%2Bisf3YWzOpwKJPkfF%2FjuB7Kom1JaLBfjIJ0IDpAAjFLBZcsE%2FCI%2BNUKvWzdgfUkZDv0ssIRMWhghcbIGWjpYu1VEk1j%2Fyo0TJaidUaK5rxcmLrIV9SCnBdvijCEfGrmC1B8Zm8Dzvhcew%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
848b6ebcec2e667f-AMS
expires
Fri, 16 Feb 2024 17:53:02 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B4B7
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B8fxB-WSsZbjIJb-M7_UPwuG-gAMAAAAAOAHgBAI&bg=!BwSlBEvNAAa8BdJLnAU7ADQBe5WfOAOBM90flb-CVE1eZyIC2Eg8Wi4wXj2sCLHZAloWWNf8bv5Ou0nf2aldI7mBI8ptAgAAALJSAAAAAmgBBwoAMHz3CWNMx_dIBoNy-BzJLYDAeEaQXIUGEmuW6Qhq2vXLc8rDggBnU27JO71H0TqZ85kDGdBxRPPhLbMM9BgZrW6FI73SuFLzIJRMR7Zp8TUtpgR_1Mop4weYqyq9kMtjsKWKKOBo0Ac7xZAFoPTxByKoIK57rQPYXZ0TeU3yHDZxq0TPrpui7tJ0FiVDejvASHeNQKzscAVtxdmYobSoXYPOdojhLwG7Ky8TZmZf7R_uAEnk3KCzvfwNRZe7nZrUDM22SF1HknRV0NgQUUbJghfRDFIuwYTr8oaGu26YYCOxZzIfFIneAGGlcIYP8ApV1dcaSglwWfy6peou0CQ-QVsJwnWXcGYprSHvzQABTMg16LJoYsX2fwuOGroHyn17D0-DrHwptURTqi6Icpdn_KOWVfRQNBn99b0BLW6WCGwRNZn7BYxglbHI8XSIWzOSRJK8j-tXzGLPTCxAxaixwoHk8cs1q-h98qp3HoQ-gGZhflXLlf-rlxJgsElBq4c2jbZMPqSK1kWHwcFXN1EyFUr3xKY5DUWNbkymEVO_fE3AigOn7KreTjDB9dk3H2bhkxnNTP_NdoP888MikzFH2X7pW0CZy6_hXIQJ23aX9tUm-TjRxB8jX6zYsow7jSA830isczO-f3k0diYjHXZQEE-pRgoqQdfE_jjShwymaMaVLzco0xrYRFOqldAgaCRiV5WNLjXWxvF50mn8mQfck7Q0qCVAvYudu5hu_bx4NnzHjwdKo6deNsz_ppMGJxXlaYHV5YvuZDifFOoX20w5haimuciSvjxwqQVrt075fBBf_y6iIkLL_7XPM2-PPre1nE3Ql1RTEJkXFrVbDWXf0AxBuVvrsvr9TYljtwyfzkSDQTpI77w3mB7pHyk2GhPPprkRXGrElrscaKvI-5qyiKMBDQjzyo1fH-a1D-QbZJl6-IKUvS9a_RcHo72Li3F7W0Wj7jSVyasa6QVUH_tb_RqM7QBvZmOEfLjwGLjxWhMpVpBTWwSEzyCVPNahS5Qfc51N_3Vj52biU5ediMVa-yRwCFAKNRF0e8oMMI1kfcaTDzkp_9FtOMt35Mw-4duH1ZwEXIvmIpF9j00SfCpRuOz4sJpIJPC0-y7zbio
Requested by
Host: e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com
URL: https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 21 Jan 2024 00:27:38 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ctaarrow.svg
client.bannerspace.net/111329/ Frame 91E4
274 B
426 B
Image
General
Full URL
https://client.bannerspace.net/111329/ctaarrow.svg
Requested by
Host: client.bannerspace.net
URL: https://client.bannerspace.net/111329/banner_300x250.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a289 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
99163961fd831f483e9837c9ce73d878cdbff470c6cc606cd919cd86c683a8ef
Security Headers
Name Value
Strict-Transport-Security max-age=31622400
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://client.bannerspace.net/111329/banner_300x250.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31622400
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 21 Jan 2024 00:27:38 GMT
last-modified
Mon, 20 Nov 2023 14:05:03 GMT
server
Apache
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
no-transform, max-age=1800
accept-ranges
bytes
content-length
210
expires
Sun, 21 Jan 2024 00:57:38 GMT
NoaLTStd-Regular.woff
client.bannerspace.net/111329/ Frame 91E4
23 KB
23 KB
Font
General
Full URL
https://client.bannerspace.net/111329/NoaLTStd-Regular.woff
Requested by
Host: client.bannerspace.net
URL: https://client.bannerspace.net/111329/banner_300x250.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a289 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
c36d7baf0ca32ebdb9f04499a2e27b7110d0c486397412b53b98c1f0dc1d10fe
Security Headers
Name Value
Strict-Transport-Security max-age=31622400
X-Content-Type-Options nosniff

Request headers

Referer
https://client.bannerspace.net/111329/banner_300x250.min.css
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31622400
date
Sun, 21 Jan 2024 00:27:38 GMT
x-content-type-options
nosniff
last-modified
Mon, 20 Nov 2023 14:05:03 GMT
server
Apache
content-type
font/woff
access-control-allow-origin
*
cache-control
no-transform, max-age=1800
accept-ranges
bytes
content-length
23664
expires
Sun, 21 Jan 2024 00:57:38 GMT
feed.xml
client.bannerspace.net/112828/ Frame 91E4
2 KB
756 B
XHR
General
Full URL
https://client.bannerspace.net/112828/feed.xml?preventCache=0.03375559741769174
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13916606041847298126/index.html?ev=01_250
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a289 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
3faa4a59a2d99b0812c469448eafedfcc1f6bd2d48014f1218d15fa1d9fc824b
Security Headers
Name Value
Strict-Transport-Security max-age=31622400
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31622400
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 21 Jan 2024 00:27:38 GMT
last-modified
Sat, 20 Jan 2024 20:05:08 GMT
server
Apache
vary
Accept-Encoding
content-type
application/xml
access-control-allow-origin
*
cache-control
no-transform, max-age=300
accept-ranges
bytes
content-length
540
expires
Sun, 21 Jan 2024 00:32:38 GMT
view
ad.doubleclick.net/pcs/ Frame E4E9
0
0
Fetch
General
Full URL
https://ad.doubleclick.net/pcs/view?xai=AKAOjstCUN0dY3yTKT2AzCv2HnAYyEFGl2fpb92nzKM8PE1ePRo2Tz3Ks5DEbOVLNT3WgtjiT_4DkQBdeGmhBYg_I3ftZKK9YdaO2BBPB0E4YSvm0gEzc3cQJdm2YUxVX7p1kJa5RhO83Bds38T0hiVgL8n6pW_bHeXOKF7zXtqLj2lsJyfYAmsORI0Vj--CvIusYcMMdQrOmOJ_88AfCWzWOSmyVazNbjhhBVnHGx93sYLyvWV3V1F94dLA-thzEMiE1TaWcPvjOhQTtW96a_WK6_IZAPbfxBgVTzhPq1pkfCuz9JiRXFNF_AQH-h8Bo0X5qXk5_LUFEfzKZNF4qW1POANbUcHcs6_Ju9cyIf4NAclyUSASYzpSHkTsyALE2g7PpRTg6KLGU6MKzOaEpk2sRrMgiTZrKR-_b5VKOmzTKZzhucowZ909zzcP4JZtEY3xpGjd-YyagoWc32uE9CF46L0V5zAK2jKGekczRp1PnPmGv-5iBxZ6yjjW7F56f-WiJdrAjahP5B4x7ff2X-NruiUOt6Ek2I6I5TB3opiFeuNVY_WB2TAiYB-QiVd3vtFP9_DzDT9BY10LOZt6DhiJdOhiWaE_KUQS2PJi3CEWrRPbZthzz_vP9mc9wSJ7M0GJ8iPHqvbcF-akVZTDsEY2A6ng7JHZ-DSyPQOEUkYxKM2COPt4n3a0CG5KB8_3U00qYaKbqfrpI0a96XHEpjfdw_1VGmsWKNH0Ztm0oM51WoyZvLC5vStZcS4LbUKNPksRhhoGMqv8p96q8c1uZmw77jkAqm3wXhVm0byaXf0QTyNTE_EmjvuNO-AC1l4V5UnH0D9teUs1bEBGDnUX18reebu8t408kyKgAlFzTXea6HHUWu-WkPwAwNml0LQbjkZEkmKnfouoL7Y9Dri6KLeVaBLyGJXYmMf5cSPRLX-kFerh1hf1juX-Kq6QyB2---5J95uvUIYT_kF_qO-mc-IZe2-Kplv4GXFV2PT5-ZUmxoOshhEg-wFHgKv0Z6VyFPimVtPXl5qyRtuSr2EI0kH9FI9Qf-6bU5z5oGrKVlyhRw51AZMxeTEjtKaelCwt5jNXCT4VrTlR0_VCbP-CBhbs36pfuIspSFapvbScXocoaMcL5Rz82hbbp9zo4CrlRi_3Lsx00uZ8Nn1o92vRP82TTxHaP6YcYfZmp8dEe-S-Yv18PIm3vvd9K4AGOaizhEr0dBgVuahnrqzbNchkNm41VAuCMPrgucMHLhBj88_iP3h7pTWEj_adLYFrwzS-d4K4Cl794JYpA0XN6_O_TDaDTBamNF8sr8oG0nLuBSiZnHnzzw5zdtn5vZiAptEThl6K5wLGVY3gKnvWs5tMqWYHWuHkeaPjftuu_7WOjwZXoKSDb_3I-z85xikf4DrnO_Mrl31JudpZf6owqUGGhCtDwGyDWnhEhkAmu2SEa3vJ9SjTNY30pm8BZ6Fqsu_1T2y3RBlqTFINGnt31_AJaJ3lL0A7VWdgczuWkcH-g9d-0ubz8KDhTQ&sai=AMfl-YSVxYJHlJVwlvOGiKq5-LUV3LZkzqDHgD3shbHkwdvt3h3yQ5rMPpNi5afhfbEAYylg_kDNjsFI4xnMuIlSleNCxe8kmY5TjYbqt-7vXbYL5YPheyi0k9DwJX82nvrueJPtVH9DQnVWWFxCBWzosSew70H0qksEL53R_9kCAGevCuI1iKRY5Tp_h7PdXP_VkPXcvOEUm8R_5d_xlGI6R_aNqyL_InnPaUZ9_D2cfi8bO-f2r4xQKZUDcXoBp6Wz_VtFyRHSdeRKVBSS9ls1xxxHXmtOz9_CueDn8U0riZxnQLVjFanGHr5apoDiymd-T7Vo36--YcqpoGsOKqH6Uv1xVQqACg&sig=Cg0ArKJSzJvea7MyLHWdEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9rbG0uZGU&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=638&vt=11&dtpt=500&dett=3&cstd=135&cisv=r20240118.98903&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.206.38 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lcfraa-aa-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:38 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
engine.min.js
client.bannerspace.net/111329/ Frame 91E4
11 KB
3 KB
Script
General
Full URL
https://client.bannerspace.net/111329/engine.min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13916606041847298126/index.html?ev=01_250
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a289 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
5efd5c070968ae7f3020be206ac993036ee7cbc6fab47e799ad4d9e9a86155f9
Security Headers
Name Value
Strict-Transport-Security max-age=31622400
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31622400
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 21 Jan 2024 00:27:38 GMT
last-modified
Mon, 20 Nov 2023 14:05:03 GMT
server
Apache
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-transform, max-age=1800
accept-ranges
bytes
content-length
2988
expires
Sun, 21 Jan 2024 00:57:38 GMT
WebLog.dll
engine.tend-table.com/cgi-bin/ Frame 2908
566 B
669 B
Document
General
Full URL
https://engine.tend-table.com/cgi-bin/WebLog.dll?servicename=CONF&keyword=&ref=aHR0cHM6Ly93d3cudG9kYXdhNTcuYXNpYS9ob21lLnBocA==&inflow=&adurl=//ad.abchub.site&lang=utf-8&tm=1705796858777
Requested by
Host: js.ad4989.co.kr
URL: https://js.ad4989.co.kr/common/js/tend.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
211.226.25.200 Yongin-si, Korea, Republic Of, ASN4766 (KIXS-AS-KR Korea Telecom, KR),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
3a4f41e3768d7420cd17ccd325823b9de898158ebe80648ff5af97ed39ea3547

Request headers

Referer
https://www.todawa57.asia/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
close
Date
Sun, 21 Jan 2024 00:27:39 GMT
Server
Microsoft-IIS/10.0
royal_dutch_airlines.svg
client.bannerspace.net/111329/ Frame 91E4
6 KB
2 KB
Image
General
Full URL
https://client.bannerspace.net/111329/royal_dutch_airlines.svg
Requested by
Host: client.bannerspace.net
URL: https://client.bannerspace.net/111329/engine.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a289 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
09c17debd5eada55da5b146aa4ed88e227ed981ae9e8e05da411489002268a74
Security Headers
Name Value
Strict-Transport-Security max-age=31622400
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31622400
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 21 Jan 2024 00:27:38 GMT
last-modified
Mon, 20 Nov 2023 14:05:03 GMT
server
Apache
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
no-transform, max-age=1800
accept-ranges
bytes
content-length
1846
expires
Sun, 21 Jan 2024 00:57:38 GMT
winglogo.svg
client.bannerspace.net/111329/ Frame 91E4
5 KB
5 KB
Image
General
Full URL
https://client.bannerspace.net/111329/winglogo.svg
Requested by
Host: client.bannerspace.net
URL: https://client.bannerspace.net/111329/engine.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a289 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
fb43d06b4066924809b6d9054f4d4fd646298e057dbe0a0ec6286700ac09cd48
Security Headers
Name Value
Strict-Transport-Security max-age=31622400
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31622400
date
Sun, 21 Jan 2024 00:27:38 GMT
x-content-type-options
nosniff
last-modified
Mon, 20 Nov 2023 14:05:03 GMT
server
Apache
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
no-transform, max-age=1800
accept-ranges
bytes
content-length
5418
expires
Sun, 21 Jan 2024 00:57:38 GMT
NoaLTStd-Light.woff
client.bannerspace.net/111329/ Frame 91E4
23 KB
24 KB
Font
General
Full URL
https://client.bannerspace.net/111329/NoaLTStd-Light.woff
Requested by
Host: client.bannerspace.net
URL: https://client.bannerspace.net/111329/banner_300x250.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a289 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
7f7d0faa4fd64ad50d60bf04c073f660a012ee6bc551a2cda239ec5048218ea8
Security Headers
Name Value
Strict-Transport-Security max-age=31622400
X-Content-Type-Options nosniff

Request headers

Referer
https://client.bannerspace.net/111329/banner_300x250.min.css
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31622400
date
Sun, 21 Jan 2024 00:27:38 GMT
x-content-type-options
nosniff
last-modified
Mon, 20 Nov 2023 14:05:03 GMT
server
Apache
content-type
font/woff
access-control-allow-origin
*
cache-control
no-transform, max-age=1800
accept-ranges
bytes
content-length
23972
expires
Sun, 21 Jan 2024 00:57:38 GMT
300x250_1x1_transparent.png
client.bannerspace.net/111329/ Frame 91E4
120 B
312 B
Image
General
Full URL
https://client.bannerspace.net/111329/300x250_1x1_transparent.png
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a289 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
42b601bc0d93dfca6e350b46d113bf8e7ff9e40a87a0c57ab9b3c9c219062423
Security Headers
Name Value
Strict-Transport-Security max-age=31622400
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31622400
date
Sun, 21 Jan 2024 00:27:38 GMT
x-content-type-options
nosniff
last-modified
Mon, 20 Nov 2023 14:05:28 GMT
server
Apache
content-type
image/png
access-control-allow-origin
*
cache-control
no-transform, max-age=1800
accept-ranges
bytes
content-length
120
expires
Sun, 21 Jan 2024 00:57:38 GMT
300x250_std_Sunrise.jpg
client.bannerspace.net/111329/ Frame 91E4
66 KB
66 KB
Image
General
Full URL
https://client.bannerspace.net/111329/300x250_std_Sunrise.jpg
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a289 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
22a49dddda6518b4242a73ff7ea33b83c543aaea3f7901897f1a5a59b2011efe
Security Headers
Name Value
Strict-Transport-Security max-age=31622400
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31622400
date
Sun, 21 Jan 2024 00:27:38 GMT
x-content-type-options
nosniff
last-modified
Mon, 20 Nov 2023 14:05:27 GMT
server
Apache
content-type
image/jpeg
access-control-allow-origin
*
cache-control
no-transform, max-age=1800
accept-ranges
bytes
content-length
67710
expires
Sun, 21 Jan 2024 00:57:38 GMT
300x250_std_SFO.jpg
client.bannerspace.net/111329/ Frame 91E4
23 KB
23 KB
Image
General
Full URL
https://client.bannerspace.net/111329/300x250_std_SFO.jpg
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a289 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
dfc5e8d2d73be372398354967a23c6c1186953d08ce25ed41725c7c8f588419c
Security Headers
Name Value
Strict-Transport-Security max-age=31622400
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31622400
date
Sun, 21 Jan 2024 00:27:38 GMT
x-content-type-options
nosniff
last-modified
Mon, 20 Nov 2023 14:05:08 GMT
server
Apache
content-type
image/jpeg
access-control-allow-origin
*
cache-control
no-transform, max-age=1800
accept-ranges
bytes
content-length
23527
expires
Sun, 21 Jan 2024 00:57:38 GMT
300x250_std_LIM.jpg
client.bannerspace.net/111329/ Frame 91E4
20 KB
20 KB
Image
General
Full URL
https://client.bannerspace.net/111329/300x250_std_LIM.jpg
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a289 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
2c0552f5f695bac6b38705b48dbe470311f45dce3a3a485efe95ddb51bed3757
Security Headers
Name Value
Strict-Transport-Security max-age=31622400
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31622400
date
Sun, 21 Jan 2024 00:27:38 GMT
x-content-type-options
nosniff
last-modified
Mon, 20 Nov 2023 14:05:08 GMT
server
Apache
content-type
image/jpeg
access-control-allow-origin
*
cache-control
no-transform, max-age=1800
accept-ranges
bytes
content-length
20534
expires
Sun, 21 Jan 2024 00:57:38 GMT
300x250_std_CPT.jpg
client.bannerspace.net/111329/ Frame 91E4
17 KB
17 KB
Image
General
Full URL
https://client.bannerspace.net/111329/300x250_std_CPT.jpg
Requested by
Host: www.todawa57.asia
URL: https://www.todawa57.asia/home.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a289 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
794ea72e945bea99a7e936be803fc7363777bc22eb855c44a46edbc573b611e5
Security Headers
Name Value
Strict-Transport-Security max-age=31622400
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31622400
date
Sun, 21 Jan 2024 00:27:38 GMT
x-content-type-options
nosniff
last-modified
Mon, 20 Nov 2023 14:05:08 GMT
server
Apache
content-type
image/jpeg
access-control-allow-origin
*
cache-control
no-transform, max-age=1800
accept-ranges
bytes
content-length
17472
expires
Sun, 21 Jan 2024 00:57:38 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame E4E9
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu-0aCYXAB7QMHMzuvLtmEmdAA3AyQ1DrmpoGd2ccTu0ouc6kO7HCi8Vir-8di7hoAkCVHE7pCU6vlariokcuanUSAmm7z268S_7Hq-1nFMWSNXeu0vOC0OuVBdeE3UzHmiB0N1JSY3DczjyceQkBW71eBT&sai=AMfl-YTQESQe72OFXXDAKu1nZAPD3Rev8pYhIkmda_ucKbvzpegUP2Kyrkj2JmiWvUAMBIcmX4qQ-WZ6I8T7cF8yF6ndmUg5kotTYaoKLeWg&sig=Cg0ArKJSzBMwXwbLokkFEAE&cid=CAQSLQAvHhf_9H3LxNXMKxohvUCMhrTr8ok9v25H1PWMT3AYNrCr_mLylQ8Hk-Q1ABgB&id=lidar2&mcvt=1018&p=926,1268,1176,1568&mtos=1018,1018,1018,1018,1018&tos=1018,0,0,0,0&v=20240117&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3759869028&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1705796857966&rpt=369&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 21 Jan 2024 00:27:39 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tend_child.js
js.ad4989.co.kr/common/js/ Frame 2908
14 KB
4 KB
Script
General
Full URL
https://js.ad4989.co.kr/common/js/tend_child.js
Requested by
Host: engine.tend-table.com
URL: https://engine.tend-table.com/cgi-bin/WebLog.dll?servicename=CONF&keyword=&ref=aHR0cHM6Ly93d3cudG9kYXdhNTcuYXNpYS9ob21lLnBocA==&inflow=&adurl=//ad.abchub.site&lang=utf-8&tm=1705796858777
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
112.214.46.111 Guro-gu, Korea, Republic Of, ASN10036 (CNM-AS-KR DLIVE, KR),
Reverse DNS
Software
/
Resource Hash
825bb65c3cf6d63f4db6c3c26793dd0cc7e2c846b5732bffd8eaea2f0612ac87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://engine.tend-table.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:39 GMT
content-encoding
gzip
last-modified
Mon, 24 Feb 2020 10:01:26 GMT
accept-ranges
bytes
etag
"5e539ef6:1164"
content-length
4452
content-type
application/javascript
WebLog.dll
engine.tend-table.com/cgi-bin/ Frame 2908
79 B
391 B
Script
General
Full URL
https://engine.tend-table.com/cgi-bin/WebLog.dll?servicename=REF&ref=aHR0cHM6Ly93d3cudG9kYXdhNTcuYXNpYS9ob21lLnBocA==&inflow=&query=&lang=utf-8&cookieval=&tm=1705796859993&jquerycallback=foinCookie.setReferrer_local
Requested by
Host: js.ad4989.co.kr
URL: https://js.ad4989.co.kr/common/js/tend_child.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
211.226.25.200 Yongin-si, Korea, Republic Of, ASN4766 (KIXS-AS-KR Korea Telecom, KR),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
64a0c38e91767fafc305dc34e65c52834e5d4772cd3a4c17a7662b0981055ff7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://engine.tend-table.com/cgi-bin/WebLog.dll?servicename=CONF&keyword=&ref=aHR0cHM6Ly93d3cudG9kYXdhNTcuYXNpYS9ob21lLnBocA==&inflow=&adurl=//ad.abchub.site&lang=utf-8&tm=1705796858777
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

P3P
CP='CAO PSA CONi OTR OUR DEM ONL'
Pragma
no-cache
Date
Sun, 21 Jan 2024 00:27:40 GMT
Cache-Control
no-cache
Server
Microsoft-IIS/10.0
Connection
close
Content-type
text/html
pelicanc.dll
ad.abchub.site/cgi-bin/ Frame 196E
0
372 B
Document
General
Full URL
https://ad.abchub.site/cgi-bin/pelicanc.dll?adservicename=VLD&name=FOIN_CATEGORY&method=set&data=&encode_yn=N&copy_yn=Y&tm=1705796860347
Requested by
Host: js.ad4989.co.kr
URL: https://js.ad4989.co.kr/common/js/tend_child.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
211.226.25.200 Yongin-si, Korea, Republic Of, ASN4766 (KIXS-AS-KR Korea Telecom, KR),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://engine.tend-table.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Content-type
text/html
Date
Sun, 21 Jan 2024 00:27:41 GMT
P3P
CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
Pragma
no-cache
Server
Microsoft-IIS/10.0
sodar
pagead2.googlesyndication.com/getconfig/
16 KB
12 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202401180101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js?cb=31080550
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f38c322a30b8cf00d59ed5c48c4cca65cd1b0a5f689d36ecebf9dd88d5290657
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:41 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12184
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js?cb=31080550
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sun, 21 Jan 2024 00:27:41 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 29B3
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.todawa57.asia/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
28182
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 20 Jan 2024 16:37:59 GMT
expires
Sun, 19 Jan 2025 16:37:59 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame D240
829 B
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
9d9422db01805bc009b525507c0d7227a6fef403e87d140bba783f9d6c73dda6
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-ZM4qjKV3QGV3fnGpwG47BQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.todawa57.asia/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-ZM4qjKV3QGV3fnGpwG47BQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sun, 21 Jan 2024 00:27:41 GMT
expires
Sun, 21 Jan 2024 00:27:41 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js
pagead2.googlesyndication.com/bg/ Frame 29B3
39 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 20 Jan 2024 16:36:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
28270
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15219
x-xss-protection
0
last-modified
Mon, 15 Jan 2024 09:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 19 Jan 2025 16:36:31 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame D240
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202401180101&jk=3947162631675289&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

generate_204
tpc.googlesyndication.com/ Frame 29B3
0
10 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?Cij5xQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 00:27:41 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sodar
pagead2.googlesyndication.com/pagead/
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202401180101&jk=3947162631675289&bg=!zs2lzYLNAAa8BdJLnAU7ADQBe5WfOCZx3BniLXf0X3sR55Zt--3U4pDgdKkCZtVXDDzNd4t_S8O5mYghyJFwo1hIMn06AgAAAEhSAAAAA2gBB5kCwjUtbcPRvXmhFl0ytTtOBArYMdxUrhpCg9cCszHvIpLK5s0oBtxlOvad98t4GVeuyoHnh9fU-ZZGhFAGRamRab39JAmSRffBuFXBSy9rAwt_SUZsWqvACIpkVxGul1czs7zShY0D9ck3I3FWD6TNJdapglwhLot4x-nAaLVgMGCoNPDIxTxJ-UZ5GtS0gxJAZpc8igW4b48ykTo3jqrRCFjxL0odUzEuagEPniA3dT1O4By6XRdVNvUb7ZBX8REKBMUyWoLbmpxAi-ZDru1S45poqHYdX_KcaAgZd2KgG6KQ1REpnbgjOBIr1TRA-H_6b_Cy5CtkiQ0A_B4w3Ky4d3YQeHGX7v7ELwyPvOTwWysDLKKdaRHhFNqPyygJv9_c6taM1X0MyxLKEqOo8L4ZwdNW_x8_9PLgSfgjWfkLvjv6_M2B0i7Q0DW8S-enWEbZi2R6y0yIi5HTr9HauIynKbctskosTvrMyXEj-uJKFfxw9fsBRSwOutIQN1jt_FlaMu28maVtUPpAE2m2822z88wH0lO51HrZcCtkbu5cWCH1YdCaYimNl8JfgHa9vG2NbAYe5iYEeYPxGfzk_dzwsUOrfYH9yZqRtniuPEbNyXWhkeLaPhf7st5wwyTZq45h-HATBn4oWQHc2L3mQOZd7gXn2UXPjPmmxqdON--zqK46UPq4ETjZ4aKBupWpVA_HoQ8VsLOKGcJjmnz1AHEM_XFUPBe-WWGaEHhNhKGP13H8sfbWB1B8SfVEAXXnXzDaraOcwUx0QT6aU3d6ymPlw3HBEXMhUZJr-0xUPz84-B7aL47tK3RdtowJN8us38TjS8J4D6pSwsAyy6TeLO-00BpxFcIxDeYyWia3O5TnpLmBU9eO9NxXfEv_cIHDcqgkrqz_OT1On9xg111PnMWutONgtNJNQuwHrDtUExMpOPSQrz0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.todawa57.asia/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

45 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 function| $ function| jQuery function| goLink_0FAE function| addBackr_0FAE object| cnyBackSet_0FAE object| googletag object| foin_cookie_setting object| ggeac object| google_tag_data object| google_js_reporting_queue undefined| google_measure_js_timing number| google_unique_id object| gaGlobal object| foin_where_ref object| foin_domainCutInfo object| foin_Base64 string| l_protocol object| l3_date string| Title string| Summary string| Lang object| keywordInfo string| refVal boolean| useRef string| old_refVal string| l_userAgent number| l_isChrome number| l_ver number| l_end object| l_date string| l_url object| l_Body object| l_divObj object| l_style string| key object| l_scrObj object| foin_cookie object| foinCookie number| version object| GoogleGcLKhOms object| google_image_requests

15 Cookies

Domain/Path Name / Value
ad.abchub.site/ Name: FOIN_REF1
Value: https://www.todawa57.asia/
ad.abchub.site/ Name: HEAD
Value: 021050U1x7la6
ad.aceplanet.co.kr/ Name: FOIN_REF1
Value: https://www.todawa57.asia/
ad.aceplanet.co.kr/ Name: HEAD
Value: 021050U1x7m3I
.todawa57.asia/ Name: __gads
Value: ID=586f081a4d89d4cd:T=1705796857:RT=1705796857:S=ALNI_MYi3KXrbCMZDv1rr_DgH9ibIz9GPg
.doubleclick.net/ Name: IDE
Value: AHWqTUlPdlQLU-7yQkmODtQZRXv2NdYnU-ePlLOOIEpbUbT8X_HmQOtEcrfuk66V
.adnxs.com/ Name: uuid2
Value: 7258218387067158527
.casalemedia.com/ Name: CMPS
Value: 1207
.casalemedia.com/ Name: CMID
Value: Zaxk.p85LHfAlQAODk2lOQAA
.casalemedia.com/ Name: CMPRO
Value: 5181
.adnxs.com/ Name: XANDR_PANID
Value: ANxL3ocMwWIYbfctFkCHglTSJasGMppT-cEOwOq6NnU32AOHOv3bMnPEB_yMSBh9pAuHlR5U_8UPlXdIV8qtby0T5yU2UVFJel7FXB9zLdQ.
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2Ilbt(Iv>!]tbPl1M>e)ZlrFUfJ+tGXxo@HVfrtK-_[MB-eep=3r+q_B7tq^NDC-+vZEj3If)y3KL9D3I?+xnB<bz
engine.tend-table.com/ Name: HEAD
Value: 010050U1x7n1U
engine.tend-table.com/ Name: FOIN_CATEGORY1
Value:
ad.abchub.site/ Name: FOIN_CATEGORY1
Value:

5 Console Messages

Source Level URL
Text
javascript warning URL: https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.6.0.slim.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.6.0.slim.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ad.aceplanet.co.kr/cgi-bin/PelicanC.dll?impr?pageid=05yZ&out=script, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.6.0.slim.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://ad.abchub.site/cgi-bin/PelicanC.dll?impr?pageid=0FAE&out=script
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.6.0.slim.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.abchub.site
ad.aceplanet.co.kr
ad.doubleclick.net
cdn13.ad4989.co.kr
cdnjs.cloudflare.com
client.bannerspace.net
cm.g.doubleclick.net
code.jquery.com
dsum-sec.casalemedia.com
e1db88ef6083b66dce7183758981aa7b.safeframe.googlesyndication.com
engine.tend-table.com
googleads.g.doubleclick.net
i.keezip.com
ib.adnxs.com
js.ad4989.co.kr
pagead2.googlesyndication.com
s0.2mdn.net
securepubads.g.doubleclick.net
todawa40.asia
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
www.todawa57.asia
104.18.36.155
112.214.46.111
142.250.185.130
185.89.210.141
202.97.174.25
211.226.25.200
211.226.25.220
216.58.206.38
2606:4700:3030::ac43:d43a
2606:4700:3036::6815:213b
2606:4700::6811:180e
2a00:1450:4001:801::2001
2a00:1450:4001:806::2004
2a00:1450:4001:813::2002
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2006
2a00:1450:4001:82b::2002
2a00:1450:4001:830::2001
2a02:26f0:3500:18::1724:a289
2a04:4e42::649
01f68ef3a7eef7b7cc21cacca00a0c191f172d4327e4f04399191ffaac8cae49
077bf40d341eea2dd7d2eff690a4b877d8716d2d5234a58cb933598c4e63814b
09c17debd5eada55da5b146aa4ed88e227ed981ae9e8e05da411489002268a74
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
1131f045ddc50292cb1ed4af9659a0850359a37bc401e4a9ef7062a52abb836f
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
1e18c00f7d939493d0e4c97c057493a49da1e1d7847b151fbd2772f3ac502904
1f058e34466ba6ea21f79d5c403d68bf61d42b9cc0e43c09d433545da33a16c6
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
22a49dddda6518b4242a73ff7ea33b83c543aaea3f7901897f1a5a59b2011efe
27ce170f477b80957c55e1939c87820de82f8ce1bc71571477bf78de9ba34ed4
2c0552f5f695bac6b38705b48dbe470311f45dce3a3a485efe95ddb51bed3757
2d930af4bd5419bf72222580b88380a552e44fc551211bea4f14fee9800c4c59
308052b1bf48d457ff68c33a498c882f75beaae17118485be2dd3163fe0c7c11
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
32504538284faed1bb55612e57e9b5072bd96b983bbe927308eaec0ba2d25b33
37bc930c63149650677d732eea9526432bd8494c55737f45c98e7f8ad7c1e7ff
3a4f41e3768d7420cd17ccd325823b9de898158ebe80648ff5af97ed39ea3547
3d322485983f9bf6aa843345c3eb6dcc06b6d60555c849a778133ac335aa4251
3faa4a59a2d99b0812c469448eafedfcc1f6bd2d48014f1218d15fa1d9fc824b
428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11
42b601bc0d93dfca6e350b46d113bf8e7ff9e40a87a0c57ab9b3c9c219062423
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5dd0b5724f4bbac4bd58de274236fce36135ce302364b3b8ff5c4c3631e81139
5e5ce83a1abacd834f7e44a3be40475fdbb8034a7a1f1da33ab6ad985d0b94a2
5efd5c070968ae7f3020be206ac993036ee7cbc6fab47e799ad4d9e9a86155f9
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
64a0c38e91767fafc305dc34e65c52834e5d4772cd3a4c17a7662b0981055ff7
66ea8b8e5fb63e30170770409f524bac18a024b210d690fa0db919212269a14a
69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0
6bd415fb0978ecddc6a9a1e77da54a17e77044f2a7c3d1fb9c6dbe82d2a5dbeb
72855f862df04b84b9755977382129f3f7f22f188f02686807e0eb5df1916155
72863df27774cdc732cd14c6373ed2fbb25b7baaba2456673bf8685e784e6e83
74e018b7e6c3b5cc0e0cc790f256033b97b3783c5853529bc6101b6a7ed23159
783361ed917fad413a4249d12774f5b0be1e4e75495da00e3b3e9edb1e10926f
794ea72e945bea99a7e936be803fc7363777bc22eb855c44a46edbc573b611e5
7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a
7f7d0faa4fd64ad50d60bf04c073f660a012ee6bc551a2cda239ec5048218ea8
825bb65c3cf6d63f4db6c3c26793dd0cc7e2c846b5732bffd8eaea2f0612ac87
899cd99a24a6950e11055aef298623208bde99364981f3a8b48b2c8580ca3d14
96bdf14559b04aa1dac81239fb038671f6caa9c7ca70b97198853498427b7123
99163961fd831f483e9837c9ce73d878cdbff470c6cc606cd919cd86c683a8ef
9d9422db01805bc009b525507c0d7227a6fef403e87d140bba783f9d6c73dda6
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a4d9e2cbab3e0d55a661df4ffba7c67a137191d93b5e1714cf56b5eafb052c07
a7fcfbc2cffe7086bab174053531cf4841c2ab543f9f19a78fcb12fdd425cf09
a9cd73fee636506f14dfffe4b5029b88720e57de2df377adf8502cdd59636a43
aeda4c5866c0c95932f86654f75821a346d15c18c9da5e4bf93d6f463aff062d
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bf0d6da2b17b813749a8b61047b209827603fb1fdff3ef336df7e67fe16aefe9
c0cfd9aa3c9585cf19f33116277406ca6ed9c3e8384677ad71a19df3a9aae580
c36d7baf0ca32ebdb9f04499a2e27b7110d0c486397412b53b98c1f0dc1d10fe
c58b9d4e826e37b7845b649f54241ed297e05bbb7e5d6a3faf131afab9c006c1
cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198
cf18a9ed9a6aa889d227de181fe071fe47062764cacd90c4423b81b6bbbee834
cf2b04e65eac6603f6472fe3b58bda2918c4a4fdbe0a5878eda75da7d43b4925
d22868dbb660acc95fec8868fbbcf2979c3ec66becf9a1e9b64c8a2252553196
d2af7fa9c0d0aaec3746563f9a126f659fcf59523318028c2f5e2d61fe022472
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
dfc5e8d2d73be372398354967a23c6c1186953d08ce25ed41725c7c8f588419c
e1bdc4c80ed0efafe91180d84a9516d1b468a47ec7bf03db4230e527e014cdd7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7985a42dd917c9daf4cd2288e298caab5320df9927ee0ccdf43fed99f2cacf2
e8a57e51ca4ccf80a78e91a18e4a45c93f6f266a7d9d8ff54c93d2f7bd33ccd5
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ed0e54d3733153667e0c73b418b4a4219087f69af048f715e8c0d360112b0571
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef34301455784e8a56ecc7a80985d6fd317ddd8328b6232dc0bc3223d79c91c2
f34285967052f4d10e4732af244d5db654ab1b685b9f505cf770dbc186bc7171
f38c322a30b8cf00d59ed5c48c4cca65cd1b0a5f689d36ecebf9dd88d5290657
f89a06d4661e5607389bec9499b0d799fb723f1319cdb5fd1024fa5d70161075
fb43d06b4066924809b6d9054f4d4fd646298e057dbe0a0ec6286700ac09cd48
fd3a78c44240fc968612ed1a66b1ddf9f2e88ee172a587673e20a3d2709194c3