leviatanscans.com Open in urlscan Pro
2606:4700:3032::6815:2c71 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://leviatanscans.com/
Effective URL:
https://leviatanscans.com/mx
Submission: On December 30 via api (December 30th 2021, 3:11:40 pm UTC) from GB — Scanned from GB

Summary HTTP 573 Redirects Links 38 Behaviour Indicators

Summary

This website contacted 96 IPs in 9 countries across 78 domains to perform 573 HTTP transactions. The main IP is 2606:4700:3032::6815:2c71, located in United States and belongs to CLOUDFLARENET, US. The main domain is leviatanscans.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 24th 2021. Valid for: a year.

This is the only time leviatanscans.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 80	2606:4700:303... 2606:4700:3032::6815:2c71	13335 (CLOUDFLAR...) (CLOUDFLARENET)
48	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
3 6	2606:4700:303... 2606:4700:3037::6815:135b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:225... 2600:9000:2250:9c00:2:e529:700:93a1	16509 (AMAZON-02) (AMAZON-02)
17	172.66.42.247 172.66.42.247	13335 (CLOUDFLAR...) (CLOUDFLARENET)
26	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6812:353	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	205.185.216.42 205.185.216.42	20446 (HIGHWINDS3) (HIGHWINDS3)
2	2606:4700:303... 2606:4700:3037::6815:3471	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
4	18.66.109.174 18.66.109.174	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1	192.0.78.218 192.0.78.218	2635 (AUTOMATTIC) (AUTOMATTIC)
1 1	2a00:1450:400... 2a00:1450:400c:c0c::9b	15169 (GOOGLE) (GOOGLE)
2 4	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:bb99	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:1b	20446 (HIGHWINDS3) (HIGHWINDS3)
2	45.133.44.4 45.133.44.4	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
22	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
5	2a0c:5c81:514... 2a0c:5c81:5142::2	55081 (24SHELLS) (24SHELLS)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:bb21	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
14	35.171.252.175 35.171.252.175	14618 (AMAZON-AES) (AMAZON-AES)
4	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
1	67.202.105.34 67.202.105.34	32748 (STEADFAST) (STEADFAST)
4 13	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
3	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
5 5	198.47.127.18 198.47.127.18	62713 (AS-PUBMATIC) (AS-PUBMATIC)
12 31	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
2 2	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	198.47.127.20 198.47.127.20	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
6 10	37.252.172.37 37.252.172.37	29990 (ASN-APPNEX) (ASN-APPNEX)
2	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
4 4	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
6 6	213.19.147.44 213.19.147.44	26120 (RHYTHMONE) (RHYTHMONE)
3 4	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1 1	64.202.112.223 64.202.112.223	23352 (SERVERCEN...) (SERVERCENTRAL)
1	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1	54.154.182.198 54.154.182.198	16509 (AMAZON-02) (AMAZON-02)
1	174.137.133.49 174.137.133.49	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
3 3	54.72.237.47 54.72.237.47	16509 (AMAZON-02) (AMAZON-02)
2 3	18.197.73.85 18.197.73.85	16509 (AMAZON-02) (AMAZON-02)
1	38.27.122.158 38.27.122.158	174 (COGENT-174) (COGENT-174)
3 5	216.52.2.48 216.52.2.48	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
1 1	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
2	67.202.105.22 67.202.105.22	32748 (STEADFAST) (STEADFAST)
2	37.157.5.142 37.157.5.142	198622 (ADFORM) (ADFORM)
2	2606:4700:20:... 2606:4700:20::ac43:4bf1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	64.74.236.191 64.74.236.191	19024 (INTERNAP-...) (INTERNAP-BLK5)
1	2606:4700::68... 2606:4700::6812:372	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:10:... 2606:4700:10::6816:2460	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	77.245.57.72 77.245.57.72	36057 (WEBAIR-IN...) (WEBAIR-INTERNET-MTL)
1	185.184.8.65 185.184.8.65	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1	23.37.38.181 23.37.38.181	16625 (AKAMAI-AS) (AKAMAI-AS)
2	34.242.66.111 34.242.66.111	16509 (AMAZON-02) (AMAZON-02)
3	104.26.6.39 104.26.6.39	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	23.111.200.117 23.111.200.117	7979 (SERVERS-COM) (SERVERS-COM)
1	178.250.0.165 178.250.0.165	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 2	5.178.65.245 5.178.65.245	50673 (SERVERIUS-AS) (SERVERIUS-AS)
2	147.75.61.140 147.75.61.140	54825 (PACKET) (PACKET)
6	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
46	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
1	37.18.16.21 37.18.16.21	205675 (HYBRID-AS) (HYBRID-AS)
3	2a02:26f0:6c0... 2a02:26f0:6c00:28a::2c79	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	209.54.180.144 209.54.180.144	16509 (AMAZON-02) (AMAZON-02)
2 3	104.111.242.53 104.111.242.53	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700:303... 2606:4700:3039::6815:c0a7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 4	2620:116:800d... 2620:116:800d:21:51e4:db4b:4436:b305	16509 (AMAZON-02) (AMAZON-02)
1 2	54.174.249.39 54.174.249.39	14618 (AMAZON-AES) (AMAZON-AES)
2 5	142.250.184.198 142.250.184.198	15169 (GOOGLE) (GOOGLE)
1	54.88.99.244 54.88.99.244	14618 (AMAZON-AES) (AMAZON-AES)
2	34.231.131.161 34.231.131.161	14618 (AMAZON-AES) (AMAZON-AES)
1	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	18.193.230.138 18.193.230.138	16509 (AMAZON-02) (AMAZON-02)
1	129.159.70.95 129.159.70.95	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1	72.251.249.9 72.251.249.9	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1	34.149.20.76 34.149.20.76	15169 (GOOGLE) (GOOGLE)
2 3	198.47.127.19 198.47.127.19	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 2	34.241.165.231 34.241.165.231	16509 (AMAZON-02) (AMAZON-02)
2	63.32.41.216 63.32.41.216	16509 (AMAZON-02) (AMAZON-02)
13	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2.16.186.67 2.16.186.67	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
25	2a00:1450:400... 2a00:1450:4001:82b::2006	15169 (GOOGLE) (GOOGLE)
3	2600:9000:223... 2600:9000:223f:600:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
14	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
22	54.218.141.220 54.218.141.220	16509 (AMAZON-02) (AMAZON-02)
5	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
2 2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
2	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
2 2	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
2	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba1a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2 2	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1 2	3.122.111.84 3.122.111.84	16509 (AMAZON-02) (AMAZON-02)
2 2	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	51.89.21.30 51.89.21.30	16276 (OVH) (OVH)
4	66.102.1.154 66.102.1.154	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4007:819::2003	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:803::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4009:1::a	15169 (GOOGLE) (GOOGLE)
1 2	63.32.69.142 63.32.69.142	16509 (AMAZON-02) (AMAZON-02)
8	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
573	96

80 2606:4700:3032::6815:2c71 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

leviatanscans.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

48 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3037::6815:135b (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

papayads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.papayads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:9c00:2:e529:700:93a1 (United States)

ASN16509 (AMAZON-02, US)

tags.orquideassp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 172.66.42.247 (United States)

ASN13335 (CLOUDFLARENET, US)

resources.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
router.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:353 (United States)

ASN13335 (CLOUDFLARENET, US)

delivery.adrecover.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.216.42 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net

jscdn.greeter.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3037::6815:3471 (United States)

ASN13335 (CLOUDFLARENET, US)

player.adtcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.66.109.174 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-109-174.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.218 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

supertruco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9b (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:bb99 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

tg1.modoro360.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:1b (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.133.44.4 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

player.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a0c:5c81:5142::2 (London, United Kingdom)

ASN55081 (24SHELLS, US)

ghb.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:bb21 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

player.avplayer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 35.171.252.175 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-171-252-175.compute-1.amazonaws.com

servt.modoro360.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.34 (United States)

ASN32748 (STEADFAST, US)
PTR: ip34.67-202-105.static.steadfastdns.net

de.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2.18.234.21 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.89.9.252 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 198.47.127.18 (United States) 5 redirects

ASN62713 (AS-PUBMATIC, US)

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 142.250.186.98 (United States) 12 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.110 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.20 (United States) 2 redirects

ASN3257 (GTT-BACKBONE GTT, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 37.252.172.37 (Frankfurt am Main, Germany) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adtelligent-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.156.0.31 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 213.19.147.44 (United Kingdom) 6 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 15.197.193.217 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.202.112.223 (United States) 1 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.162.133.149 (Rotterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.154.182.198 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-182-198.eu-west-1.compute.amazonaws.com

s.cpx.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 174.137.133.49 (United States)

ASN27257 (WEBAIR-INTERNET, US)

dsp.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.72.237.47 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-237-47.eu-west-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.197.73.85 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-73-85.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 38.27.122.158 (United States)

ASN174 (COGENT-174, US)

match.bnmla.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 216.52.2.48 (United States) 3 redirects

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.128 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.202.105.22 (United States)

ASN32748 (STEADFAST, US)
PTR: ip22.67-202-105.static.steadfastdns.net

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.5.142 (Denmark)

ASN198622 (ADFORM, DK)

adx.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:4bf1 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.74.236.191 (United States)

ASN19024 (INTERNAP-BLK5, US)
PTR: chi.outbrain.com

b1h.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:372 (United States)

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:2460 (United States)

ASN13335 (CLOUDFLARENET, US)

useast.quantumdex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 77.245.57.72 (United States)

ASN36057 (WEBAIR-INTERNET-MTL, US)

cpm.unibots.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.184.8.65 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.37.38.181 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-38-181.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.242.66.111 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-242-66-111.eu-west-1.compute.amazonaws.com

ads.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.26.6.39 (United States)

ASN13335 (CLOUDFLARENET, US)

prebid.smilewanted.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.111.200.117 (Russian Federation)

ASN7979 (SERVERS-COM, US)

ads.betweendigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.165 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.par.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 5.178.65.245 (Woerden, Netherlands) 1 redirects

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net

pbjs.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 147.75.61.140 (Ashburn, United States)

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

46 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.18.16.21 (Russian Federation)

ASN205675 (HYBRID-AS, RU)

dm.hybrid.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:6c00:28a::2c79 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

player.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.54.180.144 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.111.242.53 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-53.deploy.static.akamaitechnologies.com

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3039::6815:c0a7 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:116:800d:21:51e4:db4b:4436:b305 (United States) 4 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.174.249.39 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-174-249-39.compute-1.amazonaws.com

um2.eqads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.184.198 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.88.99.244 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-88-99-244.compute-1.amazonaws.com

serv.modoro360.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.231.131.161 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-231-131-161.compute-1.amazonaws.com

servs.modoro360.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.193.230.138 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-230-138.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 129.159.70.95 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.251.249.9 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.149.20.76 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 76.20.149.34.bc.googleusercontent.com

ssc.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 198.47.127.19 (United States) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.241.165.231 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-241-165-231.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.32.41.216 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-41-216.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

hblg.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
warp.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lg3.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c21lg-d.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.186.67 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-67.deploy.static.akamaitechnologies.com

qsearch-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:82b::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:223f:600:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 54.218.141.220 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-218-141-220.us-west-2.compute.amazonaws.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f130.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.139 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00::210:ba1a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.18 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.122.111.84 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-111-84.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.215.191 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.21.30 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: p25.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 66.102.1.154 (United States)

ASN15169 (GOOGLE, US)
PTR: wb-in-f154.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4007:819::2003 (Ireland)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4009:1::a (London, United Kingdom)

ASN15169 (GOOGLE, US)

r4---sn-aigzrner.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.32.69.142 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-69-142.eu-west-1.compute.amazonaws.com

discovery.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
106	googlesyndication.com pagead2.googlesyndication.com a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com tpc.googlesyndication.com ade.googlesyndication.com	1 MB
92	doubleclick.net 15 redirects googleads.g.doubleclick.net securepubads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net ad.doubleclick.net googleads4.g.doubleclick.net pubads.g.doubleclick.net bid.g.doubleclick.net	530 KB
80	leviatanscans.com 1 redirects leviatanscans.com	3 MB
29	2mdn.net 1 redirects s0.2mdn.net gcdn.2mdn.net r4---sn-aigzrner.c.2mdn.net	4 MB
29	adsafeprotected.com 1 redirects fw.adsafeprotected.com pixel.adsafeprotected.com static.adsafeprotected.com dt.adsafeprotected.com	197 KB
27	google.com 2 redirects www.google.com fundingchoicesmessages.google.com adservice.google.com	111 KB
24	gstatic.com fonts.gstatic.com www.gstatic.com csi.gstatic.com	220 KB
20	googleapis.com fonts.googleapis.com imasdk.googleapis.com	3 MB
18	modoro360.com tg1.modoro360.com servt.modoro360.com serv.modoro360.com servs.modoro360.com	11 KB
17	infolinks.com resources.infolinks.com router.infolinks.com	73 KB
14	casalemedia.com 4 redirects ssum-sec.casalemedia.com htlb.casalemedia.com dsum-sec.casalemedia.com	15 KB
13	media.net hblg.media.net contextual.media.net warp.media.net lg3.media.net c21lg-d.media.net cs.media.net	94 KB
13	pubmatic.com 11 redirects image8.pubmatic.com image2.pubmatic.com image4.pubmatic.com ads.pubmatic.com image6.pubmatic.com	9 KB
11	googletagservices.com www.googletagservices.com	350 KB
10	adnxs.com 6 redirects ib.adnxs.com	16 KB
7	adtelligent.com player.adtelligent.com ghb.adtelligent.com sync.adtelligent.com Failed	35 KB
6	lijit.com 3 redirects ap.lijit.com ce.lijit.com	3 KB
6	amazon-adsystem.com 1 redirects c.amazon-adsystem.com s.amazon-adsystem.com	41 KB
6	papayads.net 3 redirects papayads.net www.papayads.net	25 KB
5	criteo.com 1 redirects bidder.criteo.com gum.criteo.com mug.criteo.com	2 KB
4	quantserve.com 4 redirects pixel.quantserve.com cms.quantserve.com	2 KB
4	adsrvr.org 3 redirects match.adsrvr.org	2 KB
4	1rx.io 4 redirects sync.1rx.io	3 KB
4	yahoo.com 4 redirects ups.analytics.yahoo.com	2 KB
4	openx.net u.openx.net adtelligent-d.openx.net rtb.openx.net	925 B
3	bidswitch.net 3 redirects x.bidswitch.net	2 KB
3	owneriq.net 2 redirects px.owneriq.net	1 KB
3	aniview.com player.aniview.com	221 KB
3	smilewanted.com prebid.smilewanted.com	1 KB
3	4dex.io script.4dex.io mp.4dex.io	24 KB
3	33across.com ssc-cms.33across.com ssc.33across.com	360 B
3	advertising.com 2 redirects pixel.advertising.com	675 B
3	360yield.com 3 redirects ad.360yield.com	921 B
3	onetag-sys.com onetag-sys.com	2 KB
3	google.co.uk www.google.co.uk adservice.google.co.uk	1 KB
3	google-analytics.com 1 redirects ssl.google-analytics.com www.google-analytics.com	18 KB
2	demdex.net 1 redirects discovery.demdex.net	2 KB
2	addthis.com 2 redirects e.dlx.addthis.com	1 KB
2	agkn.com 1 redirects d.agkn.com	1 KB
2	3lift.com 2 redirects eb2.3lift.com	944 B
2	criteo.net static.criteo.net	54 KB
2	createjs.com code.createjs.com	111 KB
2	rubiconproject.com 2 redirects pixel.rubiconproject.com	917 B
2	rlcdn.com 2 redirects id.rlcdn.com	887 B
2	eqads.com 1 redirects um2.eqads.com	563 B
2	a-mo.net prebid.a-mo.net	553 B
2	e-planning.net 1 redirects pbjs.e-planning.net	2 KB
2	servenobid.com ads.servenobid.com	1 KB
2	adform.net adx.adform.net	410 B
2	zemanta.com 1 redirects b1sync.zemanta.com b1h.zemanta.com	411 B
2	unrulymedia.com 2 redirects sync.targeting.unrulymedia.com	1 KB
2	adtcdn.com player.adtcdn.com	122 KB
2	adrecover.com delivery.adrecover.com	12 KB
1	id5-sync.com id5-sync.com	535 B
1	travelaudience.com 1 redirects ads.travelaudience.com	524 B
1	mookie1.com odr.mookie1.com	324 B
1	akamaihd.net qsearch-a.akamaihd.net
1	technoratimedia.com sync.technoratimedia.com
1	ad4m.at ad4m.at
1	hybrid.ai dm.hybrid.ai	238 B
1	betweendigital.com ads.betweendigital.com	913 B
1	creativecdn.com prebid-eu.creativecdn.com	179 B
1	unibots.in cpm.unibots.in	264 B
1	quantumdex.io useast.quantumdex.io	339 B
1	rfihub.com 1 redirects p.rfihub.com	759 B
1	bnmla.com match.bnmla.com	114 B
1	adkernel.com dsp.adkernel.com	233 B
1	cpx.to s.cpx.to	945 B
1	sonobi.com sync.go.sonobi.com	474 B
1	tynt.com de.tynt.com	289 B
1	avplayer.com player.avplayer.com	58 KB
1	googleadservices.com partner.googleadservices.com	449 B
1	jquery.com code.jquery.com	29 KB
1	supertruco.com supertruco.com	821 B
1	googletagmanager.com googletagmanager.com	61 KB
1	greeter.me jscdn.greeter.me	2 KB
1	orquideassp.com tags.orquideassp.com	1 KB
0	adxpremium.services Failed rtb.adxpremium.services Failed
573	78

	Domain	Requested by
80	leviatanscans.com	1 redirects leviatanscans.com
48	pagead2.googlesyndication.com	leviatanscans.com pagead2.googlesyndication.com tags.orquideassp.com googleads.g.doubleclick.net a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com ad.doubleclick.net srcdoc
46	tpc.googlesyndication.com	securepubads.g.doubleclick.net googleads.g.doubleclick.net leviatanscans.com a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com tpc.googlesyndication.com imasdk.googleapis.com
31	cm.g.doubleclick.net	12 redirects googleads.g.doubleclick.net a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com leviatanscans.com
25	s0.2mdn.net	leviatanscans.com s0.2mdn.net imasdk.googleapis.com a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
25	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net leviatanscans.com a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
22	dt.adsafeprotected.com	a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com leviatanscans.com
15	router.infolinks.com	resources.infolinks.com router.infolinks.com ssum-sec.casalemedia.com
14	pubads.g.doubleclick.net	imasdk.googleapis.com leviatanscans.com
14	imasdk.googleapis.com	player.aniview.com imasdk.googleapis.com
14	servt.modoro360.com	leviatanscans.com player.aniview.com
13	fonts.gstatic.com	leviatanscans.com fonts.googleapis.com
12	fundingchoicesmessages.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
11	www.googletagservices.com	googleads.g.doubleclick.net leviatanscans.com a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com fw.adsafeprotected.com
11	adservice.google.com	pagead2.googlesyndication.com imasdk.googleapis.com
10	dsum-sec.casalemedia.com	3 redirects ssum-sec.casalemedia.com um2.eqads.com googleads.g.doubleclick.net
10	ib.adnxs.com	6 redirects player.adtcdn.com googleads.g.doubleclick.net
8	ade.googlesyndication.com	leviatanscans.com
8	www.gstatic.com	securepubads.g.doubleclick.net googleads.g.doubleclick.net
7	securepubads.g.doubleclick.net	papayads.net securepubads.g.doubleclick.net leviatanscans.com
6	fonts.googleapis.com	securepubads.g.doubleclick.net googleads.g.doubleclick.net
5	googleads4.g.doubleclick.net	leviatanscans.com
5	ad.doubleclick.net	2 redirects googleads.g.doubleclick.net www.googletagservices.com
5	ap.lijit.com	3 redirects player.adtcdn.com
5	image8.pubmatic.com	5 redirects
5	ghb.adtelligent.com	player.adtelligent.com player.adtcdn.com
4	bid.g.doubleclick.net	imasdk.googleapis.com
4	contextual.media.net	a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com contextual.media.net leviatanscans.com
4	match.adsrvr.org	3 redirects ssum-sec.casalemedia.com
4	sync.1rx.io	4 redirects
4	ups.analytics.yahoo.com	4 redirects
4	a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	www.google.com	2 redirects leviatanscans.com a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
4	c.amazon-adsystem.com	papayads.net c.amazon-adsystem.com
3	r4---sn-aigzrner.c.2mdn.net	leviatanscans.com
3	csi.gstatic.com	imasdk.googleapis.com
3	cms.quantserve.com	3 redirects
3	lg3.media.net	a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com leviatanscans.com
3	static.adsafeprotected.com	a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com pixel.adsafeprotected.com
3	image6.pubmatic.com	2 redirects ads.pubmatic.com
3	x.bidswitch.net	3 redirects
3	px.owneriq.net	2 redirects ssum-sec.casalemedia.com
3	player.aniview.com	player.avplayer.com player.aniview.com
3	prebid.smilewanted.com	player.adtcdn.com
3	pixel.advertising.com	2 redirects player.aniview.com
3	ad.360yield.com	3 redirects
3	onetag-sys.com	router.infolinks.com player.adtcdn.com
3	ssum-sec.casalemedia.com	1 redirects router.infolinks.com ssum-sec.casalemedia.com
3	www.papayads.net	leviatanscans.com www.papayads.net
3	papayads.net	3 redirects
2	discovery.demdex.net	1 redirects leviatanscans.com
2	mug.criteo.com	leviatanscans.com
2	gum.criteo.com	1 redirects
2	e.dlx.addthis.com	2 redirects
2	d.agkn.com	1 redirects leviatanscans.com
2	eb2.3lift.com	2 redirects
2	cs.media.net	contextual.media.net
2	static.criteo.net	player.adtcdn.com static.criteo.net
2	code.createjs.com	s0.2mdn.net
2	pixel.rubiconproject.com	2 redirects
2	rtb.openx.net	a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
2	id.rlcdn.com	2 redirects
2	hblg.media.net	leviatanscans.com a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
2	pixel.adsafeprotected.com	leviatanscans.com a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
2	fw.adsafeprotected.com	1 redirects leviatanscans.com
2	servs.modoro360.com	player.aniview.com
2	um2.eqads.com	1 redirects ssum-sec.casalemedia.com
2	s.amazon-adsystem.com	1 redirects ssum-sec.casalemedia.com
2	prebid.a-mo.net	player.adtcdn.com
2	pbjs.e-planning.net	1 redirects leviatanscans.com
2	ads.servenobid.com	player.adtcdn.com
2	script.4dex.io	player.adtcdn.com script.4dex.io
2	adx.adform.net	player.adtcdn.com
2	ssc-cms.33across.com	router.infolinks.com player.aniview.com
2	sync.targeting.unrulymedia.com	2 redirects
2	image4.pubmatic.com	2 redirects
2	image2.pubmatic.com	2 redirects
2	adservice.google.co.uk	pagead2.googlesyndication.com
2	player.adtelligent.com	player.adtcdn.com
2	player.adtcdn.com	papayads.net
2	delivery.adrecover.com	leviatanscans.com
2	ssl.google-analytics.com	1 redirects leviatanscans.com
2	resources.infolinks.com	leviatanscans.com
1	gcdn.2mdn.net	1 redirects
1	id5-sync.com	player.adtcdn.com
1	ads.travelaudience.com	1 redirects
1	c21lg-d.media.net	contextual.media.net
1	odr.mookie1.com	a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
1	warp.media.net	a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
1	qsearch-a.akamaihd.net	leviatanscans.com
1	ssc.33across.com	player.aniview.com
1	ce.lijit.com	player.aniview.com
1	sync.technoratimedia.com	player.aniview.com
1	ads.pubmatic.com	player.aniview.com
1	serv.modoro360.com	player.aniview.com
1	pixel.quantserve.com	1 redirects
1	ad4m.at	ssum-sec.casalemedia.com
1	dm.hybrid.ai	leviatanscans.com
1	bidder.criteo.com	player.adtcdn.com
1	ads.betweendigital.com	player.adtcdn.com
1	htlb.casalemedia.com	player.adtcdn.com
1	prebid-eu.creativecdn.com	player.adtcdn.com
1	adtelligent-d.openx.net	player.adtcdn.com
1	cpm.unibots.in	player.adtcdn.com
1	useast.quantumdex.io	player.adtcdn.com
1	mp.4dex.io	player.adtcdn.com
1	b1h.zemanta.com	player.adtcdn.com
1	p.rfihub.com	1 redirects
1	match.bnmla.com	router.infolinks.com
1	dsp.adkernel.com	router.infolinks.com
1	s.cpx.to	router.infolinks.com
1	sync.go.sonobi.com	router.infolinks.com
1	b1sync.zemanta.com	1 redirects
1	u.openx.net	router.infolinks.com
1	de.tynt.com	router.infolinks.com
1	player.avplayer.com	tg1.modoro360.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	code.jquery.com	delivery.adrecover.com
1	tg1.modoro360.com	jscdn.greeter.me
1	www.google-analytics.com	googletagmanager.com
1	www.google.co.uk	leviatanscans.com
1	stats.g.doubleclick.net	1 redirects
1	supertruco.com	tags.orquideassp.com
1	googletagmanager.com	papayads.net
1	jscdn.greeter.me	papayads.net
1	tags.orquideassp.com	leviatanscans.com
0	sync.adtelligent.com Failed	player.adtelligent.com leviatanscans.com
0	rtb.adxpremium.services Failed	player.adtcdn.com
573	128

This site contains links to these domains. Also see Links.

Domain
xxx.leviatanscans.com
agencyorquidea.com
www.papayads.net
www.bilibilicomics.com
discord.gg
paypal.me
patreon.com
papayads.net

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-04-24` - `2022-04-23`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
tags.orquideassp.com Amazon	`2021-06-29` - `2022-07-28`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
adrecover.com Cloudflare Inc ECC CA-3	`2021-06-01` - `2022-05-31`	a year	crt.sh
greeter.me R3	`2021-12-22` - `2022-03-22`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
tls.automattic.com R3	`2021-11-05` - `2022-02-03`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
wl1.aniview.com R3	`2021-10-11` - `2022-01-09`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
player.adtelligent.com R3	`2021-11-19` - `2022-02-17`	3 months	crt.sh
*.google.co.uk GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
ghb.adtelligent.com ZeroSSL ECC Domain Secure Site CA	`2021-12-08` - `2022-03-08`	3 months	crt.sh
outstreamedia.com R3	`2021-12-21` - `2022-03-21`	3 months	crt.sh
*.modoro360.com Amazon	`2021-12-21` - `2023-01-18`	a year	crt.sh
*.tynt.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
onetag-sys.com R3	`2021-11-02` - `2022-01-31`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2020-12-06` - `2022-01-07`	a year	crt.sh
*.adkernel.com Sectigo RSA Domain Validation Secure Server CA	`2020-12-22` - `2022-01-05`	a year	crt.sh
*.bnmla.com Go Daddy Secure Certificate Authority - G2	`2021-01-06` - `2022-02-07`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
*.zemanta.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-29` - `2022-08-29`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2021-03-11` - `2022-04-12`	a year	crt.sh
*.unibots.in AlphaSSL CA - SHA256 - G2	`2021-09-02` - `2022-10-04`	a year	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-30` - `2022-04-12`	a year	crt.sh
ads.servenobid.com Amazon	`2021-06-28` - `2022-07-27`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.ads.betweendigital.com Sectigo RSA Domain Validation Secure Server CA	`2021-12-15` - `2023-01-15`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-26`	3 months	crt.sh
*.a-mo.net R3	`2021-12-20` - `2022-03-20`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.hybrid.ai Sectigo RSA Domain Validation Secure Server CA	`2020-07-07` - `2022-10-05`	2 years	crt.sh
*.aniview.com DigiCert SHA2 Secure Server CA	`2021-02-23` - `2022-02-27`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
um3.eqads.com Amazon	`2021-06-26` - `2022-07-25`	a year	crt.sh
pixel.advertising.com DigiCert SHA2 High Assurance Server CA	`2021-12-21` - `2022-06-15`	6 months	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2021-03-30` - `2022-04-04`	a year	crt.sh
*.technoratimedia.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-09-17` - `2022-10-05`	a year	crt.sh
ssc.33across.com GTS CA 1D4	`2021-11-26` - `2022-02-24`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2021-08-11` - `2022-09-09`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2021-04-12` - `2022-04-20`	a year	crt.sh
a248.e.akamai.net DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-20`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
dt.adsafeprotected.com Amazon	`2021-11-19` - `2022-12-18`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
tls.adobe.com DigiCert SHA2 Secure Server CA	`2020-06-01` - `2022-06-06`	2 years	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-24`	3 months	crt.sh
*.id5-sync.com R3	`2021-12-20` - `2022-03-20`	3 months	crt.sh
*.c.docs.google.com GTS CA 1C3	`2021-11-30` - `2022-02-08`	2 months	crt.sh
*.agkn.com RapidSSL RSA CA 2018	`2020-07-25` - `2022-09-18`	2 years	crt.sh

This page contains 79 frames:

Primary Page: https://leviatanscans.com/mx
Frame ID: 3B381CFA4B1347700DBD927F9708E628
Requests: 202 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/zrt_lookup.html
Frame ID: D93494688B6CAF007F2FE28064DA1157
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&adk=1812271804&adf=3025194257&lmt=1640876906&plat=1%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fleviatanscans.com%2Fmx&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=148&bdt=674&idt=32&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=242587292157&frm=20&pv=2&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=504
Frame ID: B6534FF16DDBA0CEC11420093C972C71
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3064878007&adk=4082483822&adf=57030562&pi=t.ma~as.3064878007&w=1200&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=1&bdt=673&idt=120&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=CpMJWv7tim&p=https%3A//leviatanscans.com&dtd=512
Frame ID: 9C47675C0EC9B61F310C6E2088FDC54C
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=3079630965&adf=1996529579&pi=t.ma~as.8517528668&w=1110&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=2&bdt=673&idt=129&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeE%7C&abl=NS&pfx=0&cms=2&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=rVQVJPiktD&p=https%3A//leviatanscans.com&dtd=550
Frame ID: 9F6BC79C1A843E9777E01B9AB64892AE
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7913044002918072&output=html&h=90&slotname=www.leviatanscans.com&adk=2326191791&adf=2974420697&pi=t.ma~as.www.leviatanscans.c_&w=728&lmt=1640876906&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=7&bdt=673&idt=182&shv=r20211207&mjsv=m202112060101&ptt=5&saldr=sa&abxe=1&prev_fmts=0x0%2C1200x280%2C1110x280&nras=1&correlator=242587292157&frm=20&pv=2&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=502&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=B2y76268N8&p=https%3A//leviatanscans.com&dtd=630
Frame ID: DC739655FF83BCCDC55D4673E625354F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3406818463&adk=249225904&adf=4032207530&pi=t.ma~as.3406818463&w=1110&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=17&bdt=673&idt=242&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1110x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2335&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=eN3pPo50FQ&p=https%3A//leviatanscans.com&dtd=634
Frame ID: 22DE52A82C4AAA888E21BB258C3AECCD
Requests: 16 HTTP requests in this frame

Frame: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx
Frame ID: 4F0ABEC96455E358F1B2335B33C33C5A
Requests: 18 HTTP requests in this frame

Frame: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 13CD180F1EE10732A8A7F9F20034BC4F
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
Frame ID: 3D92BAB37E90E3F8C46C652837F219A7
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Frame ID: 7D3440EC5A55C033ED488DA21513F1D4
Requests: 9 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90
Frame ID: 22E542F17779D10F027FF405A63A6112
Requests: 1 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Frame ID: F91C955B1FE7238A8BCEAB9CB667D6BF
Requests: 4 HTTP requests in this frame

Frame: https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=41ced089-453f-4567-9a6d-4e1768a7315b
Frame ID: F97203C3222629B8DAE39E2F579BA84D
Requests: 1 HTTP requests in this frame

Frame: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=6194e37dd64d962c3c046ac4
Frame ID: FCFC288879186E7EDC9FE8D9F08F51B2
Requests: 15 HTTP requests in this frame

Frame: https://um2.eqads.com/um/cs&eq_cc=1
Frame ID: 58F4CB5CAE108024B9ED1035E531F355
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Frame ID: 5C991C573AFE8DFA9E90A3BBD84DCFF5
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Frame ID: 615F62BFA2949DAC08D756DA038023F1
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Frame ID: 1F3EFDBE5CE616F2416DD84C9E82708D
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js
Frame ID: 8F3ABC56757614BA7570B30FFAB62329
Requests: 1 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 5230A691961FBB983566E937EA062838
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 65A038FCA92E9949B36C692DB5AF35B3
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js
Frame ID: BC91C56865EFA11252DD5501102F6C6D
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js
Frame ID: 17E5C27AA059023CD8EF0A5DAF36524E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js
Frame ID: D9422CBD28BC0F78A0E76BAD0B9969B0
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js
Frame ID: 80053D500143BE0B10F973A34363BC5A
Requests: 1 HTTP requests in this frame

Frame: https://servs.modoro360.com/cookiesyncendpoint?pid=59c9148628a0612da3689288&biddername=22&auid=1640877080009-991052717804-008490-003-006045&key=e6c6ded2-b467-4d71-913c-eb56668b8895
Frame ID: D1CF325A28FDA97578DFF7454B38370B
Requests: 1 HTTP requests in this frame

Frame: https://pixel.advertising.com/ups/58246/sync?&gdpr=1&gdpr_consent=&redir=true
Frame ID: 7857EAE8AB28150B154C6BC88301BC90
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=160993&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Fservs.modoro360.com%2Fcookiesyncendpoint%3Fpid%3D59c9148628a0612da3689288%26biddername%3D1%26auid%3D1640877080009-991052717804-008490-003-006045%26key%3D
Frame ID: D13FB55BD7676099C785F1E52B70F2B1
Requests: 2 HTTP requests in this frame

Frame: https://servs.modoro360.com/cookiesyncendpoint?pid=59c9148628a0612da3689288&biddername=200&auid=1640877080009-991052717804-008490-003-006045&key=RX-10eddfa2-253c-4734-be3d-74b87e49d521-003
Frame ID: 03AB5CFCEED00B9BCCF8836B20F989BC
Requests: 1 HTTP requests in this frame

Frame: https://sync.technoratimedia.com/services?srv=cs&pid=70&uid=1640877080009-991052717804-008490-003-006045&cb=https%3A%2F%2Fservs.modoro360.com%2Fcookiesyncendpoint%3Fpid%3D59c9148628a0612da3689288%26biddername%3D3%26auid%3D1640877080009-991052717804-008490-003-006045%26key%3D%5BUSER_ID%5D
Frame ID: 29F5B569BB9129D1F101838C80C19428
Requests: 1 HTTP requests in this frame

Frame: https://ce.lijit.com/merge?pid=376385&3pid=1640877080009-991052717804-008490-003-006045&us_privacy=1---&gdpr=1&gdpr_consent=&location=https%3A%2F%2Fservs.modoro360.com%2Fcookiesyncendpoint%3Fpid%3D59c9148628a0612da3689288%26biddername%3D18%26auid%3D1640877080009-991052717804-008490-003-006045%26key%3D%5BSOVRNID%5D
Frame ID: 2ABF5A32CC4A9A61EAD8D1D9405359B7
Requests: 1 HTTP requests in this frame

Frame: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 3A7F8EE0F9488A400FB2B90EE68AA342
Requests: 16 HTTP requests in this frame

Frame: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: EADB504976541A52814DCAABF8F60BC5
Requests: 15 HTTP requests in this frame

Frame: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 109B6B8C2B928613888999770D785A2B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRDwoIKyAhiypd21ATAB&v=APEucNWH90TZd64nmVsyAU39lqGxwWC5nqlTOS8D8nIxGO_zm7nWjMbYAUw1dkjSym1f_P3B9WK40l-zt4qSAKRQe6ERzzsr-_ge79uLJlfJQwi9VIQgDsE3bbyj_myAK-6rIj7_WrH8mLVc7UAEIANy7FPtImODeyB2z4TYSiVwDtdAX7EUMIw
Frame ID: 2C809E93E84AA8FC207298888CEE6292
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C1Op8Wt-Hg9H9iWPlaTAkId0dPdrB2Asr8phFeRuitBHtRN8xZtDqkPYNfR71DELDH9rSn1IZnRJPPvE25jcx9H4dLfCbj6UsbgNBIpNSgRtbD0t_D-I8P6llla2pIPsu08tJZgYhfeehSD-h-2IVonK1nDg&cry=1&dbm_d=AKAmf-Bb849dll4wIcO5UtPfQnixaaNyRk_FvVwxwEEf53ISiA1Cz9Wh0HyRU4jHZymOF3HKx_wA4crGqTW7FwHsd98VrFbJkGrhyWKbsva7TpyqpQjmLyr0eYfVPAJInd7LsoCp0bPqw5BhXTBvQG-PKQuTT5rMdV2-JVQV2FTRLzWS2s-HOGZUAw0gfYuF6MSPElWtHBAgiNJFDdNzxT5RMlE7054NBr0du_QFjFeslTp2coJvIKZBnFZuE3u_ybJxN4a4OH3sB_jDZFhAkoGmTBb5BxKqJj4Gt1Mws-SjEvKSi09zPEbdHSSZjA0_ufCoCNslIYHqOr_5HGUHxYWzuG6zYXGO2F2j-HZGqjqp_DUZFx8_OeU-FG5A88LIZHBOH3Roj6BsqIsY1WDu2uPV8xie4RnCmXU67Rf-1iSmGFTtTIzjY2sHwEbf1l5KSSS2GbnehrLbUdH2sLWGKtkvyPqbSWO4PIk5TbyBgmB3DfewlV05XV1cdUHJ8PFKK-X6yI884dQwRW6QYtA-L9Qxj_reboQrbueIx_hBX_2ooqWEbPzPZYZJblXKHoGtKLrarkcUt8BoKLbI8E1BoFU7msAGcaknlkr_1ULHXD6xRhRLB9KKnUeAzLZ8jsS2SDK-tjSMN2SDGCTBt9U82DJQ1L4utBGQGf9TxinYIy60ruRyd6HdMmPRDuIvw2DXvMyNt32fH8QDFgNp4GLyGmdERK-r5xgLvSvv7P2V7CZGgdt0o8nlQezLNW-4u9B6_D03EwsqqRvm66H27uYZr1drxXOv0ZIwjvVnd2jE2rU5hRBJFoC-N3u7aSJbKE3Z7Rl5iWE-h-TSiSnzvTqp8ABQGH8n5z9pEsJ6BVZRRVX7WlSYXgaOyoKIrnH_KXMSccSB2bzGmRIMcjQwnDdSnyUt1o9fp6P7WMKnQwuGXzu5o1iJJ3VZyobxQ4buGqlc_jUfJzpuZV-chiRVfM0lfszQwaxC6qo4xBk2YroMpZRe_I98ZCdqDQPQUBeiLxPlhSxLe94zlT6bSeSwm61IRE9uBgWInCoP7W_QSBMCalexsyLqbMqu7NrUkbrZzrZPAd-bZ5M_LrI8w8L8CfTg1S7PR4zxLMVyqMOgQQtVSLbb14slbUp7s36mzRNlsY6hWyv4u1Nkcj8NSmEKBEc8h7wpAQUt2lnilflDNtOuiAJznPi9P71hvU-qDqj0-AAW5CkO-5ARlATKlDIKIiLCz4OKWz7TKKKIPyb1_nOV_tB84FkWcGsZ_KGS3M8krSRK7KSYVcndWluNE1XzL-i7p5xZHNk9oOttX4uqOIsWqGJc4xIwvWOfm84kxSNtSRDu2cY0YcrG8ukjajUrr9hZihI1aICXZVZN5Y5quuDBhRXemaegNr6Nx1Ecd4wYj3FcN4z2TIvyJd5D4oTxi82TesfF7U_Ik1epYmwKwinkwAr2wAyb2D_yS1glA4m0IaotvRv6S-WofUZmwTUPsV1J1a8CejH7EyYoamKgKu5k0iXvMHQ2oKEl690_DyHJddiuv-QO8zF4r9GBpbqa_2xVI7QeTsaMS41XsmfUifhGaXI3UFWeb7hqdoW8O0j5MbXc0pMw4kiUXvAvda-XtWq9jIgHzuzU3W24oGyNW2lRwqStI1uUkF8Gg_YuEv-CMRtw86pDaBsaRvpSq-_dtYoDOkfaCIU57EKmT_CTp09J3CdsYvIvKV7BSig2DS8_Mc2mu7fWMdifOBkXDhePWlpVdz38J8d1TrrtqTc559qYbLzh03-m3myA79DBSu0T5p4tPek5AVa8UScPyKHtet_hjwcV0ScKb0xcdJ1bG0LrqnQ5rgePRUjb7FJqB4PcKijk80ee76bR3U726Y_SoDVD23CaeP8PYgK9xppniK9QcGOFPBwlKrUzcdK2bL5bh69uE44Kn_7dtJtZ4JDE8OdblEPjfGP0EP9FHxgyHOpuk83hY3w5S0pg9H6iOM7AlY5Xl_ohyCwcpXFUk04Cl_bLjEYRzLk29eiCKK22JU0b8M1woIFFuoeOr-4IVkl3-pTA3Ra57rI8Shacl3H08RB7rQtiXAKDCO7degV2EJEgPeeSukm12FJk9yw-FFUg7VBCgm_9f5bjMO4jJ7-yUuWmWij-oloDhXwj-QmASJKteLurhotkuzfGvozf_aUcX0_Q1tz1lVy7q3pJ54DpqLlvJujsTq33SLD2XmAa8SZvjRUGZJKfM_hmg-mJeOlxOj-tjN1fji1TNVTngegQImcexOGmDDrjTisc8UeEBrfwpywrc054iEqC8WW_OI7cksv14Jud-UOFIu0rPf9exaHSzbeEChC7H2UzsYt9eqByXf7V7f0Uyb7ocT9eKpqEJXlB7IcuiS091UVWqn3sGxRhu5rJ2ALCVQv6JwlvIqbPMSArxVhx6aOr8M3AnBR8h3-m7HtkZt2IpmLWpnZSCY9GUAF756AWkTfvc96UbYjpahcdwYDBLEoAC9tu0W49X6h79T-09tqETjtH5PQw1M2QV_wI01ZcwfO9hSS30GBgDmYz1lGOTdiWyw2W4QwAl0btJAoR6wLuduqZpq97nQI8Xv24kGD2FSowbnHP0EBlgwpxKOiDZOv7lVigyHJGkw-zOrPiYarsAve0ROTIL2rsPCWrjrTKkROQDiwdy9LllCMl8VtEFOsLq3m-jpdpT-O77tpyh-XJkURM3K0VLB_QF53NWKIg-QaWA1nCOjD4D6Ib0D--2W58zxIWEXt0OR4KYR6Z7IL1ePnSp1uqT8mfV4B2TfS-JQXc74ZjLbIhr3Se_YGgvKOfshDXsJ8-pTYgRedU-6U1XF1ZxavARjxLEm9exh5NYt344nSSgM6PUwjtbED2Dz7vq7hVtSV-Ir384uJjEtvzQMTAow4C6nspMgzFSmYBsG_KfS30BxvipAWOKQ-iFaq54DevF7NN6q6Cw2mLF-cgAvp-VCOz2v1OmwaXLe_7uGm4MBm9uf5Rq69TAaaLUzPQUC3nHnZN8aRr0kSlpW-LoCM1HGtGkXzt0oVzaJLLfAwGb45FZkPZMqwQKUgKvejsea-U5lzdmTPl0dk4_kvYvFZIavszHFiYwNZAdg_blCiEqlmB8yly4j_ed-9tRuRmPiGpKvlQNC_ovJ-7g5LLtsuZjQUmtra2vawNg6LIauVte3QJ4QIYy6TKCJjj4fnfUlsWI-cMWkRDyheOpnv0rOAs&cid=CAASEuRo14ejpJQF4sZENfKyl-O5YA&rfl=2%2Chttps%253A%252F%252Fleviatanscans.com%252F%240
Frame ID: 2629D1F07FF6CC4CBE85CB12282387DF
Requests: 43 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICfxAEQifXSkAIYp_fQkQEwAQ&v=APEucNWSWpS9cqTgB9_h-Pb0RvqhsM7uRtcyqdCxOrwfxEVDFuMn_3nZlrbiEeULc41PhGmzdEXJkH4vnIsHkWz8vHz241O66t2GfJ9VV7WsMhlGaM78XOorSWwLQLPqG0NbXXqk3X2n0hBV7R9YPktR8hHhH7mEp4VRVaVdmdWhcsTkaWg6A2Y
Frame ID: 32CCEB4519B4E2593E43AC9E3C5A9A77
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 9370414979F52D0EC3962CCB152ED109
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: D3F7DA9B8D325F9C36C28C6F87E310B1
Requests: 9 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: CC4880B3D8626B430586B3DB9FAF8817
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 9C3C710C3BD5B941C40E9CF6CDBA805B
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/index.html
Frame ID: 99925D8EF1ED44FA4450A6B8FF9F2157
Requests: 13 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CUV8TI79&https=1&itype=CM
Frame ID: E27B108587D28F27776452457D0C5001
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CUX271X2&prvid=99%2C77%2C3018%2C4%2C246%2C10000%2C9%2C2033&purpose1=1&gdprconsent=1&gdpr=1&usp_status=0&usp_consent=1&itype=ADX
Frame ID: F28DD5077DE2E32C00541392203E0487
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 8299EB7594DCAC94613210AC1DB8C077
Requests: 9 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Frame ID: 78140F053E4AEAFA6C561C0DA824A4B8
Requests: 3 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Frame ID: 4621A1C216827A956B2B10FA1965274F
Requests: 3 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Frame ID: 63C2A47797654634C0C249FFD6B41249
Requests: 3 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Frame ID: DC7E41804F5BCF3C1A9CAB86760DCADE
Requests: 27 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Frame ID: B4FF0240E254D1BE1221AD0BF1672115
Requests: 2 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=cFJaFg4dmr64KsaKjGFx_2&gdpr_consent=undefined&us_privacy=1---
Frame ID: 9D83A8BC1FAEF27CFDD4D6EDE5FEDFF3
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 77014992F365DCCDB3A359F459119241
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: FE0F71ED683FA7DA52F69A55FE6EB63C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 14F79D0F0BA48B132DEC37D04162A0B0
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: BC46A269AD8CFC3732DDC7F8BB1BDCA0
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 9B0DEA6FC13108F99DC27BEC30A0E2B3
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: DFF41E2A114568015CFBEAD848815800
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B03D411DD9FF9C4A02A09B69F0C5B997
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/16247695484408105535/html/index.html
Frame ID: 331310A7E1E4CBDE4F2CC3BA44125111
Requests: 11 HTTP requests in this frame

Frame: data://truncated
Frame ID: EE6BFE8085170EA2AF92F9E11E8F817F
Requests: 4 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: B8D740B8C1C65004C6E8210DE30B9C5B
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Frame ID: F1EDC5B7995531DD6BFB5D9BF0F1F1BC
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 1251C8C96A248CD21DCCB02D577B6D26
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Frame ID: EDF63A13259206543DE2F9D5D83C6E53
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 6351A70DFB8259F974E566653925AB4C
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Frame ID: 13EA3E38E8AC6519DE0C39E2179D53A7
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 461ADD23649A336A8C7F64B8A7CF7867
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: A1BCBC3E619A1EB713901615C3853BF3
Requests: 3 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Frame ID: DFC8DADD7FE7052057652110DFC63341
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 630B9A62343639F0DD06BB2B8FF48E75
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Frame ID: DDDB5F5B753DF3EC2B96EA98BA6566C1
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 685E39CAE32F9CB3CF513EE217EBF64C
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Frame ID: A75F61C8600F330CD714157DA65B26D0
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 9C7F77C8AC9F4ACDCC1551F6BF10D9F1
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Frame ID: 062B7DADFB51CB2359C5E921F8976538
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 3A098BD5757CC29ECE0E8520B7417BDF
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Frame ID: CD6808E4191D14F8282C323FB2D7CCFF
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: B422DA31B545BC600574009E5CF90F77
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

LeviatanScans – Enjoy your favorite comics!

Page URL History Show full URLs

https://leviatanscans.com/ HTTP 301
https://leviatanscans.com/mx Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/
wp-embed\.min\.js\?ver=([\d.]+)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js
tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Ionicons (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+ionicons(?:\.min)?\.css

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?slick-theme\.css
(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

573
Requests

87 %
HTTPS

36 %
IPv6

78
Domains

128
Subdomains

96
IPs

9
Countries

13137 kB
Transfer

26548 kB
Size

98
Cookies

38 Outgoing links

These are links going to different origins than the main page.

URL: https://xxx.leviatanscans.com/
Title: Pornhwa

Search URL Search Domain Scan URL

URL: http://agencyorquidea.com/

Search URL Search Domain Scan URL

URL: https://www.papayads.net/?referral=leviatanscans
Title: - PapayAds Advertising -

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com//detail/mc374?utm_source=leviatanscans&utm_medium=scanlation
Title: BILIBILI

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/detail/mc56?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=website
Title: bilibili

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com//detail/mc493?utm_source=leviatanscans&utm_medium=scanlation
Title: BILIBILI

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/detail/mc153?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=website
Title: BILIBILI

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/detail/mc149?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=website
Title: BILIBILI

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/detail/mc39?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=website
Title: bilibili

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com//detail/mc27?utm_source=leviatanscans&utm_medium=scanlation
Title: BILIBILI

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/detail/mc113?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=website
Title: BILIBILI

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/detail/mc91?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=website
Title: BILIBILI

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/detail/mc95?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=website
Title: BILIBILI

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/mc153/31598?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=2021-12-30&utm_content=82
Title: 82

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/mc153/31597?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=2021-12-29&utm_content=81
Title: 81

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/mc149/21544?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=2021-12-30&utm_content=48
Title: 48

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/mc149/21543?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=2021-12-26&utm_content=47
Title: 47

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/mc39/18472?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=2021-12-30&utm_content=46
Title: 46

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/mc39/18471?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=2021-12-14&utm_content=45
Title: 45

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/mc27/15131?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=2021-12-30&utm_content=65
Title: 65

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/mc27/15130?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=2021-10-24&utm_content=64
Title: 64

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/mc113/25130?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=2021-12-30&utm_content=43
Title: 43

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/mc113/24385?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=2021-12-24&utm_content=42
Title: 42

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/mc91/33341?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=2021-12-30&utm_content=275
Title: 275

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/mc91/31651?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=2021-12-29&utm_content=274
Title: 274

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/mc95/31852?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=2021-12-30&utm_content=132
Title: 132

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/mc95/31851?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=2021-12-28&utm_content=131
Title: 131

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/mc374/34522?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=2021-12-30&utm_content=14
Title: 14

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/mc374/34521?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=2021-12-29&utm_content=13
Title: 13

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/mc56/9306?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=2021-12-30&utm_content=108
Title: 108

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/mc56/9305?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=2021-12-14&utm_content=107
Title: 107

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/mc493/35247?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=2021-12-30&utm_content=1
Title: 1

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/mc493/35246?utm_source=leviatanscans&utm_medium=scanlation&utm_campaign=2021-12-29&utm_content=0
Title: 0

Search URL Search Domain Scan URL

URL: https://discord.gg/leviatan

Search URL Search Domain Scan URL

URL: https://paypal.me/leviatanscans

Search URL Search Domain Scan URL

URL: https://patreon.com/leviatanscans

Search URL Search Domain Scan URL

URL: https://www.bilibilicomics.com/?utm_source=discord&utm_medium=leviatanscans&utm_campaign=pc
Title: BILIBILI COMICS

Search URL Search Domain Scan URL

URL: https://papayads.net/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://leviatanscans.com/ HTTP 301
https://leviatanscans.com/mx Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13

https://papayads.net/clnt/leviatanscans/v2/adtags.js HTTP 301
https://www.papayads.net/clnt/leviatanscans/v2/adtags.js

Request Chain 80

https://papayads.net/clnt/leviatanscans/v2/adtags.css HTTP 301
https://www.papayads.net/clnt/leviatanscans/v2/adtags.css

Request Chain 93

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=593116895&utmhn=leviatanscans.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=LeviatanScans%20%E2%80%93%20Enjoy%20your%20favorite%20comics!&utmhid=2052766813&utmr=-&utmp=%2Fmx&utmht=1640877078568&utmac=UA-138586448-1&utmcc=__utma%3D210982024.647145903.1640877079.1640877079.1640877079.1%3B%2B__utmz%3D210982024.1640877079.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=914877649&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-138586448-1&cid=647145903.1640877079&jid=914877649&_v=5.7.2&z=593116895 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-138586448-1&cid=647145903.1640877079&jid=914877649&_v=5.7.2&z=593116895 HTTP 302
https://www.google.co.uk/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-138586448-1&cid=647145903.1640877079&jid=914877649&_v=5.7.2&z=593116895&slf_rd=1&random=2918020321

Request Chain 138

https://ssum-sec.casalemedia.com/usermatch?s=191306&cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1

Request Chain 140

https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fpbm-usync%253Fuid%253D%2523PMUID HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fpbm-usync%253Fuid%253D%2523PMUID&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=Q0I4RTZFQzgtMjU2Qy00M0M4LTgyNzQtMDQzOTY0MTVCRTFF&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?p=60809&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fusersync%3Fpmuservalue%3D67B93125-4F73-4CE7-B889-9D4D778019AB HTTP 302
https://router.infolinks.com/dyn/usersync?pmuservalue=67B93125-4F73-4CE7-B889-9D4D778019AB

Request Chain 141

https://ib.adnxs.com/getuid?https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fapn-usync%3Fuser_id%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fapn-usync%253Fuser_id%253D%2524UID HTTP 302
https://router.infolinks.com/dyn/apn-usync?user_id=3796356488368242503

Request Chain 143

https://ups.analytics.yahoo.com/ups/58422/occ HTTP 302
https://ups.analytics.yahoo.com/ups/58422/occ?verify=true HTTP 302
https://router.infolinks.com/dyn/VR-usync?uid=y-Y4_.JvhE2uFuXpeZEnwNUl9mlkPCc8iVUVDowjc-~A

Request Chain 144

https://sync.1rx.io/usersync2/infolinks HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3848169318 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3848169318 HTTP 302
https://sync.1rx.io/usersync/tradedesk/c6d710a3-e93d-4331-be42-5db246c85db2 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-10eddfa2-253c-4734-be3d-74b87e49d521-003?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fr1-usync%3Fuid%3DRX-10eddfa2-253c-4734-be3d-74b87e49d521-003 HTTP 302
https://router.infolinks.com/dyn/r1-usync?uid=RX-10eddfa2-253c-4734-be3d-74b87e49d521-003

Request Chain 145

https://b1sync.zemanta.com/usersync/infolinks/?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fzmn-usync%3Fuid%3D__ZUID__ HTTP 302
https://router.infolinks.com/dyn/zmn-usync?uid=

Request Chain 147

https://ib.adnxs.com/getuid?https://s.cpx.to/ca.png?ref=https%253A%252F%252Fleviatanscans.com%252Fmx&pid=12306&adnxs_uid=$UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3Dhttps%25253A%25252F%25252Fleviatanscans.com%25252Fmx%26pid%3D12306%26adnxs_uid%3D%24UID HTTP 302
https://s.cpx.to/ca.png?ref=https%3A%2F%2Fleviatanscans.com%2Fmx&pid=12306&adnxs_uid=3796356488368242503

Request Chain 149

https://ad.360yield.com/server_match?r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fan-usersync%3Fuser_id%3D%7BPUB_USER_ID%7D%26partner_id%3D1531 HTTP 302
https://ad.360yield.com/ul_cb/server_match?r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fan-usersync%3Fuser_id%3D%7BPUB_USER_ID%7D%26partner_id%3D1531 HTTP 302
https://router.infolinks.com/dyn/an-usersync?user_id=e6c6ded2-b467-4d71-913c-eb56668b8895&partner_id=1531

Request Chain 150

https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true HTTP 302
https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&apid=UPbd9f6ef3-6982-11ec-95c7-028185212c26 HTTP 302
https://router.infolinks.com/dyn/outh-usync?uid=y-O2ltmGBE2uHg6z08RT91NdbXkRuLhzF2~A~UPbd9f6ef3-6982-11ec-95c7-028185212c26

Request Chain 152

https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID HTTP 307
https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID&sovrn_retry=true HTTP 307
https://router.infolinks.com/dyn/sovrn-usync?uid=72520c5b6a85ba298733ec15

Request Chain 153

https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fusersync%253Fpmuservalue%253D%2523PMUID HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NjdCOTMxMjUtNEY3My00Q0U3LUI4ODktOUQ0RDc3ODAxOUFC&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?p=60809&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fusersync%3Fpmuservalue%3D67B93125-4F73-4CE7-B889-9D4D778019AB HTTP 302
https://router.infolinks.com/dyn/usersync?pmuservalue=67B93125-4F73-4CE7-B889-9D4D778019AB

Request Chain 154

https://p.rfihub.com/cm?pub=43153&in=1 HTTP 302
https://router.infolinks.com/dyn/zeta-usync?uid=5144588519097907694

Request Chain 182

https://pbjs.e-planning.net/pbjs/1/2e43c/1/leviatanscans.com/ROS?rnd=0.5307919136729111&e=300x250_0%3A300x250%2C728x90%2C300x600%2C970x250%2C970x90%2C1024x768%2C768x1024%2C480x320%2C320x480%2C336x280%2C320x100%2C320x50%2B300x250_1%3A300x250%2C728x90%2C300x600%2C970x250%2C970x90%2C1024x768%2C768x1024%2C480x320%2C320x480%2C336x280%2C320x100%2C320x50%2B728x90_0%3A728x90%2C970x90%2C320x100&ur=https%3A%2F%2Fleviatanscans.com%2Fmx&pbv=5.20.0&ncb=1&vs=FFF&crs=UTF-8&fr=https%3A%2F%2Fleviatanscans.com%2Fmx&e_pubcid=7c56050b-b76a-4906-a7a0-5266c84e4d6c HTTP 302
https://pbjs.e-planning.net/hb/1/2e43c/1/leviatanscans.com/ROS?ct=1&r=pbjs&rnd=0.5307919136729111&e=300x250_0%3A300x250%2C728x90%2C300x600%2C970x250%2C970x90%2C1024x768%2C768x1024%2C480x320%2C320x480%2C336x280%2C320x100%2C320x50%2B300x250_1%3A300x250%2C728x90%2C300x600%2C970x250%2C970x90%2C1024x768%2C768x1024%2C480x320%2C320x480%2C336x280%2C320x100%2C320x50%2B728x90_0%3A728x90%2C970x90%2C320x100&ur=https%3A%2F%2Fleviatanscans.com%2Fmx&pbv=5.20.0&ncb=1&vs=FFF&crs=UTF-8&fr=https%3A%2F%2Fleviatanscans.com%2Fmx&e_pubcid=7c56050b-b76a-4906-a7a0-5266c84e4d6c

Request Chain 191

https://csync.loopme.me/?redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D319130%26extuid%3D%7Bdevice_id%7D HTTP 307
https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=41ced089-453f-4567-9a6d-4e1768a7315b

Request Chain 202

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Yc3MFuip2E8Nf8xyJABULgAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEMn61Oo_k9KG0sXGVcoPcuo&google_cver=1&gdpr=1

Request Chain 203

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&dcc=t

Request Chain 204

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEO5i8MyqBv0hAITaUiUjBf8&google_cver=1

Request Chain 206

https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID) HTTP 302
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ6941634792130552180&uid=Q6941634792130552180&ref=%2Feucm%2Fp%2Fcc HTTP 302
https://px.owneriq.net/noop?ct=image%2Fgif

Request Chain 208

https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=1&external_user_id=2b6-eIzs7CvCu7l63OrwKNq27CTC7uQuje7o7dPL

Request Chain 215

https://um2.eqads.com/um/cs HTTP 302
https://um2.eqads.com/um/cs&eq_cc=1

Request Chain 218

https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B26373433.312536450;dc_trk_aid=505350903;dc_trk_cid=157069137;ord=4031216360;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B26373433.312536450;dc_pre=CPO6vrvni_UCFRrruwgdro8AHw;dc_trk_aid=505350903;dc_trk_cid=157069137;ord=4031216360;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=

Request Chain 257

https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B26373433.312536450;dc_trk_aid=505350903;dc_trk_cid=156847799;ord=2330378574;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B26373433.312536450;dc_pre=CMK_1Lvni_UCFfbIuwgdnrILYA;dc_trk_aid=505350903;dc_trk_cid=156847799;ord=2330378574;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=

Request Chain 289

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 291

https://ad.360yield.com/server_match?partner_id=1581&r=https%3A%2F%2Fservs.modoro360.com%2Fcookiesyncendpoint%3Fpid%3D59c9148628a0612da3689288%26biddername%3D22%26auid%3D1640877080009-991052717804-008490-003-006045%26key%3D%7BPUB_USER_ID%7D HTTP 302
https://servs.modoro360.com/cookiesyncendpoint?pid=59c9148628a0612da3689288&biddername=22&auid=1640877080009-991052717804-008490-003-006045&key=e6c6ded2-b467-4d71-913c-eb56668b8895

Request Chain 294

https://sync.1rx.io/usersync2/rmpssp?sub=aniview&redir=https%3A%2F%2Fservs.modoro360.com%2Fcookiesyncendpoint%3Fpid%3D59c9148628a0612da3689288%26biddername%3D200%26auid%3D1640877080009-991052717804-008490-003-006045%26key%3D%5BRX_UUID%5D HTTP 302
https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-10eddfa2-253c-4734-be3d-74b87e49d521-003&rndcb=4361240654 HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=adconductor&user_id=RX-10eddfa2-253c-4734-be3d-74b87e49d521-003&rndcb=4361240654 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=adconductor&bsw_param=fbf77986-0b88-4928-a681-9a4466aae365&google_hm=ZmJmNzc5ODYtMGI4OC00OTI4LWE2ODEtOWE0NDY2YWFlMzY1 HTTP 302
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEKjZfKwDDVdOI3hkMKo_zsg&google_cver=1&ssp=adconductor&bsw_param=fbf77986-0b88-4928-a681-9a4466aae365 HTTP 302
https://sync.1rx.io/usersync/bidswitch/fbf77986-0b88-4928-a681-9a4466aae365?gdpr=&gdpr_consent= HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-10eddfa2-253c-4734-be3d-74b87e49d521-003?redir=https%3A%2F%2Fservs.modoro360.com%2Fcookiesyncendpoint%3Fpid%3D59c9148628a0612da3689288%26biddername%3D200%26auid%3D1640877080009-991052717804-008490-003-006045%26key%3DRX-10eddfa2-253c-4734-be3d-74b87e49d521-003 HTTP 302
https://servs.modoro360.com/cookiesyncendpoint?pid=59c9148628a0612da3689288&biddername=200&auid=1640877080009-991052717804-008490-003-006045&key=RX-10eddfa2-253c-4734-be3d-74b87e49d521-003

Request Chain 336

https://papayads.net/images/LOGO/logo-banners.svg HTTP 301
https://www.papayads.net/images/LOGO/logo-banners.svg

Request Chain 337

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMn61Oo_k9KG0sXGVcoPcuo&google_cver=1

Request Chain 338

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yc3MFuip2E8Nf8xyJABULgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMn61Oo_k9KG0sXGVcoPcuo&google_cver=1

Request Chain 339

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEAQl4paZ2otjzoREW8vEu-g&google_cver=1

Request Chain 340

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzc5NjM1NjQ4ODM2ODI0MjUwMw%3D%3D

Request Chain 342

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMn61Oo_k9KG0sXGVcoPcuo&google_cver=1

Request Chain 343

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yc3MFuip2E8Nf8xyJABULgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMn61Oo_k9KG0sXGVcoPcuo&google_cver=1

Request Chain 344

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEAQl4paZ2otjzoREW8vEu-g&google_cver=1

Request Chain 345

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzc5NjM1NjQ4ODM2ODI0MjUwMw%3D%3D

Request Chain 356

https://fw.adsafeprotected.com/rfw/www.googletagservices.com/829650/57301876/dcm/dcmads.js?adsafe_url=https%3A%2F%2Fleviatanscans.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fleviatanscans.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fa50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fa50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=bd&adsafe_jsinfo=,id:7f758203-ffa9-0c64-25fb-f0ff712c7c9e,c:yieedM,sl:outOfView,em:true,fr:false,thd:1,mn:app10ie,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,nbld:0,mtim:3,fm:sT5D0M6+11%7C12%7C13%7C14%7C15%7C16%7C171%7C181%7C19%7C1a1%7C1b1%7C1b21%7C1b3%7C1c%7C1d1%7C1e%7C1f1%7C1f2%7C1f3%7C1f4%7C1f5%7C1f6%7C1g11%7C1h1%7C1h2%7C1i%7C1j1%7C1j2%7C1k1*.829650-57301876%7C1k11%7C1k12%7C1l%7C1m%7C1n%7C1o%7C1p,idMap:1k1*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:32,oid:be9c9331-6982-11ec-b6ab-0634eb268b40,v:19.8.273,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://www.googletagservices.com/dcm/dcmads.js

Request Chain 368

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEP5BziN_Y1MR3srEcIH6ohs&google_cver=1&google_push=AYg5qPK20uyc7Ghm61SGw-AjTKZr2EVKXBAc3DhekLZPBu1pxSwpysBiD-UEFqZdXqJDi2qgey5j4EQooCGQG-IsVttAFV4SmVQ HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPK20uyc7Ghm61SGw-AjTKZr2EVKXBAc3DhekLZPBu1pxSwpysBiD-UEFqZdXqJDi2qgey5j4EQooCGQG-IsVttAFV4SmVQ&google_hm=KF4EeRqd5v3_yEoCkkaOZQ

Request Chain 369

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPKQOd-yVuE3DfPtWOB121Xoa6gjVva1Ma0IvgC7fsG_utM0uDI79ibpsMq0wd5Oia1CmZeFcWWvX-N-C76sEQiS2aq3aQ&google_gid=CAESEMz8enq516fPC0kWBeMJvv0&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCJmYt44GEgUI6AcQAEIASm5nb29nbGVfcHVzaD1BWWc1cVBLUU9kLXlWdUUzRGZQdFdPQjEyMVhvYTZnalZ2YTFNYTBJdmdDN2ZzR191dE0wdURJNzlpYnBzTXEwd2Q1T2lhMUNtWmVGY1dXdlgtTi1DNzZzRVFpUzJhcTNhUQ HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwSXJIbDNZRF9vN0dlSVVqd2hidXEyTjVsaGs5bkJJNUR5cjFuWDFFWld4NA==&google_push

Request Chain 372

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEF45WBsgmRePPhcMLgFtxEI&google_cver=1&google_push=AYg5qPK4NG1F6WBWqDtmX2A_fYHWiI1QdME6pkKk7t2l_uU6-b7QnWcjDnzKcnrZo7j-ipFCq6DwLxtpuZPxLe32j5Pw8-m9trk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Z7kxJU9zTOe4iZ1Nd4AZqw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPK4NG1F6WBWqDtmX2A_fYHWiI1QdME6pkKk7t2l_uU6-b7QnWcjDnzKcnrZo7j-ipFCq6DwLxtpuZPxLe32j5Pw8-m9trk

Request Chain 373

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG6AX9KyDXVewxM4Bri6F4U&google_cver=1&google_push=AYg5qPJky06NQDE25Q3kMKACjgMlOPdy3vworAg8eVuuyen0yZpfg06BVASNPEltC5wVcPXzVUB9XlLBwCFflaMQv-quPKn9DXk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hUM1VJVzAtMjUtRkZXVQ==&google_push=AYg5qPJky06NQDE25Q3kMKACjgMlOPdy3vworAg8eVuuyen0yZpfg06BVASNPEltC5wVcPXzVUB9XlLBwCFflaMQv-quPKn9DXk

Request Chain 374

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid7JqSNQ2FMTBcLUY0RJCYXUGHwpNCarbc8IKlbxb8s_rVWIOGE6qH9HLV4bYHRs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid7JqSNQ2FMTBcLUY0RJCYXUGHwpNCarbc8IKlbxb8s_rVWIOGE6qH9HLV4bYHRs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid7JqSNQ2FMTBcLUY0RJCYXUGHwpNCarbc8IKlbxb8s_rVWIOGE6qH9HLV4bYHRs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid7JqSNQ2FMTBcLUY0RJCYXUGHwpNCarbc8IKlbxb8s_rVWIOGE6qH9HLV4bYHRs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid7JqSNQ2FMTBcLUY0RJCYXUGHwpNCarbc8IKlbxb8s_rVWIOGE6qH9HLV4bYHRs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid7JqSNQ2FMTBcLUY0RJCYXUGHwpNCarbc8IKlbxb8s_rVWIOGE6qH9HLV4bYHRs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid7JqSNQ2FMTBcLUY0RJCYXUGHwpNCarbc8IKlbxb8s_rVWIOGE6qH9HLV4bYHRs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid7JqSNQ2FMTBcLUY0RJCYXUGHwpNCarbc8IKlbxb8s_rVWIOGE6qH9HLV4bYHRs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid7JqSNQ2FMTBcLUY0RJCYXUGHwpNCarbc8IKlbxb8s_rVWIOGE6qH9HLV4bYHRs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid7JqSNQ2FMTBcLUY0RJCYXUGHwpNCarbc8IKlbxb8s_rVWIOGE6qH9HLV4bYHRs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid7JqSNQ2FMTBcLUY0RJCYXUGHwpNCarbc8IKlbxb8s_rVWIOGE6qH9HLV4bYHRs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid7JqSNQ2FMTBcLUY0RJCYXUGHwpNCarbc8IKlbxb8s_rVWIOGE6qH9HLV4bYHRs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid7JqSNQ2FMTBcLUY0RJCYXUGHwpNCarbc8IKlbxb8s_rVWIOGE6qH9HLV4bYHRs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid7JqSNQ2FMTBcLUY0RJCYXUGHwpNCarbc8IKlbxb8s_rVWIOGE6qH9HLV4bYHRs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid7JqSNQ2FMTBcLUY0RJCYXUGHwpNCarbc8IKlbxb8s_rVWIOGE6qH9HLV4bYHRs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid7JqSNQ2FMTBcLUY0RJCYXUGHwpNCarbc8IKlbxb8s_rVWIOGE6qH9HLV4bYHRs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid7JqSNQ2FMTBcLUY0RJCYXUGHwpNCarbc8IKlbxb8s_rVWIOGE6qH9HLV4bYHRs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid7JqSNQ2FMTBcLUY0RJCYXUGHwpNCarbc8IKlbxb8s_rVWIOGE6qH9HLV4bYHRs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid7JqSNQ2FMTBcLUY0RJCYXUGHwpNCarbc8IKlbxb8s_rVWIOGE6qH9HLV4bYHRs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid7JqSNQ2FMTBcLUY0RJCYXUGHwpNCarbc8IKlbxb8s_rVWIOGE6qH9HLV4bYHRs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid7JqSNQ2FMTBcLUY0RJCYXUGHwpNCarbc8IKlbxb8s_rVWIOGE6qH9HLV4bYHRs

Request Chain 395

https://cm.g.doubleclick.net/pixel?cs=6&google_nid=media&google_cm=1&google_hm=MjgzODc4NjgwMDYzNTc4NzAwMFYxMA%3D%3D&google_sc=1 HTTP 302
https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESEJ0m6FVL6FsU-nhFTTtghEY&google_cver=1

Request Chain 396

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1 HTTP 302
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=c6d710a3-e93d-4331-be42-5db246c85db2

Request Chain 397

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEP5BziN_Y1MR3srEcIH6ohs&google_cver=1&google_push=AYg5qPJqDwGlC7cQh3tU--Zaz6l0oOmrx53__76Vkp93dnf-f9dYK5kqyTdnlgIonAQeGe0gPwDeJCx8UhKn7TAjRM79hBSUyG2-7g HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJqDwGlC7cQh3tU--Zaz6l0oOmrx53__76Vkp93dnf-f9dYK5kqyTdnlgIonAQeGe0gPwDeJCx8UhKn7TAjRM79hBSUyG2-7g&google_hm=KF4EeRqd5v3_yEoCkkaOZQ

Request Chain 398

https://ads.travelaudience.com/google_pixel?google_gid=CAESEA2xsJh0ZFncK-Knhu1zt7o&google_cver=1&google_push=AYg5qPITbuTH_xRLRaBcH5Ga3pHtvWoxZ2YolpfCH_9r40ZkrM7XRRkFrLTizygZzY_k-PO6m1foOu8-S2LjEAIkI4oyKdqGGMXv7w HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=DgMzkGIpSo-We58Pv-AxAw2&google_push=AYg5qPITbuTH_xRLRaBcH5Ga3pHtvWoxZ2YolpfCH_9r40ZkrM7XRRkFrLTizygZzY_k-PO6m1foOu8-S2LjEAIkI4oyKdqGGMXv7w

Request Chain 400

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEHLkN42lDKJfSxdzmi0EnFI&google_cver=1&google_push=AYg5qPIX0TffwEO1J5-88R5p9U31i392yF2ruYHKhDcucKnrSsEGWbgqaq0subS5iqDt9RPayzfzTMR7kNP4TM4ayNBixI0DBpYBmg HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPIX0TffwEO1J5-88R5p9U31i392yF2ruYHKhDcucKnrSsEGWbgqaq0subS5iqDt9RPayzfzTMR7kNP4TM4ayNBixI0DBpYBmg&google_hm=72520c5b6a85ba298733ec15

Request Chain 401

https://onetag-sys.com/sync/i,19/?google_gid=CAESEGVBorlxqgpKIRrGAdeoBvk&google_cver=1&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA

Request Chain 402

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEHDlHbRaGbLYkRfdTmZWKJw&google_cver=1&google_push=AYg5qPKDMFbf9Umls4JHm_8ZHFbMh8niSHv2kK9ipfkL8p8E6tmNpHTH1iP5wU7EBolJPpwLrf4vxVR6vPHs9yR5yFrC3DaGfeP6 HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AYg5qPKDMFbf9Umls4JHm_8ZHFbMh8niSHv2kK9ipfkL8p8E6tmNpHTH1iP5wU7EBolJPpwLrf4vxVR6vPHs9yR5yFrC3DaGfeP6&google_gid=CAESEHDlHbRaGbLYkRfdTmZWKJw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTQ1Nzc5MTMyMjQzNjg0MjAzOA%3D%3D&google_push=AYg5qPKDMFbf9Umls4JHm_8ZHFbMh8niSHv2kK9ipfkL8p8E6tmNpHTH1iP5wU7EBolJPpwLrf4vxVR6vPHs9yR5yFrC3DaGfeP6

Request Chain 403

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEHpFp6IM2oOP9S0V9OiJFJ4&google_cver=1&google_push=AYg5qPK0EejUFfEHAOGodti292why4Q9anepYMwkYasxWhP6fgMCK6Zq6W7XddbZvmrD64vgn-6dcaBuh5JGThF1Tfwzyb1dR7oosew HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1laTc1Vl9oRTJ1RUJ3MTBraXgyRmlUZGc1Nm1RTjlmcX5B&google_push=AYg5qPK0EejUFfEHAOGodti292why4Q9anepYMwkYasxWhP6fgMCK6Zq6W7XddbZvmrD64vgn-6dcaBuh5JGThF1Tfwzyb1dR7oosew

Request Chain 431

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEP5BziN_Y1MR3srEcIH6ohs&google_cver=1&google_push=AYg5qPIpu7yq59bZwkOH1YYkFnJAYz0oV5QOTGqJ2MCXXJKsJJxge0Dtu6D_HXo9ZAkM6XpGaAByl8cnUXuFgKRJhxzHXYsxiKVvZw HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPIpu7yq59bZwkOH1YYkFnJAYz0oV5QOTGqJ2MCXXJKsJJxge0Dtu6D_HXo9ZAkM6XpGaAByl8cnUXuFgKRJhxzHXYsxiKVvZw&google_hm=KF4EeRqd5v3_yEoCkkaOZQ

Request Chain 432

https://d.agkn.com/pixel/2175/?google_gid=CAESEMp2zgTJFlyexCnJi_ec7yc&google_cver=1&google_push=AYg5qPJuGEG0T2Z9dkhETc4HMdAaAAubGGnyHvjcgh0pWbhUyCW6MrBjH2g0ao8fj6Gcit4kXOX2-S1LLRZk0nfDUsJupCeRtjSK HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPJuGEG0T2Z9dkhETc4HMdAaAAubGGnyHvjcgh0pWbhUyCW6MrBjH2g0ao8fj6Gcit4kXOX2-S1LLRZk0nfDUsJupCeRtjSK&google_hm=Q0FFU0VNcDJ6Z1RKRmx5ZXhDbkppX2VjN3lj

Request Chain 433

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPJEayHjLWet8S1eYGsoeBhxccliHTT_M4qbABHaMu5Sg2ugNRYVcz23qU7_V7NhxtFiL31QOQHExWGOZEdN7mlAwmyWh6xGBQ&google_gid=CAESEIPGos1Rll1ReUoXxk-rpHc&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPJEayHjLWet8S1eYGsoeBhxccliHTT_M4qbABHaMu5Sg2ugNRYVcz23qU7_V7NhxtFiL31QOQHExWGOZEdN7mlAwmyWh6xGBQ&google_gid=CAESEIPGos1Rll1ReUoXxk-rpHc&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMzAxNTExMjIwMDAxNTk2OTQyMjY1Mg%3D%3D&google_push=AYg5qPJEayHjLWet8S1eYGsoeBhxccliHTT_M4qbABHaMu5Sg2ugNRYVcz23qU7_V7NhxtFiL31QOQHExWGOZEdN7mlAwmyWh6xGBQ

Request Chain 434

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEF45WBsgmRePPhcMLgFtxEI&google_cver=1&google_push=AYg5qPJnp6AlweZrrINIjGEHrWitAh-YWyDfQAwpMlBw9YHKykuegfGgdnn8oIy_5f0XKVKeVFWQM-8T5-1EhA7RqNy-eRpg0epnXQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Z7kxJU9zTOe4iZ1Nd4AZqw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJnp6AlweZrrINIjGEHrWitAh-YWyDfQAwpMlBw9YHKykuegfGgdnn8oIy_5f0XKVKeVFWQM-8T5-1EhA7RqNy-eRpg0epnXQ

Request Chain 435

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG6AX9KyDXVewxM4Bri6F4U&google_cver=1&google_push=AYg5qPJbKzkyy0iHAefE9lFXY_HAWWbtYIh6LcWrtR3gAsvOjl7jmS7-ND9IlQ-jY5Oycv6B_oyajJX2ugybXg1v_NoKylx_K98v HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hUM1VKRkgtNi01OU1I&google_push=AYg5qPJbKzkyy0iHAefE9lFXY_HAWWbtYIh6LcWrtR3gAsvOjl7jmS7-ND9IlQ-jY5Oycv6B_oyajJX2ugybXg1v_NoKylx_K98v

Request Chain 436

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx_9vUcTI9ytjUIretR2snqV02KSSofhTtO58oz6yEV-PXIFv3yAdHXj2GlRWpg3AyA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx_9vUcTI9ytjUIretR2snqV02KSSofhTtO58oz6yEV-PXIFv3yAdHXj2GlRWpg3AyA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx_9vUcTI9ytjUIretR2snqV02KSSofhTtO58oz6yEV-PXIFv3yAdHXj2GlRWpg3AyA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx_9vUcTI9ytjUIretR2snqV02KSSofhTtO58oz6yEV-PXIFv3yAdHXj2GlRWpg3AyA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx_9vUcTI9ytjUIretR2snqV02KSSofhTtO58oz6yEV-PXIFv3yAdHXj2GlRWpg3AyA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx_9vUcTI9ytjUIretR2snqV02KSSofhTtO58oz6yEV-PXIFv3yAdHXj2GlRWpg3AyA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx_9vUcTI9ytjUIretR2snqV02KSSofhTtO58oz6yEV-PXIFv3yAdHXj2GlRWpg3AyA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx_9vUcTI9ytjUIretR2snqV02KSSofhTtO58oz6yEV-PXIFv3yAdHXj2GlRWpg3AyA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx_9vUcTI9ytjUIretR2snqV02KSSofhTtO58oz6yEV-PXIFv3yAdHXj2GlRWpg3AyA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx_9vUcTI9ytjUIretR2snqV02KSSofhTtO58oz6yEV-PXIFv3yAdHXj2GlRWpg3AyA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx_9vUcTI9ytjUIretR2snqV02KSSofhTtO58oz6yEV-PXIFv3yAdHXj2GlRWpg3AyA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx_9vUcTI9ytjUIretR2snqV02KSSofhTtO58oz6yEV-PXIFv3yAdHXj2GlRWpg3AyA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx_9vUcTI9ytjUIretR2snqV02KSSofhTtO58oz6yEV-PXIFv3yAdHXj2GlRWpg3AyA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx_9vUcTI9ytjUIretR2snqV02KSSofhTtO58oz6yEV-PXIFv3yAdHXj2GlRWpg3AyA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx_9vUcTI9ytjUIretR2snqV02KSSofhTtO58oz6yEV-PXIFv3yAdHXj2GlRWpg3AyA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx_9vUcTI9ytjUIretR2snqV02KSSofhTtO58oz6yEV-PXIFv3yAdHXj2GlRWpg3AyA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx_9vUcTI9ytjUIretR2snqV02KSSofhTtO58oz6yEV-PXIFv3yAdHXj2GlRWpg3AyA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx_9vUcTI9ytjUIretR2snqV02KSSofhTtO58oz6yEV-PXIFv3yAdHXj2GlRWpg3AyA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx_9vUcTI9ytjUIretR2snqV02KSSofhTtO58oz6yEV-PXIFv3yAdHXj2GlRWpg3AyA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx_9vUcTI9ytjUIretR2snqV02KSSofhTtO58oz6yEV-PXIFv3yAdHXj2GlRWpg3AyA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx_9vUcTI9ytjUIretR2snqV02KSSofhTtO58oz6yEV-PXIFv3yAdHXj2GlRWpg3AyA

Request Chain 475

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fleviatanscans.com%2F&domain=leviatanscans.com&cw=1&pbt=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=4HRXsHxqY3BRTjJyWVd1Ti9jaExBM2N4WTBFUTg0cnhDQWdmdVJVN0pPRURvWC8wajZKZmdOZGg1b2VOdE9UcHB6NmtOaU4yZm14SEFLM1huTlF0NFVuMGlQazV3MG1JS3U3U1VscWJna2tLdytVQzRnSkY4dzQrSUxKUkUvN2ZxbHNmQXhsZ1BNUXNjamxubWV6bnRJaUpLd0VFVnArd3VkdjlQVzVwYjVYMFZHN0pTT2VKSUxkbUUrbEVZa1hHemZIdmdvemx0Z1V1QWFHTHhvamw2MUVtb1lMcVczM0tpRDl6QU9rTUJXcFRjbHR3PXw&cppv=2

Request Chain 500

https://gcdn.2mdn.net/videoplayback/id/83a870485b12c986/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3784040722/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/7BBFABA040AEF7BB31049B57B2E80885DD15FEDD.44A7A11797B270E091E732E0B6064CD4555E0735/key/ck2/file/file.webm?cpn=1UPPLi4rg4qd-kIe HTTP 302
https://r4---sn-aigzrner.c.2mdn.net/videoplayback/id/83a870485b12c986/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3784040722/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/631B273B82F42ABDFC20168D7687443BFC77E610.44D3669AFAA195436533B97761E65F6C8DA02B7E/key/cms1/cms_redirect/yes/mh/Yf/mip/2001:ac8:21:23:2d9::1/mm/42/mn/sn-aigzrner/ms/onc/mt/1640876692/mv/m/mvi/4/pl/48?cpn=1UPPLi4rg4qd-kIe&file=file.webm

Request Chain 510

https://discovery.demdex.net/event?d_event=imp&d_src=488828&d_site=9232428&d_creative=163390915&d_placement=323922277&d_campaign=26791043 HTTP 302
https://discovery.demdex.net/firstevent?d_event=imp&d_src=488828&d_site=9232428&d_creative=163390915&d_placement=323922277&d_campaign=26791043

573 HTTP transactions
-1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request mx Show response
leviatanscans.com/
Redirect Chain

https://leviatanscans.com/
https://leviatanscans.com/mx

110 KB
17 KB

710ms
708ms

Document
text/html

2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 511962f33eb6cbd9d5c1e1daba21c20e39bdb27007a706e208106d0c1dcb5db4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-type: text/html; charset=UTF-8
pragma: public
cache-control: max-age=3600, public
vary: Accept-Encoding,X-Forwarded-Proto
last-modified: Thu, 30 Dec 2021 15:08:26 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bNUGUoG3Z5V5AUarcl6JcJDCr8JNjd43SPyB68ev6dcauMHlpmCFwIWxvwCEy3l%2BSSb3%2B6ijnCODzEIutMtDWAjUrlEu%2Bs55bGERpuo5PLEsGby4okzQinEi%2BThNouSnWPfTNBZRlGEqGPeO2wjQ3A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6c5c332009863763-MXP
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

date: Thu, 30 Dec 2021 15:11:16 GMT
location: https://leviatanscans.com/mx
cache-control: max-age=3600
expires: Thu, 30 Dec 2021 16:11:16 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zis32UNdD0yjmkryVW7%2FwmFNhmuMIhTo0PLdMpvxFlEGqBIiv3FLSlNfimYapPtK9I0znRbv3%2FanrjKVofWJRhQbOjAFw2vQ9rhzTMh8ACWg63oV7hdCq0N8uWpH3qIh0VjZcKAtQcNPlgwPuC5Y8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 6c5c331f98963763-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
51 KB 172ms
63ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4dcae7e8aa4cc9d6b038a58e072f751ca5e8fa22fca565d17bae5c4623225808

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51805
x-xss-protection: 0
server: cafe
etag: 376870132770738383
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 15:11:17 GMT

GET
H3 200 style.min.css
leviatanscans.com/wp-includes/css/dist/block-library/ 79 KB
11 KB 137ms
136ms Stylesheet
text/css 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/css/dist/block-library/style.min.css?ver=5.8.2
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4266375
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 20 Jul 2021 17:44:36 GMT
server: cloudflare
etag: W/"60f70b84-13abe"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oc%2Bbs%2FibXIFxDbU29dqT3v7bpt0B9WsqprBbigenXlGIB6ndzUAXWmt1hhpkp14TY3YwQlrH%2FRrDr5Or8%2FxxonsFLIjtNpCDfH8RKziS0KuVLPlp7t8zciiVq7LcEyuxvcu5N3HhUM3Angf5zz5X3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 6c5c3324984859fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 shortcodes.css
leviatanscans.com/wp-content/plugins/madara-shortcodes/shortcodes/css/ 23 KB
5 KB 139ms
138ms Stylesheet
text/css 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/plugins/madara-shortcodes/shortcodes/css/shortcodes.css?ver=5.8.2
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8dfa810258dc3047b89d8d960a393beb7c231744eb54854aa0216355d2880e1c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4266375
cf-polished: origSize=27127
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 08:04:06 GMT
server: cloudflare
etag: W/"61235676-69f7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NVZBSvHYfYf%2BBeCRAIV5te1E6FOhkfP%2FKGy4jvwpovuXTDsnLZ%2F2C1dwMzsVA0tjKxRCPbsyKKZU0dcpB6zng3New1WAD0PcWQGADMLFvTQwlVZ1E1%2BqzSwIaLRnSa7%2FiCg%2Bb7QtoRLK537dXrLYDg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 6c5c3324984f59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 all.min.css
leviatanscans.com/wp-content/themes/madara/app/lib/fontawesome/web-fonts-with-css/css/ 58 KB
13 KB 73ms
72ms Stylesheet
text/css 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/app/lib/fontawesome/web-fonts-with-css/css/all.min.css?ver=5.15.3
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d87ddf917b7a1449ab45e2b8e3c98354629bdd65b6659c37e6023bbea1ce1386

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11171769
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: W/"61235442-e7d0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xfnD8QvJED9B2VtxMO08ZUnrlBi7PaDyyAz5ciGlx6uc2hQ%2FQz6G2BePV%2FLclX5L84lg37pEm80GTx11AgNwMUnAF0cZwU%2BD9z1uPOYN8Qw5pVNqQ6J%2FRICMrWj%2FadxND4HoL9HvR46dSuqHag8HpA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 6c5c3324985359fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 ionicons.min.css
leviatanscans.com/wp-content/themes/madara/css/fonts/ionicons/css/ 44 KB
8 KB 197ms
196ms Stylesheet
text/css 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/css/fonts/ionicons/css/ionicons.min.css?ver=4.5.10
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ba1b25e68d60244006d6ce251be9fb095fdc07867e47481a08b4e048dac6d0b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11171768
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:43 GMT
server: cloudflare
etag: W/"61235443-b0aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b5f3J68rm4bvQpTo38ajUQmrUfSvPzJrSCn54Civ5%2FcMpvorW2u9iwVFUSdADuF1HACXH085CivQCfwDv0rtldZu0zS76vQSdSFVdphF4WB2O%2BPAqV%2FTORRFUZ%2BZ3SqxNvhVAemVzUALjHNS8l%2FDdw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 6c5c3324985859fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 ct-icon.css
leviatanscans.com/wp-content/themes/madara/css/fonts/ct-icon/ 48 KB
9 KB 197ms
196ms Stylesheet
text/css 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/css/fonts/ct-icon/ct-icon.css?ver=5.8.2
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bdab1c3978eb230cd7809a84424a184ad363dcd802dba528615a85d2765a124f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4266375
cf-polished: origSize=59048
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: W/"61235442-e6a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FCtyfh9jTtR%2Fz21cXcldKvET9l6vyrD0fZSgIVeM2mX00R6aJ1zSNmRZ06sEPLVIzYxrxBZb8KmgtE9rTqS4FgmnxsGkSHU7B%2FYKqdyMJ8%2FUxG46EHyMfJsnxSfnOSCEr59x6FYGjDlFGkzVC0AOKw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 6c5c3324986259fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 bootstrap.min.css
leviatanscans.com/wp-content/themes/madara/css/ 158 KB
25 KB 140ms
138ms Stylesheet
text/css 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/css/bootstrap.min.css?ver=4.3.1
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2375022
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:43 GMT
server: cloudflare
etag: W/"61235443-27681"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GXdadTs%2BTJzWsWA%2FVvdSLm%2FsfcrKUaaXAB7fRXzjKfgaGRPXbCroKmT%2Fo2dr5uWpwFkxcQqzoVNcXUimE4OYBqY76Nm5MsNIISGWl4rmjD95fE4ZQQtB4nAFonA34%2FiyvVU%2BNYJ%2F25fFeVZf4zWzPA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 6c5c3324986559fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 slick.css
leviatanscans.com/wp-content/themes/madara/js/slick/ 1 KB
1 KB 256ms
254ms Stylesheet
text/css 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/js/slick/slick.css?ver=1.9.0
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21061765237c66c10b48e236063a3497c22d33629e98f8654d1a3b860fa48700

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11171768
cf-polished: origSize=1776
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: W/"61235442-6f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BmI5ivfkNqRbGYCmY50%2BRiFWdvpvLUXVEAcWktRHKFVq%2B6GeMsg9mlmExeiCcPbrBcW%2Bj0y6eqrs8I66xVeHIZOSOGzlC6qDm6TtCsLbwVmAfNc4HWC0iiK%2B%2BrEVwZpFMfJT9klHbfC636If9FNdnA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 6c5c3324986a59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 slick-theme.css
leviatanscans.com/wp-content/themes/madara/js/slick/ 2 KB
1 KB 257ms
255ms Stylesheet
text/css 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/js/slick/slick-theme.css?ver=5.8.2
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f8b0220980de4339ca04d32bc5656435847fecb3a47f2eac38e33277e18eddc8

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4266375
cf-polished: origSize=3145
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: W/"61235442-c49"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2FWKrafjqDtFzNiOuOOvGr%2FLMY71WNMu8gw9OrHKFeoAj%2BM7TyqG2IQWaUfr4jgkRRHBV7RwLgEZX6ZgG5bUW6JlaR3wfhsT1cZL2pHPMqGqAXmIYXb0WDBkkr%2Bi5i00Y7AUtspDOQplRCdD2mawfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 6c5c3324986c59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 loaders.min.css
leviatanscans.com/wp-content/themes/madara/css/ 37 KB
5 KB 257ms
255ms Stylesheet
text/css 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/css/loaders.min.css?ver=5.8.2
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e90232fa519c3b428277755817c64d59056677920763465a851275ed53cd4d0b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4266375
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:43 GMT
server: cloudflare
etag: W/"61235443-95cc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fkrY%2FfkzFhP7F1VwBffMQVwIvsdsH0SLgn5%2B%2F9JnY%2Fo2N8ofZISkkql1QjjrhEeKXqGOFHM7NqWRNJL3aCnjWlUF6I9%2Fye%2BsblMWhunN%2Beu2Rf9CqHgMwxX%2BTe9zU71UpGRbNcnTuUt0iUSmlWQViQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 6c5c3324986f59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 style.css
leviatanscans.com/wp-content/themes/madara/ 267 KB
35 KB 257ms
256ms Stylesheet
text/css 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/style.css?ver=1.6.6
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 57d6b25be8e53edfbb469bf824f2d63f1d27f9cf8be3c4a65cebd2b104e21e40

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2378619
cf-polished: origSize=327832
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: W/"61235442-50098"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iJHpsf5e4VJ%2B057HRmQtgMcrqqr3nQwK4cA3Ys65XnYUvrgs%2B86Ams%2FnXkqSE8OIbWM93nyikzo3Asiq7rY3qsXZo72IAg3om91yqq%2BKmVwW1l1es7yQXzQIyLc6q8vqNHdHvH3HP7wP9r3mvZHf%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 6c5c3324987259fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 jquery.min.js Show response
leviatanscans.com/wp-includes/js/jquery/ 87 KB
32 KB 258ms
257ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2374687
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 20 Jul 2021 17:44:35 GMT
server: cloudflare
etag: W/"60f70b83-15db1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T0qWrPwTwlSu56SD4Y0ppG6sH0r7YHhWFL9g2ZLFhohcgVAjFktXRPzImaC%2F%2BZWAQPugAXVEY7a6Hb9JN9ahb4JGD86nZWeEtKCQ4tvf5n1FgEyN4Pa47n1KHhw3IKnVZ3%2FneOxlFwgQ1sdZPSebZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3324987659fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 jquery-migrate.min.js Show response
leviatanscans.com/wp-includes/js/jquery/ 11 KB
5 KB 316ms
315ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2378619
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
server: cloudflare
etag: W/"5fb4e3fe-2bd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=goTsO1aRVy06ewQOpNpsZo0XWUC1wMwoxbYPKE%2BrFAKULIKTKQGu6m7fbtgTBiOEe%2BqpVVC1Fvw2hKH0ZDeHC%2BjvKIGRmNd1xS%2B4nq2N%2BdJ29rNpAHKrLvwDvn9FhaFAyl0kAwp7MXaz7lCyfDNiIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3324987b59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2

200

adtags.js Show response
www.papayads.net/clnt/leviatanscans/v2/
Redirect Chain

https://papayads.net/clnt/leviatanscans/v2/adtags.js
https://www.papayads.net/clnt/leviatanscans/v2/adtags.js

19 KB
4 KB

85ms
69ms

Script
application/javascript

2606:4700:3037::6815:135b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.papayads.net/clnt/leviatanscans/v2/adtags.js
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Server: 2606:4700:3037::6815:135b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 58c0760f001f9590b0b3f847f3749ea54018280191d09f7fa3960c28de9a5883

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3226
cf-polished: origSize=22766
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sun, 26 Dec 2021 23:02:47 GMT
server: cloudflare
etag: W/"58ee-5d414962df241"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BZBgY9HTi%2BTB5Wt57sPHxn6pLIuJfDTysW8taGMOjy9CtW2UpbAY8qzR%2BaHAdn18gi7Xs2ShTg2UjswutXrumXhb2H0Xut5Tmxz%2Bi6DFF88GRDUv6AVk4J6soXZWv9aK%2F6j4rRhT0IwXeLnUdk1t"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 6c5c332638ea839d-MXP
cf-bgj: minify

Redirect headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 939
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iUUIUm7GgdYQRGRCVph%2F8c25Z%2FSFADTCpm83rAC0%2FYUA%2FygsuJBxcK8dXMUl1zbWf1Ph5nagnYHB%2BndmbFx%2BuFuu5p6MXvnHz1QGXyEAf4ItN%2FPmIrpydpsl0D%2Bxla2IQd6am8Z3HQTLgwU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
location: https://www.papayads.net/clnt/leviatanscans/v2/adtags.js
cache-control: max-age=14400
cf-ray: 6c5c33258f19839d-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 logo-web.png
leviatanscans.com/wp-content/uploads/2021/03/ 14 KB
14 KB 92ms
83ms Image
image/png 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/03/logo-web.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1349ab831d930c782baf6577f44cd810053db33b587e604e2fdf959da87974e0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 21664726
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 14172
last-modified: Fri, 12 Mar 2021 05:58:37 GMT
server: cloudflare
etag: "604b030d-375c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zch4u3r8pPBEz2IM1PVBThcodlqZ4wl8cBPfnD1xn8w%2FHplwuJYdnq75IdqEBKbdXyL1eA1KxiK892WS8NvXUefQBKDaoqAiZZahc0%2BCNatlvDpnUSWRT4SX72JYLLRcdH2rXnWb%2BAbCAIY9%2Bhm4PA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e81559fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 wp-emoji-release.min.js Show response
leviatanscans.com/wp-includes/js/ 18 KB
5 KB 92ms
83ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/wp-emoji-release.min.js?ver=5.8.2
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2374686
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 20 Jul 2021 17:44:36 GMT
server: cloudflare
etag: W/"60f70b84-4705"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BTMxTpqmv%2F5l50F403BI%2BqFCCpNAcPiKQIVveHlmvAmiDzfoxJRyAdbojIrugkQ0lJj2%2FPKC7htnOuPyaj9AviDxoV3RpBUJjUAm0Sn9o9ImDpXFueaBACIsS7poxTp4OZSed2YNmW%2ByPUYbFZKadw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3326e81759fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 144 KB
51 KB 115ms
62ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4875972488010851

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e8e000114bdc17336aea3226a8fd1b001170f7371889a6f9ba4153efd32ab358

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51734
x-xss-protection: 0
server: cafe
etag: 3491243011755199959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 15:11:17 GMT

GET
H2 200 8273 Show response
tags.orquideassp.com/tag/ 676 B
1 KB 148ms
42ms Script
text/javascript 2600:9000:2250:9c00:2:e529:700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tags.orquideassp.com/tag/8273

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2250:9c00:2:e529:700:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx/1.16.1 /

Resource Hash

0dd9935552633c7a149a715988f93a54fc1b1993e2efbf6dc33d5a09d4f33f2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 7b314c2b827b3a655861e27775634208.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 2439
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
date: Thu, 30 Dec 2021 15:04:07 GMT
content-length: 676
x-xss-protection: 1; mode=block
server: nginx/1.16.1
etag: W/"2a4-o/D65pg4+RcD/llrTPjHjW6uezI"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P2
x-amz-cf-id: r6Pp94tUd0sMAbRZo0G_JlUAyd4t-2CNKQcQukYEjRKZyNSJVdn05A==

GET
H3 200 2021-08-30-14_32_18-Window.png
leviatanscans.com/wp-content/uploads/2021/08/ 182 KB
183 KB 234ms
225ms Image
image/png 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/08/2021-08-30-14_32_18-Window.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b9284626669f7ed399e7634ad018f2542b74f48fdc6f775bcd30b6326508cfa6

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6514846
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 186478
last-modified: Mon, 30 Aug 2021 07:39:53 GMT
server: cloudflare
etag: "612c8b49-2d86e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=77qeuW4pOfyVcKRgyq6Ha04ro3QRHSjLkELq3Ix8zCoUjFQP9vA0Vr73pgu4fV8w3NeRIl7d60xefTdCOVODx3MWgsb6byFKXs3zawWEHYMGStxx68w3oAIXQBGuhJy24dgjbnLQXLS0iNlwEEifJg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e81859fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 2021-12-27-10_32_46-2-Please-Spare-Me-Apprentice-BILIBILI-COMICS-1.png
leviatanscans.com/wp-content/uploads/2021/08/ 514 KB
515 KB 239ms
231ms Image
image/png 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/08/2021-12-27-10_32_46-2-Please-Spare-Me-Apprentice-BILIBILI-COMICS-1.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 524c7a16fe9ed9e4f4e22c0ce7c27610dfc12c1e63b071eb007cb6dd53f8f33f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 301188
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 526795
last-modified: Mon, 27 Dec 2021 03:03:05 GMT
server: cloudflare
etag: "61c92ce9-809cb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6t7R3n6fGWglxO8xgZ29RB%2F2hZUjskPaHLE8iLiTWPSjkAkpMZGibGy%2FkXOuzWk%2F5kxObyzk7AHylhDwwfIOmNZgHCpuJ2mn879HXvusQOnKmImQMfgWrJGOJfulEStgYTdsfZXzuSg%2FRX8KVqdrbw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e81c59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 9e9f65e922ac0afb8ffc92942eddb86da34794f7.png@300w.png
leviatanscans.com/wp-content/uploads/2021/05/ 252 KB
253 KB 303ms
294ms Image
image/png 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/05/9e9f65e922ac0afb8ffc92942eddb86da34794f7.png@300w.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8064021e39b96980da5079cd55014c355aba191e6b9a59c64c6057f868cce09d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7972961
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 258180
last-modified: Wed, 26 May 2021 07:46:49 GMT
server: cloudflare
etag: "60adfce9-3f084"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YIZK61P3TcqlvwQdstsK2IqcB9EnSgB4qQwhvxg4O86ZQWg2156kJ98EdyhJttvS7acJptoLwGi0h29%2F5TUIrI277wk4gs%2FnEh46sbzjHWmK4T%2FIlHFCUB%2FSoEG%2BkKEJq73%2FfxDhx23NbBDW0ys0Pg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e81d59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 2bfa0fd74dbd7d1b825d700579c1392751f98aec.png@300w.webp
leviatanscans.com/wp-content/uploads/2021/10/ 29 KB
30 KB 350ms
342ms Image
image/webp 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/10/2bfa0fd74dbd7d1b825d700579c1392751f98aec.png@300w.webp
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f3e04c9fd8cc7d94bfa698896ff5705dbaa829f42d480fa789a0375610aff669

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5900223
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 29772
last-modified: Sat, 23 Oct 2021 06:52:55 GMT
server: cloudflare
etag: "6173b147-744c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SzqWoC4cknHBMXgpijecWvYTbFltmXi%2FBK5mm2l8SsuQ0fDp98npRSTAMIQq0ZZO%2B8bhqln14BAB8ds0lnJpwWami2fNhm0rhvj%2BNs7c1GsydYpAGq%2FQNwfgH3OiGnnQAyGRDaR67pjTMIB96d2uMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e81e59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 16278995355217.png
leviatanscans.com/wp-content/uploads/2021/08/ 176 KB
177 KB 351ms
342ms Image
image/png 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/08/16278995355217.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6b270c38e8603e15968af9c6c63b7375d1ab3676d7de33963fdb528d47021446

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7888292
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 180632
last-modified: Mon, 02 Aug 2021 10:19:25 GMT
server: cloudflare
etag: "6107c6ad-2c198"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AFDnmg76WN%2BKY63hMs6%2B1LGs%2BYymquMAWEZk4KR6u%2FCr8N%2FEesoAd7ANR%2BYECoz1lLtIMbq6NvO3tt97nxUGDACk9ZKxxzc2w6DqDWuqS%2BIJxbcX4LZP%2FyEKeTrzdlEM6sAnby2z%2Fwq7mlxGtSaidQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e81f59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 %E4%BC%81%E4%B8%9A%E5%BE%AE%E4%BF%A1%E6%88%AA%E5%9B%BE_16267587381431.png
leviatanscans.com/wp-content/uploads/2021/07/ 208 KB
208 KB 361ms
352ms Image
image/png 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/07/%E4%BC%81%E4%B8%9A%E5%BE%AE%E4%BF%A1%E6%88%AA%E5%9B%BE_16267587381431.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 38bdfb0b449d596b8bed6f42c89ef0aeb8fb5e0f04bf2c1abc600db898da6062

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 459233
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 212762
last-modified: Tue, 20 Jul 2021 05:38:26 GMT
server: cloudflare
etag: "60f66152-33f1a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c12%2B80eoq6sxE2xEMdTo%2BNNHJ5prI3G9nIic6WE9ddq1vE30MTsNSPszeVjFXYuv4r1LJGkGNm5l1cdHRh8qOVf8OC5N%2Fkan6q1bdtzKXWgWRX5KkDrvM0R7%2FCcr6ZYWHijg3PrIkKgAuMjyMBe5bA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e82259fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 %E4%BC%81%E4%B8%9A%E5%BE%AE%E4%BF%A1%E6%88%AA%E5%9B%BE_16257314195094.png
leviatanscans.com/wp-content/uploads/2021/07/ 229 KB
230 KB 160ms
152ms Image
image/png 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/07/%E4%BC%81%E4%B8%9A%E5%BE%AE%E4%BF%A1%E6%88%AA%E5%9B%BE_16257314195094.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b4ae3dc15cc5f387deddacccab9717a81128c3743e6fe962a892163729bf199

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 279530
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 234612
last-modified: Thu, 08 Jul 2021 08:03:52 GMT
server: cloudflare
etag: "60e6b168-39474"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gOkAluBIEkFNbovzwXqFogg6l7GcmlQ9Zjx32KyRBnetjan2mnYgsNsHGfZzPjuP9%2FKT8PL9u61MYWdysb2GfkJaw9iYP%2FTxIofhA3GAmjXXd2ARwDiFyGUMlqdqVltqTjAfdgoIOo9T0HTzl%2B%2BIww%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e82559fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cd810c7385eae689ef38340e6bd8b74f2f2bae51.png@300w.webp
leviatanscans.com/wp-content/uploads/2021/12/ 26 KB
27 KB 373ms
365ms Image
image/webp 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/12/cd810c7385eae689ef38340e6bd8b74f2f2bae51.png@300w.webp
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f4ae2c5151b4caeaaf66c0e1b6f026f7416e589e8b22c52cd0f5896045ce755

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 693445
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 26904
last-modified: Wed, 22 Dec 2021 14:10:19 GMT
server: cloudflare
etag: "61c331cb-6918"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3DP8SkJBHR5c8p4W3k1cYw1%2FAMrCO9L2jYspSH6PsY7bq9q5kLpDviiyuBjTTQ8yvX6F3Hq%2FJfghMz3cNOVe9Vb2NXT%2F9vbPiuYqZnwYVzaruAW0cJisbhioUpCP1jXDFdft9KINNjdMevKjKwexZg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e82859fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 %E5%B0%8F%E9%AD%94%E5%A4%B4%E6%9A%B4%E9%9C%B2%E5%95%A61-642x320.jpg
leviatanscans.com/wp-content/uploads/2021/05/ 56 KB
56 KB 374ms
366ms Image
image/jpeg 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/05/%E5%B0%8F%E9%AD%94%E5%A4%B4%E6%9A%B4%E9%9C%B2%E5%95%A61-642x320.jpg
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9dd0267be425d440c77eaddd28c40507f18958cc78e31731857a2f43a97aef91

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
last-modified: Mon, 27 Dec 2021 03:02:30 GMT
server: cloudflare
age: 301183
etag: W/"61c92cc6-deb2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ti4GHT01OYFU0xiefcSOu8s7PTn%2FItSgC%2BA127NFi%2B6LZ%2Bu7uFfCF2Xx65RPW9QNm4yrx%2FTJA1vhbXeX7BdjEmqGTsncUFkOqwREFkU93I2Rxg4TYsigCQI7nOTqEluUkYw46kKLWKHKOjJaooqXhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6c5c3326e82a59fb-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 169dc158e2162d8ee5e7698e0a5aa2e4990ed2f4.png@300w.webp
leviatanscans.com/wp-content/uploads/2021/12/ 29 KB
30 KB 375ms
367ms Image
image/webp 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/12/169dc158e2162d8ee5e7698e0a5aa2e4990ed2f4.png@300w.webp
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3879ad6a59cfc1221137bff90eedba00bd9b9450f4732da52f55186f8c946a9a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 118026
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 30048
last-modified: Wed, 29 Dec 2021 05:47:19 GMT
server: cloudflare
etag: "61cbf667-7560"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d2mDxaBTpV04Lq6uAgsNok4bPlFgIAxV2RPj%2BnlOE5Xl%2BtQTgZW%2FIcDx1RB5qp%2BFaMCi0Y1TrZNL0VGyyySgeQ%2Fy%2F0QjFSGiaAISsqxnImpnbpjiHA0MkAprGn0rOccFGmnSMFPRmAxiJgLZTnhaTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e82d59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 2021-08-30-14_32_18-Window-175x238.png
leviatanscans.com/wp-content/uploads/2021/08/ 81 KB
82 KB 376ms
368ms Image
image/png 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/08/2021-08-30-14_32_18-Window-175x238.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b6a3f071a1a3b0e093861f3cf35921926aa10ccce5b4c59c609a19808083fc30

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6514846
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 83110
last-modified: Mon, 30 Aug 2021 07:39:54 GMT
server: cloudflare
etag: "612c8b4a-144a6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w3frDcsvB4RndhCid%2FDj6s2B1zkQu8uv67ycyQwx3KGxSWerDN3cT4sLu%2FpGwDP5OoGCRqTaH%2Frvk47h7A4Mmi6FlF%2F2bP6rCmMeJmL4VFENyYWIJzK4%2FUE0qB2Imdvr%2Biv9Q%2Fj%2BtRv691uWdMHr9w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e82e59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 2021-12-27-10_32_46-2-Please-Spare-Me-Apprentice-BILIBILI-COMICS-1-175x238.png
leviatanscans.com/wp-content/uploads/2021/08/ 75 KB
76 KB 379ms
371ms Image
image/png 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/08/2021-12-27-10_32_46-2-Please-Spare-Me-Apprentice-BILIBILI-COMICS-1-175x238.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8b1b9a885cbf0376883df89b5edc39b85021d79a21b15250c5abc4f902c9dfc8

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 301188
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 76677
last-modified: Mon, 27 Dec 2021 03:03:10 GMT
server: cloudflare
etag: "61c92cee-12b85"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P2IjzN9p3kdqA8yQdX5Tb6GOtZ06L0al9Ai4hI2oT%2Bz6oaTyLoRpGUL8fw6Ma9KsDFIGZ2Zb7wTuxLR3larvHurYpk1yO%2B7gEetNcCZN4bQ6r8Dns8NFRaTHB7mkqMdZo7BCouCUrJHbcFABy7FPOg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e82f59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 9e9f65e922ac0afb8ffc92942eddb86da34794f7.png@300w-175x238.png
leviatanscans.com/wp-content/uploads/2021/05/ 98 KB
99 KB 382ms
374ms Image
image/png 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/05/9e9f65e922ac0afb8ffc92942eddb86da34794f7.png@300w-175x238.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ff45556f52496aea6da8eb81814a2f6b621faf43d5d3e5dc8c27da42d68905c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7977210
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 100366
last-modified: Wed, 26 May 2021 07:46:51 GMT
server: cloudflare
etag: "60adfceb-1880e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Lgxxh%2BBV%2FNoFmTWG%2BhyXA6r7edOMXcljZcI1dnv508T1QXTLdiROH%2FLFWJcQmHIAFve9kd6hcMXxLXgKxwwuEYst09gJOKxu8qY3TryvZ8nPxrAYH0Lyw%2FxaNYAAZ0AfXIhXysvtxomU4M8SyJVCA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e83159fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 2bfa0fd74dbd7d1b825d700579c1392751f98aec.png@300w-175x238.webp
leviatanscans.com/wp-content/uploads/2021/10/ 16 KB
16 KB 406ms
398ms Image
image/webp 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/10/2bfa0fd74dbd7d1b825d700579c1392751f98aec.png@300w-175x238.webp
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ffbc206fd0668e877ea0626a10fde94f4465d77ffa15518b7a454847f8cefb6

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5899790
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 15998
last-modified: Sat, 23 Oct 2021 06:52:56 GMT
server: cloudflare
etag: "6173b148-3e7e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hU5coPp3cKpWfwSRaJx7FHxJZpLXLgZ9rqMMHwy8OZIBYRscnqLu8We0uC3W8O17H%2B17LuQ0U7C9M38uK%2FB2kX%2FM3TL28wv8JOKmVO2R9f4KVeoLpjK2xYCPPxNkJCPWX6%2BK031zLahldvEwtepZJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e83359fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 16278995355217-175x238.png
leviatanscans.com/wp-content/uploads/2021/08/ 74 KB
75 KB 409ms
401ms Image
image/png 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/08/16278995355217-175x238.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1a033e4fda51c100304d1fbceda0c9411149226516c424a36d137c5a4afc6b8

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2375021
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 75989
last-modified: Mon, 02 Aug 2021 10:19:26 GMT
server: cloudflare
etag: "6107c6ae-128d5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WmdrMrk8uYztRM5WmlGs%2BO%2FaZ2e%2BVp6fWeb2%2F87NW5wowYeI0P7CSGn8y%2FmfAZm%2BKJ7Chjv8qtKb9p%2FbWCzGk6Fu4ycvTZKqY8s0dtyu40xQYpxo8WxiJN%2Fojj%2BCLeSkN8cC7Hl0Mjr4AUOdQLYJhw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e83559fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 %E4%BC%81%E4%B8%9A%E5%BE%AE%E4%BF%A1%E6%88%AA%E5%9B%BE_16267587381431-175x238.png
leviatanscans.com/wp-content/uploads/2021/07/ 88 KB
88 KB 411ms
403ms Image
image/png 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/07/%E4%BC%81%E4%B8%9A%E5%BE%AE%E4%BF%A1%E6%88%AA%E5%9B%BE_16267587381431-175x238.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f15c9d64a512fb9023561f563f24a64597d1f91ff4efb88740537a477687254e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 459233
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 89673
last-modified: Tue, 20 Jul 2021 05:38:33 GMT
server: cloudflare
etag: "60f66159-15e49"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DD3W%2FwK5uQaBXM1YT2GS8Bjl6GQo6AW6OW3%2Bny0V4g2UBBeulg1qRTFqpVZKspGKmZtgUDpa3iT89Ub3fEnC3cw5Nxsn1Qp1SREgJxECBU4c9Q3qaSBHjWnvy7CeQj0OixG66jTECBkx9h%2FWzSJo1g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e83759fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 %E4%BC%81%E4%B8%9A%E5%BE%AE%E4%BF%A1%E6%88%AA%E5%9B%BE_16257314195094-175x238.png
leviatanscans.com/wp-content/uploads/2021/07/ 95 KB
96 KB 414ms
406ms Image
image/png 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/07/%E4%BC%81%E4%B8%9A%E5%BE%AE%E4%BF%A1%E6%88%AA%E5%9B%BE_16257314195094-175x238.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e13db9ef39321bb4b07d767962d18a0b3c38d70f210186a0258829672c6eae4

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 279527
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 97466
last-modified: Thu, 08 Jul 2021 08:03:53 GMT
server: cloudflare
etag: "60e6b169-17cba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vwO%2BWVqzSq9H4RWCrBeuuH4Q%2Bekv2E16m0y%2FfdZnPEcS20PP1e9k3M7TPVZfGP%2FHVX%2B2RtfACUMsSzzp%2BSzDLErs500y8XbSqUfwiB7%2BGmc2YnnSjOwkzb69bdeyoFmH2SnWqppsirjCO4Bm9Thtww%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e83859fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cd810c7385eae689ef38340e6bd8b74f2f2bae51.png@300w-175x238.webp
leviatanscans.com/wp-content/uploads/2021/12/ 14 KB
15 KB 419ms
411ms Image
image/webp 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/12/cd810c7385eae689ef38340e6bd8b74f2f2bae51.png@300w-175x238.webp
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79219a163e1a67750d478a2fc694a9d5b3dbb3ff609acd4c48edb95b74635b8e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 693444
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 14214
last-modified: Wed, 22 Dec 2021 14:10:19 GMT
server: cloudflare
etag: "61c331cb-3786"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oRdeEpHR6xKhEb3FjJWHEzru2%2B1S7PxVz0x2BleEpaMrf8Glb3eXo4OFC4MRNSavjYOtH5o8Ga2IiRuXAMw3QRcAjhfsZwQmHkBfEqSzjHEK5MU7E3bc11M9%2B%2BVam6%2B9AcO7G%2BedFEAajW8FFgf1dw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e83b59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cover-_NJACBV-175x238.png
leviatanscans.com/wp-content/uploads/2021/03/ 85 KB
86 KB 420ms
412ms Image
image/png 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/03/cover-_NJACBV-175x238.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36f7e89cb79ed00bb3eb43644501e42b98563e123c2144542adde59a40e3229b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2327783
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 87361
last-modified: Fri, 12 Mar 2021 22:41:42 GMT
server: cloudflare
etag: "604bee26-15541"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z89aIEAe1XStOr7zAi7aaddVop4MXgbxFmebvOs7wOoqnU7vFDNHCj11ySE7MN8J6dXXy7RLg%2Ba2jKhwwkh4ilndZVjpjgxYCECEp1q4LG9D2IBekc%2BwLB%2B7wNdxKfAxHXbikvcxCyshUkrTa7TuSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e83d59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 %E5%B0%8F%E9%AD%94%E5%A4%B4%E6%9A%B4%E9%9C%B2%E5%95%A61-175x238.jpg
leviatanscans.com/wp-content/uploads/2021/05/ 14 KB
15 KB 422ms
414ms Image
image/jpeg 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/05/%E5%B0%8F%E9%AD%94%E5%A4%B4%E6%9A%B4%E9%9C%B2%E5%95%A61-175x238.jpg
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 471f01c34b1e740437d004fec57ed495c7a681c9ef891f2bfd25ef5c3ac92c9b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
last-modified: Mon, 27 Dec 2021 03:02:30 GMT
server: cloudflare
age: 301188
etag: W/"61c92cc6-39a4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w9IxqP8a1xhkg%2FFoHTcARIRlveVvO%2Fau3e1lMrp3WKeJIaUdxvZN6y2tofmrDmosgtnRSSO786YMcu0FNOY3XHklD2COrJvRtDg5nJplIyyVXVmPg3I5XyXXfVQ2GItdBFxC%2F5UI6NUlZE5kMVe%2FwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6c5c3326e83e59fb-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 169dc158e2162d8ee5e7698e0a5aa2e4990ed2f4.png@300w-175x238.webp
leviatanscans.com/wp-content/uploads/2021/12/ 15 KB
16 KB 424ms
417ms Image
image/webp 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/12/169dc158e2162d8ee5e7698e0a5aa2e4990ed2f4.png@300w-175x238.webp
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c97860d29f00345ddfb445f4bbed66944543e7f2f5ed8bb13efc0b733f932275

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 113801
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 15460
last-modified: Wed, 29 Dec 2021 05:47:19 GMT
server: cloudflare
etag: "61cbf667-3c64"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=okVMKth8s8hIXMHHk8W5PyitXYJ3JPCu%2Fq0mIfKIX%2BHVSZKJl4HsBv1is7TIPs5hRCKXAIzQztONCtftRob%2By%2B1277N%2F3OE05hC%2BsUJaTiqj3ZHSxGa8x4kN7auuycmMiDKwgrshzMSrzokTDfXYcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e83f59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cover_TON-175x238.png
leviatanscans.com/wp-content/uploads/2021/09/ 79 KB
80 KB 425ms
417ms Image
image/png 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/09/cover_TON-175x238.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 333465e950f24e693b6db299b91cab42ddafd843df1e6b5deee195f70718ffa3

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9117134
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 80945
last-modified: Thu, 16 Sep 2021 02:34:53 GMT
server: cloudflare
etag: "6142ad4d-13c31"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kMkAZmy1N7fI56hOaRaDby5wxlvmlKMVnJgVm%2B%2FdMwMGqthmCBFEKVn15mB%2BTBHBdhplhali1gNVRfJoCNOQ5q%2FMVDZLOu4REKL4bRj35nQLrQiDHCluUhH23bjSjhdd0ezcgPSi6B%2BAERkCrfZPjg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e84159fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cover-_NJACBV-110x150.png
leviatanscans.com/wp-content/uploads/2021/03/ 38 KB
39 KB 429ms
421ms Image
image/png 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/03/cover-_NJACBV-110x150.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 77e72e51aef1579d0409c964961d5cb4387d3d7d534811ed0a109d7515abe7c5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 36835
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 38884
last-modified: Fri, 12 Mar 2021 22:41:41 GMT
server: cloudflare
etag: "604bee25-97e4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qz6Lq0TYbIBDE2Y0eot%2BXOBVynO4vxf0PeJStKHyjXlccoN46cwfuUNma18Uh7Shppcb%2FcPcJkCrPXmnHdGGk7z1IxpkQHoXkVUEc7RbgjpSZTOjMxt5QOXMkEQoTjsnXT2IXqyoX4OpWkORP4gXVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e84359fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cover_TON-110x150.png
leviatanscans.com/wp-content/uploads/2021/09/ 36 KB
37 KB 430ms
422ms Image
image/png 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/09/cover_TON-110x150.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0bf74a88811811537ba7380098101b20fc5ae09de696bd2d04b3b308dbc2b8f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 36835
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 36926
last-modified: Thu, 16 Sep 2021 02:34:52 GMT
server: cloudflare
etag: "6142ad4c-903e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GJVWXq8Sk21MGYwAgChRK4FwzKui9TEZrzUINI%2BiiOfhh405P3wWlxS9upbHMqNuy2XHekWsc23xA%2F7rjFCgX%2BmeSfOGYjlSrYGCvpvDoR5Q0YXkE4UdLy3kdEoIM%2BATSv%2FVZQzjLhEaXcxwJ9WGVg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e84559fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 Chronicles-of-Heavenly-Demon-110x150.jpg
leviatanscans.com/wp-content/uploads/2021/12/ 8 KB
9 KB 430ms
423ms Image
image/jpeg 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/12/Chronicles-of-Heavenly-Demon-110x150.jpg
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6bdcc96931d474500b0423a364465a1b58bfb0f9fc4e602f27ebc55a107a219e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
last-modified: Mon, 13 Dec 2021 04:49:20 GMT
server: cloudflare
age: 63188
etag: W/"61b6d0d0-1f8c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q%2B0Mp%2B6io%2BhYXX56i7jZRD4ZoXye331Xjtk%2Fq0XjeQtpfCjWV85Eo0kOE4F4c8N3TrqrQLP8dgWfAuTK%2Fm%2FALERcOH1UCZoit9VqqhHGcNI%2Byod%2Bx3mUrDRhIhQCPXMhaacMAYvGIVrDRtyD4oX1Ow%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6c5c3326e84659fb-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cover-_VH-110x150.png
leviatanscans.com/wp-content/uploads/2021/12/ 40 KB
40 KB 431ms
423ms Image
image/png 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/12/cover-_VH-110x150.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e4f7d9088721ba3a7f7b14cd6647412ac23de131fee878971e6fa5ca22709494

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 82330
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 40744
last-modified: Tue, 07 Dec 2021 03:23:25 GMT
server: cloudflare
etag: "61aed3ad-9f28"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s2X4Qg%2BETxhLGb8QLBuIbRbIgCe4BxUUNUn7wV2r4%2FstXpb2lKoV8BtS8SZ4RNOQ6p2GojMxBtOMjdS9vMWF3tgG33%2F3vMV7k77y0%2BCFYqaxjISyjpU9E63ujVsm0EngNKJSTtgn%2BL9QwHNXWXS%2BIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e84859fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cover-_BWRA666666Y-110x150.png
leviatanscans.com/wp-content/uploads/2021/07/ 40 KB
41 KB 431ms
424ms Image
image/png 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/07/cover-_BWRA666666Y-110x150.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6748b7afb78de53a1d2d4063e4bc61b3f4d17025eb6425e1fe9ca9db3a4dccf1

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 142226
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 41119
last-modified: Wed, 21 Jul 2021 23:14:30 GMT
server: cloudflare
etag: "60f8aa56-a09f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AOk5oI60W1d8aP%2BweSNLOURA0AGrCVKsMZTZaVr%2BSADO9hfcwE3DskXHMDc8m0vcLMZ5lZ5MAfh4Q%2BDCq0l2kKRtSiFE3F4QzodBExyIfdeVNovDnqPv1Xhyh3ZeE9k2%2FX8DEg0PTDoesAWxVFl5rQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e84b59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 TSCOG-300x450px-110x150.jpg
leviatanscans.com/wp-content/uploads/2021/09/ 9 KB
9 KB 433ms
426ms Image
image/jpeg 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/09/TSCOG-300x450px-110x150.jpg
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6b6c187c63bd6211da32ae416431f5a7ca515462adc9058d703354318a8be306

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
last-modified: Tue, 26 Oct 2021 21:24:22 GMT
server: cloudflare
age: 124867
etag: W/"61787206-22c4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gR6TwsgvN5UHWw1txgcZqarZ%2FX1VzKTiu6sM5ciqo5OqAZ%2FTUXcnqhpOItkpRVw%2FWa9QLgGLfXD1%2BakrQkf9ZVOEpN%2B2lWjXD4zc7rnWlSoy7%2FtWOOWkndOcDxsZpWmwDDaPA%2Bva33UnNco3CMHAJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6c5c3326e84f59fb-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cover_BEATER-110x150.png
leviatanscans.com/wp-content/uploads/2021/07/ 34 KB
34 KB 433ms
426ms Image
image/png 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/07/cover_BEATER-110x150.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c13afbb9d9d47a05debaad19b34c45a35cb2b4d075ea00d5a5a4f28e846c6627

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 129963
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 34644
last-modified: Sat, 24 Jul 2021 23:26:29 GMT
server: cloudflare
etag: "60fca1a5-8754"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hobedmNqCtvi0OM0yxmFG3F%2BXUp7PiWsACP0%2FuRemASCkz2ZuJ1eKeSrbx7cpRY7eAQIFlkTCpBy%2BbV%2Fz%2FHTTpvBwEQklnkWgyH2eX0sUnJa4XJfXV1pNHBA9ntg8rI30mk92VcuWy47rGLikzaG3w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e85159fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cover-s2-300-450-110x150.jpg
leviatanscans.com/wp-content/uploads/2021/04/ 10 KB
11 KB 435ms
428ms Image
image/jpeg 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/04/cover-s2-300-450-110x150.jpg
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 98ddb287f732226372997f79305711a5e967604a39e322057da219fbd872af60

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
last-modified: Tue, 14 Dec 2021 15:14:46 GMT
server: cloudflare
age: 495146
etag: W/"61b8b4e6-279e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zzib%2FPrXvXPyhZxJiypNzG3z7XPreVnS6kyR2j3%2BSwZNdf3eLVPsrBz03qO2vXm%2BQ2DmhofxpgDBHuJO0L59rEjXpFNeg6sFLOZkZ9XuHdjA7FnlDPbFxOExK5xJzDWmQlnbcOdR%2BRhMkotWbUPmqA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6c5c3326e85459fb-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cover-_FCTP-110x150.png
leviatanscans.com/wp-content/uploads/2021/11/ 42 KB
43 KB 130ms
122ms Image
image/png 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/11/cover-_FCTP-110x150.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7971832c20016200a2a5f62bdc202c7132ab262a0ddc080a0f6e50164a1f8a24

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 160760
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43276
last-modified: Tue, 30 Nov 2021 03:05:50 GMT
server: cloudflare
etag: "61a5950e-a90c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1iTuXVZlhuhgFq1a8rgQPvyP5JaHRvA12rmwP6qZHJWAj6dina4%2Bhdmx%2Bs%2FhklGIxQUzsBvIfNGb3WcZldgWEw%2FefA7xsQjFJpLIgw3QUkmXLCgrw7pC7Pfd52ULNpxuDnvPVH28mGz7Nf6vViIkXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e85959fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cover-SK-110x150.png
leviatanscans.com/wp-content/uploads/2021/03/ 40 KB
41 KB 438ms
430ms Image
image/png 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/03/cover-SK-110x150.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c80ede8646cccd2166185c2bacca4b17c828b4fc7d1033f271501f8de913b705

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 169672
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 41458
last-modified: Wed, 04 Aug 2021 00:06:06 GMT
server: cloudflare
etag: "6109d9ee-a1f2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gkvHY2emfKCGC7mo4hFL%2B9YARt5YG%2Fu5O%2Bw9AYPKPU5W8RZPL80011TuYlyfuEalSZmBTKOs34gSLYgksoTyJB6JDtpArirWZEU8H30nPtlVUoS6jsqm6mkspALp5PBdUkPdlaeK89hNlxKOu4vviw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e85d59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cover-MLHWR-1-110x150.png
leviatanscans.com/wp-content/uploads/2021/03/ 37 KB
38 KB 439ms
432ms Image
image/png 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/03/cover-MLHWR-1-110x150.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f892813352e5e89309ca85164763062ec1bd8adbb8bb586c01ad4ef2df7663f4

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 175261
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 37896
last-modified: Wed, 15 Sep 2021 01:27:41 GMT
server: cloudflare
etag: "61414c0d-9408"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eWoacArabVuYD5sHDQISGxcIxp4ad6lPdrUwlAwY1%2FNmUaoKzIZkhMVlJ%2BE73ewDwrdr56Zw2%2BPJ9eTGUmA7u0nANLjWiyLLnTQMK4wDRS0PGf55LLWtAMS%2Fxq9%2BTsmTTMdALOvFqJ2mTVQQ%2BMdpsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e86159fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cover_TC-110x150.png
leviatanscans.com/wp-content/uploads/2021/07/ 40 KB
41 KB 440ms
433ms Image
image/png 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/07/cover_TC-110x150.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f60c3780b054c439575b68030d4b3b8e496c7c17f21b0ef9db25a0e80bf54640

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 217155
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 41179
last-modified: Tue, 20 Jul 2021 07:09:48 GMT
server: cloudflare
etag: "60f676bc-a0db"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h1SHP2iKA3jppST5%2BL9gCzLg%2BXcWNlY5f16lKrwBbY1lOQmxIWxHpGLOmEUS09cpU4hL%2BkekBdN7sxDxiaF%2FNYs6qhuXnn%2FHh0HxJ6SoTwGgkO%2BwpDSlXTQYJ9n2LqUmjlM%2BwX4hiS93FtC6UYzrmA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c3326e86359fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 wp-embed.min.js Show response
leviatanscans.com/wp-includes/js/ 1 KB
1 KB 77ms
77ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/wp-embed.min.js?ver=5.8.2
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4266374
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 06 Jan 2021 15:29:24 GMT
server: cloudflare
etag: W/"5ff5d754-592"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CtSmjQLINO0%2FaHDMQGBCgiYA4ToL3TB6mELNEUATvEmzNInpc%2Bk%2BEzlbM6Lz6%2FuAng3%2BAk7KCMpiuLfdxrERW8EcDwMMJLVaYLXI00PDiZkWTHUgsy6Bs2W1W2YtYeSyRUpzuoyBapLslHlW5yKb0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3326bf8d59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 comment_embed.js Show response
leviatanscans.com/wp-content/plugins/disqus-comment-system/public/js/ 878 B
1 KB 70ms
69ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=5.8.2
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60631ed8f1dfa6713ff9e30fec41786aadc477c0cac5a75dca66b5a49f76b901

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4266374
cf-polished: origSize=1232
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 27 May 2021 07:04:35 GMT
server: cloudflare
etag: W/"60af4483-4d0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Elg4NAOlaycPlVHyjCSE3CgEo6zgNShgWsoH1PYvP84Yqmw8s%2BQyLk%2BhrJZnq4XOfyjwl6Rc54Tqlf5M5ay%2FnFamcwEt7HKM5upeiYwyGP%2Bwb8WQOlxoj1UjvNZ2NqCeDy3OOiZ1115QOhygfSdCRw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3326dfbf59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 core.js Show response
leviatanscans.com/wp-content/themes/madara/js/ 375 B
883 B 164ms
162ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/js/core.js?ver=5.8.2
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e72901a5cabcc2459283aefd3cba9917b195d004afea2137b3fdb586dfc27ce3

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4266374
cf-polished: origSize=538
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: W/"61235442-21a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aGWegzez7OZCRxwuPeg6EDgchgKkgFPgaLFvyJYSVK2OZQbv5hZNehTAzAnk7%2F6Aa26Y0n3Y7WMOavWZT8EB0W9kPtlAb2%2FKqhqeLSWl2yVtXeZZpCBJSxTu%2BWy7%2B%2B0sMZIan%2F4m6kXchlxVLWYGWw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3326dfd659fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 bootstrap.min.js Show response
leviatanscans.com/wp-content/themes/madara/js/ 62 KB
16 KB 88ms
85ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/js/bootstrap.min.js?ver=4.6.0
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: edd03b96ae4ff7886406c59d7dfeeaa1b624a7da297bf2f92d0cb6b7f9633cba

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11171768
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: W/"61235442-f7eb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3eQEUj44WO4yBEoiPriQidaVOAIIFTznNJ6b6ddEqKt7MuY3zVn2Yob12g3HGHfLI0pFSIoeN3kwtcKjsdaq5QzGlGoywWG6BPr4BylJO%2B8LhK70XohSz9NAHYp3pN%2FU6cNQRqDOOMpNtVqUp6lqZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3326dfd959fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 shuffle.min.js Show response
leviatanscans.com/wp-content/themes/madara/js/ 20 KB
7 KB 213ms
209ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/js/shuffle.min.js?ver=5.3.0
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6def1bda699ef5e604dde98b184bb397b4b13483b2866ef5fb52fe3af531310b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11171768
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: W/"61235442-50f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VykNu7h%2BQzESqA46vnIIzEuZq0HIFl9MZ85eBt%2B5uQ122DUwsEHFcSGqhJhu7pVQE3YgxOAZKKKjLN%2FVR3Gdhbu5DSCFiWOR3CesSw06ZwjYxa1h5%2FM3zDIL5AvA6K4F6mJgOdZ%2FM7DABhk6rjVTCA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3326dfdc59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 imagesloaded.min.js Show response
leviatanscans.com/wp-includes/js/ 5 KB
2 KB 234ms
229ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11566513
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
server: cloudflare
etag: W/"5ee520a7-15fd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NYZQoUSW%2BVGHWV4na9WRoiNOXjjJGNt7grFZ6OYF%2FVvD0ihXIbxvMOtQGtP3RqpR2axA7dLTQZKPqPqI3QqWLCwohRLeJ3B5URycj4v8qXVQUPcwb1Ja%2BHXBO5sr5tV2uKdCydQoIW3Ip2RvGt2a6g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3326dfde59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 aos.js Show response
leviatanscans.com/wp-content/themes/madara/js/ 12 KB
5 KB 234ms
228ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/js/aos.js?ver=5.8.2
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ea0776169602aa06ca7e5f4f7455bbc86459d46ca900ed665bf9fe077c77b40b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2374686
cf-polished: origSize=12446
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: W/"61235442-309e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g45IorjvGtnUcKOBotvpkOtN9Qpb8r4AYu4qJweo0XDJCifYOXSGO3jJxksueMmaV%2BZR2OL%2FMbeRDpcR4KZ3dJeCb0eYO1RBOXcvVls7VMkWd4aUTcJqNpiNu9EnAHxrSDQpneptEbvdQ0BvFONAlw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3326dfe859fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 template.js Show response
leviatanscans.com/wp-content/themes/madara/js/ 16 KB
5 KB 163ms
156ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/js/template.js?ver=1.6.6
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3aed79010fbe2de5b979c31502c15d33e28c6565562a680f994f12e555eeca84

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2378618
cf-polished: origSize=21833
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: W/"61235442-5549"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OSQBQ0e5W1gZOhzCtRZeqycV3qnBQt6lYIrYbRNbouYGIEE2laLjw4u%2B91YJ7iXqGpbYyIP1ySudDIRW2t%2BkZSTQcudcJ%2FtJpiszIvkdOCHsHv9jZfErIPnnroNw%2BankWT22EO4MCiU89Jv1kYNF2w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3326dfeb59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 ajax.js Show response
leviatanscans.com/wp-content/themes/madara/js/ 1 KB
1 KB 234ms
227ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/js/ajax.js?ver=5.8.2
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f82ee58d2108699a11f13c771a5ae5a95bc3360928e9c462198b195f8b9b4bb

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4266374
cf-polished: origSize=2160
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: W/"61235442-870"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Icv5B9MqDGaTh%2BJcSEESxVVKEUgaVLqFNWYp99Bodam0QabDP4wps65Y0pBtx92dIGzAT89NqOFnfSglu%2BWmh6jqMz6HnnTq%2F5nuZJMr0sfCOIltgiBfJQ%2F6JZmCuF67MZ4MBtoS%2FJF24aeGYPrdFg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3326dff059fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 login.js Show response
leviatanscans.com/wp-content/plugins/madara-core/assets/js/ 7 KB
2 KB 235ms
227ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/plugins/madara-core/assets/js/login.js?ver=1.7.2
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d4b0976813afe99e70baeaef4ef1ee77ed72fb5276cce430c75141ffde9d90a8

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2569425
cf-polished: origSize=9424
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 30 Nov 2021 21:10:12 GMT
server: cloudflare
etag: W/"61a69334-24d0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JQ6fRKvBgJcwhiTUhUBWJMzv%2Bvv238ee3AmRxgVyXBHmqhC08d1Rlqui0y0egeUgM2VeMp0Zb2jLCDrVmp%2BvksLZfDgDWVlDGRkZceoJ3dAynEKt%2F7gfm39bUmysUl%2Fauc8M2OUblJYIBkVTVbNr%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3326eff859fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 slick.min.js Show response
leviatanscans.com/wp-content/plugins/madara-core/assets/slick/ 43 KB
12 KB 89ms
80ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/plugins/madara-core/assets/slick/slick.min.js?ver=5.8.2
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 357452f2a55c999ddd3afdcbce2c339d41cf7a01613d9d45ff88a753bb82f21d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4266374
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 08:03:36 GMT
server: cloudflare
etag: W/"61235658-ab69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CEUwHZlBglaFjnGIZ6Ny6gRfVa%2B1nXTACCI%2BGNJXO3%2Fg%2FXEJH75QT5tVAX8co%2FY5RVSPoqB1OIlF7O3f74vFAJjaaEpHLSgwwt5Do%2F4a0HP5BztpU6Ve2ro6Msk9NgLsSg6RuVUGAx9vkHBiXfdq8w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3326eff959fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 core.min.js Show response
leviatanscans.com/wp-includes/js/jquery/ui/ 20 KB
7 KB 90ms
81ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/jquery/ui/core.min.js?ver=1.12.1
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0cd851e5b33af0fbb354df65506da39807b998e07723f3d08aba5179fa2ed97e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11566513
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 15 Apr 2021 06:18:59 GMT
server: cloudflare
etag: W/"6077dad3-5133"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BNiDyrdT4OJpSk8u3TQbqmSGek4vN9Eb4t9ODshkuQwZsiJrSJY2lQRS8sxD6wah5Wm0hT1BdnffAVTCf1oSFF45TA0RyRRHT60qIAiKXHA%2F0th1MsT7nl8c72%2F%2BpRhjLhI79gp%2BLqzsBiXN9imrgg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3326effd59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 menu.min.js Show response
leviatanscans.com/wp-includes/js/jquery/ui/ 9 KB
4 KB 90ms
82ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/jquery/ui/menu.min.js?ver=1.12.1
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e94b12cb948d3d2eff43addf04700f8611ba383c00892652dc294a76bec2a105

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2374686
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 15 Apr 2021 06:18:59 GMT
server: cloudflare
etag: W/"6077dad3-253b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3WxNvID8tVzNueFCTui7TxKCO8%2FqkThXcg9ccyQy%2FV9%2BhL1dnajORWeEBkDzHRZcNTRMSNa%2Fe1lgcNg1t0%2FoZ5p2rsXEM81fcFN%2BaacCKqRttohcas7qtHRoZpUc5EQw7CejlhBgDSZRtYM0bM3sow%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3326e80059fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 regenerator-runtime.min.js Show response
leviatanscans.com/wp-includes/js/dist/vendor/ 6 KB
3 KB 235ms
226ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.7
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e87a1c5e24f9a7c7dcb437417f0b05b0a3c12947ce32d65c990c988a8b5ed4d7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 14071346
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 20 Jul 2021 17:44:35 GMT
server: cloudflare
etag: W/"60f70b83-1906"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DcDWJv0ZXkdEZEZdXt%2Bt%2B%2BYI2JTX0MHWDCNqd8rAnZ138vK6NGz6fjF%2BCPPIMu3JCVKnQpBvyQnplt3Kh1mDp8ZyivuITfThmosILNzS%2BF2LZBs8uLqr0nqCABvb4phEl3v1MW9XAVprIKvKgHMP%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3326e80259fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 wp-polyfill.min.js Show response
leviatanscans.com/wp-includes/js/dist/vendor/ 16 KB
7 KB 90ms
82ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 293913879d30bab7499013e935009f5183facbddd63bfc9656a859622590b80b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2374686
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 20 Jul 2021 17:44:35 GMT
server: cloudflare
etag: W/"60f70b83-4056"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iFu%2FQyfLmKp1A2njZhzeEieopQc3BFY3dd918vgn7y5aQmgdqulqZ23pIxmTCnW6QLeZvau%2FtMnYYnC1pnnUSiRqHBq3DKSFsZP4%2BJ7RPnOUJBRYczYEn640jaGf8VF1f0HJq3LtJEvXBbHtWed7Tw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3326e80559fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 dom-ready.min.js Show response
leviatanscans.com/wp-includes/js/dist/ 1 KB
1 KB 235ms
226ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/dist/dom-ready.min.js?ver=71883072590656bf22c74c7b887df3dd
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11569883
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 20 Jul 2021 17:44:35 GMT
server: cloudflare
etag: W/"60f70b83-4e9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6knmN%2FzS24sm8SAJyYZ6RYbnxJt%2B8Rdoy7qrTk4Iq8cqhYH80dRFiBwSzjUV14pWgxE0xgxvpJHdXvAc%2Fa1eNAOzoEIpYZpy%2FEy5aT6EbruCfPhJ%2BP%2Frp2hF6ZTm9XfFK6wVBGcze0kCqhISMdP4xQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3326e80859fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 hooks.min.js Show response
leviatanscans.com/wp-includes/js/dist/ 5 KB
2 KB 91ms
82ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/dist/hooks.min.js?ver=a7edae857aab69d69fa10d5aef23a5de
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 04e6fb814fccce3a0aecb83be0bc24665cf3e6a5e993f296471a63708f63e138

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11560245
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 20 Jul 2021 17:44:35 GMT
server: cloudflare
etag: W/"60f70b83-1540"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oWX5bF7jPDDdghUQ4a5%2BTX3Az58uClFAj2FTDi3aaI717JJIzLP2Fs0nK%2BlxSSeYFHOfPUyaS8YQvIraQuH0YnE4AYDb0Fd2zX6XVi2rVPx9KaZg3gn%2Fj%2BG4ffvBNcjBuuV%2BJX8NzsBnA1WJI50U2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3326e80a59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 i18n.min.js Show response
leviatanscans.com/wp-includes/js/dist/ 10 KB
4 KB 91ms
83ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/dist/i18n.min.js?ver=5f1269854226b4dd90450db411a12b79
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dceda745a0fb58233a95eff6d10796026df6792cb960cdf675eb7b8a6750a2d2

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11566513
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 20 Jul 2021 17:44:35 GMT
server: cloudflare
etag: W/"60f70b83-268a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZbceY8ZNEc5ZlfwKlUvIcyGk443vTzPxnB4tUkihHe4%2FHoW9Pe3uu1jNJKD3jsYMmgkmfUo5ewBr2XldqCcaYxfpABbvv8kFEXsqa5pfG3R4MVXRlt4N%2FN2Zp28W6dQhSF3VW2pSt98OQMxWIEH4zg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3326e80c59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 a11y.min.js Show response
leviatanscans.com/wp-includes/js/dist/ 3 KB
2 KB 91ms
83ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/dist/a11y.min.js?ver=0ac8327cc1c40dcfdf29716affd7ac63
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: edc988f9162131dfa6d20d122013987468254662e7cdbc7565c39a5789edb6ca

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 14071346
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 20 Jul 2021 17:44:35 GMT
server: cloudflare
etag: W/"60f70b83-bc1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PmH4v27Q1NpaiZsLZqZw21FQOVdtY7NUD%2Frc%2Fc4ZMBdUp1v4%2Buroer110iUa2dpdOiq6ZohRQ91mPLIJUkc8%2FIYDGcfIqitteFB9hmKYE7YAcJFp%2BTBaFOFhKz3EeLrn16eM4o1RjS6jpb%2FX7ebJGA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3326e80e59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 autocomplete.min.js Show response
leviatanscans.com/wp-includes/js/jquery/ui/ 8 KB
4 KB 234ms
226ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/jquery/ui/autocomplete.min.js?ver=1.12.1
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 69fc7bcafee09477b13dbda32d00410bc15a3faeb3e890cc15fef46d7c84d432

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 21664726
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 20 Jan 2021 13:35:18 GMT
server: cloudflare
etag: W/"60083196-215b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2BYgElbMqurYWxSW7Yk2bsnWfk%2FRm1W8JDxZeE1donfWvtr34r6iAnp900%2BZQHD59rFZ2X6ttc7VzKUZlEi1NSQmJTE%2Bm%2FRon2%2BzEnMtuieRvHCgkoFYmIUAqegizFiEAclBxAV1G6JCrkaPY0VggA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3326e81059fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 script.js Show response
leviatanscans.com/wp-content/plugins/madara-core/assets/js/ 23 KB
7 KB 91ms
83ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/plugins/madara-core/assets/js/script.js?ver=1.7.1
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7081041f8eb7e8011e73de1556b636ab3627459f834f9ac532ec0928b1f2611

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2569424
cf-polished: origSize=35316
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 30 Nov 2021 21:10:12 GMT
server: cloudflare
etag: W/"61a69334-89f4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3O7Hq5CLBmKMLejNbXrhIByX5PAUqOCrLFt5l0K8SDvj6ala596HJGx9xZCsK4mGE7mYej5Vea4xaGuNT1tKXQB94k2TPCiKkaG4o%2F8EqL6RnJqETOcnrvDbV6guZ2xGmwXtT2%2FVok28MXIZO65YYw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3326e81259fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 slick.min.js Show response
leviatanscans.com/wp-content/themes/madara/js/slick/ 43 KB
12 KB 92ms
83ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/js/slick/slick.min.js?ver=1.9.0
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 357452f2a55c999ddd3afdcbce2c339d41cf7a01613d9d45ff88a753bb82f21d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11171768
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: W/"61235442-ab69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XK4H78C54xZJizDYBCtfqkShCBh2zgiOq7jW0SXh9tOCXICtWbo0k%2ByWbP6pHje47GldHkUok6Ya2ezYbSx2OZx5WFImPiAxYhECNcNjVZsQ4kArijmCVcx0Ch7r1BF%2B5YxUwdw%2F5OgPcDVwhocc5A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3326e81359fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 ct-shortcodes.js Show response
leviatanscans.com/wp-content/plugins/madara-shortcodes/shortcodes/js/ 8 KB
3 KB 234ms
226ms Script
application/javascript 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/plugins/madara-shortcodes/shortcodes/js/ct-shortcodes.js?ver=1.5.2.1
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5deff4163ad18316aaf1c5ed1aaa3a85f47051686787ab2a2211bb676bcee8a8

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/mx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 21664725
cf-polished: origSize=11264
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Fri, 12 Mar 2021 05:53:20 GMT
server: cloudflare
etag: W/"604b01d0-2c00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D1XPe9DoVd7T6QN8eViRkfEjOTw%2FlqzXOybNUzq0JsbolbrESG7%2FIms%2BRZjyg1FQ%2FEUo0obiwyIMBPgE3Pi1OaNSZHpjGi%2BdEyJQPc6RJ8ZqpWeX1NalmduWTXKP3XXx9jlVlaRnFiGOBG4YvnK4zw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 6c5c3326e81459fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 infolinks_main.js Show response
resources.infolinks.com/js/ 3 KB
2 KB 101ms
36ms Script
application/javascript 172.66.42.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/infolinks_main.js
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d38b3dfdbe84b4b2c9d369269c788a189ac4b0c8acfd10a9c4b8432771b8f081

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray: 6c5c33272a9935f5-MAN
date: Thu, 30 Dec 2021 15:11:17 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Wed, 29 Dec 2021 10:31:23 GMT
server: cloudflare
age: 2365
etag: W/"d75-5d4467077c781"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600
content-encoding: gzip
expires: Thu, 30 Dec 2021 15:31:52 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/ 276 KB
99 KB 127ms
78ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4875972488010851&plah=leviatanscans.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

725c8296434e1873a3d51020e78caa746615ba9904a478f0f1501f77c50ba936

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101810
x-xss-protection: 0
server: cafe
etag: 9080308240866129091
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 15:11:17 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/ Frame D934 11 KB
5 KB 134ms
41ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 29 Dec 2021 18:37:20 GMT
expires: Wed, 12 Jan 2022 18:37:20 GMT
content-type: text/html; charset=UTF-8
etag: 17731914101004188133
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4884
x-xss-protection: 0
age: 74037
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 144ms
45ms Script
text/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 528
date: Thu, 30 Dec 2021 15:02:29 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Thu, 30 Dec 2021 17:02:29 GMT

GET
H2 200 adRecover.js Show response
delivery.adrecover.com/42458/ 41 KB
11 KB 233ms
82ms Script
application/javascript 2606:4700::6812:353
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://delivery.adrecover.com/42458/adRecover.js
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:353 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b9a25501dfa30a3f2e95b2bd1a26a62173feb36e2d1ac7c9e1e3d4196ea019bc

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 30 Dec 2021 08:00:27 GMT
server: cloudflare
age: 24783
etag: W/"61cd671b-a2db"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=432000
cf-ray: 6c5c3327db475a13-MXP
expires: Tue, 04 Jan 2022 15:11:17 GMT

GET
H3

200

adtags.css
www.papayads.net/clnt/leviatanscans/v2/
Redirect Chain

https://papayads.net/clnt/leviatanscans/v2/adtags.css
https://www.papayads.net/clnt/leviatanscans/v2/adtags.css

412 B
873 B

72ms
72ms

Stylesheet
text/css

2606:4700:3037::6815:135b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.papayads.net/clnt/leviatanscans/v2/adtags.css
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Server: 2606:4700:3037::6815:135b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d3f245ed19e4ac51ec4433c7643b67e0d733b2ce13dcbaed2436beec05336f8

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3503
cf-polished: origSize=554
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 10 Nov 2021 15:06:31 GMT
server: cloudflare
etag: W/"22a-5d0709238d834"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CrTlbVHGz%2FPAUup0hyGsFty8lFK5%2FN5vLe%2Fkp1%2Fc0MAWPf2rLkdQ0JFFdwAHpl5xa1xOVLza8AfAoOSfXNuf1lGnsmZvor%2FxejVzN%2BFb%2BUrdMUetQewFtU6%2B67D3Z8YRXGKHTDAa2KQbvYO%2F2ERj"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 6c5c3327b9a359d7-MXP
cf-bgj: minify

Redirect headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 938
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4wdjrNXHbd0%2BkBfjq6BZEXqjL%2BC91eH4vIV2dMh1CM9%2BzqAwGovXsKCWJt9OiPr7uu7LBkWGO0x%2FcEgCXqClXLj59Cj9bTXiMOatgY6pyCfc6StGbyghrAGkXUJ9arDe46hkyOG2zZzWAXw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
location: https://www.papayads.net/clnt/leviatanscans/v2/adtags.css
cache-control: max-age=14400
cf-ray: 6c5c3327381c59d7-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H/1.1 200
OK andrearvideo.js Show response
jscdn.greeter.me/ 1 KB
2 KB 237ms
48ms Script
text/javascript 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://jscdn.greeter.me/andrearvideo.js

Requested by

Host: papayads.net
URL: https://papayads.net/clnt/leviatanscans/v2/adtags.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

map2.hwcdn.net

Software

Resource Hash

5e1374b71b229954ab22ea58320ea94050787435c50e660409e188a3ef390dab

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 15:11:17 GMT
Connection: Keep-Alive
Last-Modified: Wed, 17 Nov 2021 11:18:17 GMT
x-amz-request-id: tx0000000000000c41a40d6-0061cdc321-25d72b1f-fra1b
etag: "85911820ac41e1bfbd3c3330edbfca6a"
Vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW: 1640877077.dop237.lo4.t,1640877077.cds083.lo4.shn,1640877077.dop237.lo4.t,1640877077.cds214.lo4.c
Content-Type: text/javascript
Cache-Control: max-age=1308
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
Accept-Ranges: bytes
Content-Length: 1394

GET
H2 200 hb_313926_10240.js Show response
player.adtcdn.com/prebidlink/455799/ 416 KB
121 KB 691ms
550ms Script
application/javascript 2606:4700:3037::6815:3471
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js
Requested by: Host: papayads.net
URL: https://papayads.net/clnt/leviatanscans/v2/adtags.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:3471 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c0b16719af5d7eb578148d02b9a55da3606a3558bcbd0dad5a409e3dbae278a9

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:18 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sat, 25 Dec 2021 19:55:43 GMT
server: cloudflare
etag: W/"61c7773f-67fad"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FDzhbQTAmhO5wCwalri%2Fb0OVEC2rNC4zJ16Z14He1kzImtQMYsB4x89D6T0REF1B2O94eQOUNJfOg2gwHgsbCGj%2FShjLtdjOK4yNO3fc6MfALQrDrSx%2FoqfGcp3DobfVUllB0wmaMRHpqdwTOJ%2F1Gw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=345600
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6c5c3327bf46f91b-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Thu, 30 Dec 2021 15:26:17 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 78 KB
27 KB 167ms
55ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: papayads.net
URL: https://papayads.net/clnt/leviatanscans/v2/adtags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

2be99b99f418219be8ca7a986038e1a94c5df5b2c91a0c0d9ee35552fbb8fde8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1086 / 677 of 1000 / last-modified: 1639397097"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26915
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 30 Dec 2021 15:11:17 GMT

GET
H2 200 wrapper_hb_313926_10240.js Show response
player.adtcdn.com/prebidlink/455799/ 1 KB
1 KB 396ms
256ms Script
application/javascript 2606:4700:3037::6815:3471
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtcdn.com/prebidlink/455799/wrapper_hb_313926_10240.js
Requested by: Host: papayads.net
URL: https://papayads.net/clnt/leviatanscans/v2/adtags.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:3471 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe440bd1cc574dd938977d531976c605d6478aef0c411cd25cca10345fb7966c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 29 Dec 2021 13:36:31 GMT
server: cloudflare
etag: W/"61cc645f-41f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wIaOKgPpSY1XII3dCsIc54ndYrbCeCQgcxrNN08UE0%2BsullFrff7z95aJWuqCw80iRaNuSCRP45efBe20HFhDfvVnmnOnubvgKbFm04kgY8TfAvf2SS8S2ynqHV0C2UmnkRAoKLZ2UyE0r4wt3F4Mw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=345600
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6c5c3327bf49f91b-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Thu, 30 Dec 2021 15:26:17 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 134 KB
36 KB 171ms
57ms Script
application/javascript 18.66.109.174
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: papayads.net
URL: https://papayads.net/clnt/leviatanscans/v2/adtags.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.109.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-109-174.fra56.r.cloudfront.net
Software: Server /
Resource Hash: de80309d98405d566c6fb1912811b24c8ad3a8380f6819d26a6c1eac5cd99185

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: KuXuY5mbG6yln5YsEdf9JaPJtFF6aIqm
content-encoding: gzip
etag: 1e39d25f07f5619925357b752ab10d04
age: 546
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 0YEK6Y3NX9DY79PCV834
date: Thu, 30 Dec 2021 15:02:36 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 02d68f3a4f2a3f8967c5e021dcd7f96a.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: ttUt8fwtAFClrG9ZUp9kokBmNL4nlhJss6HJDE1bucygZQ2mwj2jvQ==

GET
H2 200 js Show response
googletagmanager.com/gtag/ 164 KB
61 KB 167ms
60ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googletagmanager.com/gtag/js?id=G-0DPYVF5JK7

Requested by

Host: papayads.net
URL: https://papayads.net/clnt/leviatanscans/v2/adtags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

872da42407b1f639ffc235a1f2cba24755b729380791390d8ecfc3b6fa95fb4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61901
x-xss-protection: 0
expires: Thu, 30 Dec 2021 15:11:17 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v9/ 8 KB
8 KB 135ms
43ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v9/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/wp-content/themes/madara/style.css?ver=1.6.6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fab32ccef85408b763c899ad7c0b910c96c76dc9ed7158ce304fdcd3c0bf8388

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Origin: https://leviatanscans.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 18:18:23 GMT
x-content-type-options: nosniff
age: 75174
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7968
x-xss-protection: 0
last-modified: Tue, 08 Oct 2019 21:22:03 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Dec 2022 18:18:23 GMT

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v9/ 8 KB
8 KB 139ms
47ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v9/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/wp-content/themes/madara/style.css?ver=1.6.6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07d2b7c2df967b7820b8ce99be3f7db1a1db5a82797826cd9a06e6489e89f71a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Origin: https://leviatanscans.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 27 Dec 2021 18:02:43 GMT
x-content-type-options: nosniff
age: 248914
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7836
x-xss-protection: 0
last-modified: Tue, 08 Oct 2019 21:22:22 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 27 Dec 2022 18:02:43 GMT

GET
H3 200 ionicons.woff2
leviatanscans.com/wp-content/themes/madara/css/fonts/ionicons/fonts/ 49 KB
50 KB 430ms
430ms Font
application/font-woff2 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/css/fonts/ionicons/fonts/ionicons.woff2?v=4.5.10-1
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/wp-content/themes/madara/css/fonts/ionicons/css/ionicons.min.css?ver=4.5.10
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d02d165cb720aec2fde78a93113a459729e0503951353f719076bc5b4a7a845

Request headers

Referer: https://leviatanscans.com/wp-content/themes/madara/css/fonts/ionicons/css/ionicons.min.css?ver=4.5.10
Origin: https://leviatanscans.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
age: 1866
etag: W/"c57c-5ca3554723e24-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V2iRdeTzU6sGkJd1Ocks31Xw6LZrHBBbrRl%2BrZiYS6Phq6PeguNeZJVwF2TW6f6ksw%2BfeLrjSfMdgI2c%2BJUD2Sdk17VqrxDC4hEetxkQwYGdaTNIBj%2FWMbrc1O2ROydmxTnoHdby7bSkE%2BUpeCjhDw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff2
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6c5c3326e86659fb-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 pxiGyp8kv8JHgFVrJJLucHtA.woff2
fonts.gstatic.com/s/poppins/v9/ 9 KB
9 KB 143ms
64ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v9/pxiGyp8kv8JHgFVrJJLucHtA.woff2

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/wp-content/themes/madara/style.css?ver=1.6.6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7930f49c4da455b5c7dd46dd4aaa7260afedf32a341da9fa5f6867cdcf4acee4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Origin: https://leviatanscans.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 07:48:57 GMT
x-content-type-options: nosniff
age: 199340
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9120
x-xss-protection: 0
last-modified: Tue, 08 Oct 2019 21:22:27 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 28 Dec 2022 07:48:57 GMT

GET
H3 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ 111 KB
39 KB 61ms
60ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: tags.orquideassp.com
URL: https://tags.orquideassp.com/tag/8273

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fa926133299509244ccefff9ae0c690190e8fba1351d539797bd2992c68500b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40130
x-xss-protection: 0
server: cafe
etag: 8117076851258941025
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 15:11:17 GMT

GET
H2 200 icon.svg
supertruco.com/ 1 KB
821 B 305ms
210ms Image
image/svg+xml 192.0.78.218
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://supertruco.com/icon.svg

Requested by

Host: tags.orquideassp.com
URL: https://tags.orquideassp.com/tag/8273

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.218 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6b54b9d51b8e7575fc6ac2e2bfd7826e021c3385b15f6e07581d58234219a3ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 19 Mar 2021 14:39:52 GMT
server: nginx
etag: W/"6054b7b8-47c"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
date: Thu, 30 Dec 2021 15:11:17 GMT
x-ac: 3.lhr _atomic_ams
expires: Thu, 06 Jan 2022 15:11:17 GMT

GET
H2

200

ga-audiences
www.google.co.uk/ads/
Redirect Chain

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=593116895&utmhn=leviatanscans.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Lev...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-138586448-1&cid=647145903.1640877079&jid=914877649&_v=5.7.2&z=593116895
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-138586448-1&cid=647145903.1640877079&jid=914877649&_v=5.7.2&z=593116895
https://www.google.co.uk/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-138586448-1&cid=647145903.1640877079&jid=914877649&_v=5.7.2&z=593116895&slf_rd=1&random=2918020321

42 B
501 B

157ms
65ms

Image
image/gif

2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-138586448-1&cid=647145903.1640877079&jid=914877649&_v=5.7.2&z=593116895&slf_rd=1&random=2918020321

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:18 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/html; charset=UTF-8
location: https://www.google.co.uk/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-138586448-1&cid=647145903.1640877079&jid=914877649&_v=5.7.2&z=593116895&slf_rd=1&random=2918020321
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pubads_impl_2021120601.js Show response
securepubads.g.doubleclick.net/gpt/ 348 KB
117 KB 117ms
66ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119476
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 09:34:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 30 Dec 2021 15:11:17 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 177 B
138 B 105ms
55ms XHR
application/json 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=leviatanscans.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

10d9b2ee6dddebff133dae0bd96c629e44810974c347081196d5a9cf215612a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 15:11:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
expires: Thu, 30 Dec 2021 15:11:17 GMT

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
311 B 47ms
47ms XHR
text/plain 18.66.109.174
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fleviatanscans.com&pubid=9f69069e-7132-4170-a8f2-2b572c005f5b
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.109.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-109-174.fra56.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 13:46:30 GMT
via: 1.1 02d68f3a4f2a3f8967c5e021dcd7f96a.cloudfront.net (CloudFront)
server: Server
age: 5086
x-cache: Hit from cloudfront
access-control-allow-origin: https://leviatanscans.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: 3fPBCRoJG6jtjdMupOg8qopYf2FgXganUSRXV-IksyIrAriwMuSk3A==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
492 B 72ms
72ms XHR
text/javascript 18.66.109.174
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fleviatanscans.com%2Fmx&pid=eLmh65TcS7QLe&cb=0&ws=1600x1200&v=7.71.1&t=2000&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-1615738069852-0%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F21797538459%2FPapayAds_LeviatanScans_TOP_Banner%22%7D%5D&pubid=9f69069e-7132-4170-a8f2-2b572c005f5b&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.109.174 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-109-174.fra56.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
via: 1.1 02d68f3a4f2a3f8967c5e021dcd7f96a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P5
x-amz-rid: G0HEMV99ZDVP15Q74476
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://leviatanscans.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: FgZtFSbnMnSKyceEiOs5o83awQEqCAavV45lDk2-Z2zG70vHK2bB7A==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 135ms
45ms XHR
application/javascript 18.66.109.174
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.109.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-109-174.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: L2_MRp8KwiUR7xIWXZFooLHRBfnaqY96
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 45648
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 22 Dec 2021 01:41:37 GMT
server: AmazonS3
date: Thu, 30 Dec 2021 02:30:30 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 0afa2d721972ae312ad1dd54e47c43cb.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: v_iJgbcoDGS9QAJJtQgxpFRRd1BmbSx57fWdsMPd2gBsbnGOCYH_1g==

GET
H3 200 new.gif
leviatanscans.com/wp-content/themes/madara/images/ 1 KB
2 KB 166ms
166ms Image
image/gif 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/themes/madara/images/new.gif
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/wp-content/themes/madara/style.css?ver=1.6.6
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc6555743d11492b02d29baa9a7c9084a5946a9507300097ca8c62dffb4fe230

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/wp-content/themes/madara/style.css?ver=1.6.6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11560245
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1417
last-modified: Fri, 12 Mar 2021 05:52:32 GMT
server: cloudflare
etag: "604b01a0-589"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=24nfpcsJ%2Bh1zizthUQzftWLgvnmLdf5XETrctOgWITGnbzd%2BmBOgnPfB8d0xL%2FnL3D7vNsU7ADTxQ7RD0YkSZPqhehkeu%2FA8EobhZDb4vBad75qoPkKvG%2FEG%2FBM52LJKTG%2F7dbihorkK2gfiIePuwA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c33289ce259fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 fa-solid-900.woff2
leviatanscans.com/wp-content/themes/madara/app/lib/fontawesome/web-fonts-with-css/webfonts/ 76 KB
77 KB 164ms
164ms Font
application/font-woff2 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/app/lib/fontawesome/web-fonts-with-css/webfonts/fa-solid-900.woff2
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/wp-content/themes/madara/app/lib/fontawesome/web-fonts-with-css/css/all.min.css?ver=5.15.3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef

Request headers

Referer: https://leviatanscans.com/wp-content/themes/madara/app/lib/fontawesome/web-fonts-with-css/css/all.min.css?ver=5.15.3
Origin: https://leviatanscans.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:17 GMT
cf-cache-status: HIT
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
age: 6870
etag: W/"13174-5ca35546f7f06-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sd37pAH%2BHHhe7RPl2O1%2BgVU1UI4MoCyT%2BP30TRa0Xv3s7NJf9zzcNN0dUYW8xQtzHEEk6eJ0VIvsf%2FF2a%2Bvp2MI6rIXFpOfaGWwcg%2BivbG7maZDUgiC3oAdk1vafaNUW2j2T6v7q58GTiKvENIJtrA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff2
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6c5c33289cf059fb-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 pxiDyp8kv8JHgFVrJJLmr19VF9eO.woff2
fonts.gstatic.com/s/poppins/v9/ 9 KB
9 KB 92ms
41ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v9/pxiDyp8kv8JHgFVrJJLmr19VF9eO.woff2

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/wp-content/themes/madara/style.css?ver=1.6.6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7ab8989fc4fdf71dad241d721ae8397c01e29c5d5b09050b16f99d0ed297dca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Origin: https://leviatanscans.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 13:31:55 GMT
x-content-type-options: nosniff
age: 524362
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9140
x-xss-protection: 0
last-modified: Tue, 08 Oct 2019 21:22:26 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 24 Dec 2022 13:31:55 GMT

GET
H2 200 ca-pub-4875972488010851 Show response
fundingchoicesmessages.google.com/i/ 80 KB
29 KB 169ms
71ms Script
application/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-4875972488010851?ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4875972488010851&plah=leviatanscans.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aa5a03d2f3559300a1cc98c9865c5f3e7e442cb1907dbe7b6f2966a1c32fc32a

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-NH0YaUx5zcotWtyUB8D3vA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'nonce-NH0YaUx5zcotWtyUB8D3vA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-NH0YaUx5zcotWtyUB8D3vA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'nonce-NH0YaUx5zcotWtyUB8D3vA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorServingWebSwitchboardHttp"
x-frame-options: SAMEORIGIN
date: Thu, 30 Dec 2021 15:11:18 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
report-to: {"group":"ContributorServingWebSwitchboardHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorServingWebSwitchboardHttp/external"}]}
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
348 B 144ms
48ms Ping
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-0DPYVF5JK7&gtm=2oec10&_p=2052766813&sr=1600x1200&ul=en-us&cid=960163704.1640877079&_s=1&dl=https%3A%2F%2Fleviatanscans.com%2Fmx&dt=LeviatanScans%20%E2%80%93%20Enjoy%20your%20favorite%20comics!&sid=1640877078&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: googletagmanager.com
URL: https://googletagmanager.com/gtag/js?id=G-0DPYVF5JK7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:18 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://leviatanscans.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 fa-brands-400.woff2
leviatanscans.com/wp-content/themes/madara/app/lib/fontawesome/web-fonts-with-css/webfonts/ 75 KB
76 KB 84ms
79ms Font
application/font-woff2 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/app/lib/fontawesome/web-fonts-with-css/webfonts/fa-brands-400.woff2
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/wp-content/themes/madara/app/lib/fontawesome/web-fonts-with-css/css/all.min.css?ver=5.15.3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af

Request headers

Referer: https://leviatanscans.com/wp-content/themes/madara/app/lib/fontawesome/web-fonts-with-css/css/all.min.css?ver=5.15.3
Origin: https://leviatanscans.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:18 GMT
cf-cache-status: HIT
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
age: 6875
etag: W/"12bdc-5ca35546f5fc6-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VKGzEMBqvbz1cehqCGaCtILLzJSqdHFl5OIkglImghJQRodw7lCkX3BZsrWAqOCnP%2FffN5WOTiCTnc4iQqPEqHaYAoJj4%2FMu854ndV8Q2VYmYGWE5ed1hxkBh2cWFACnDDRWOiIM5l%2FNmj4rvsI0qA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff2
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6c5c33298fce59fb-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H/1.1 200
OK spt Show response
tg1.modoro360.com/api/adserver/ 19 KB
6 KB 281ms
69ms Script
text/javascript 2a02:26f0:6c00::210:bb99
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://tg1.modoro360.com/api/adserver/spt?AV_TAGID=6194e42745be0c7521582835&AV_PUBLISHERID=6194e37dd64d962c3c046ac4
Requested by: Host: jscdn.greeter.me
URL: https://jscdn.greeter.me/andrearvideo.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:bb99 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fb71b5f3d54d14a6259adeaa97eb115cbfd68348cef90ba4fe9a318065b3426e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 15:11:18 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, DELETE, PUT, OPTIONS, INDEX
Content-Type: text/javascript
Cache-Control: max-age=300
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Bamboo-Token,Event-Id,X-Requested-With,avsptstaging
Content-Length: 5364
Expires: Thu, 30 Dec 2021 15:16:18 GMT

GET
H2 200 jquery-2.2.2.min.js Show response
code.jquery.com/ 84 KB
29 KB 208ms
68ms Script
application/javascript 2001:4de0:ac18::1:a:1b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-2.2.2.min.js
Requested by: Host: delivery.adrecover.com
URL: https://delivery.adrecover.com/42458/adRecover.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: dfa729d82a3effadab1000181cb99108f232721e3b0af74cfae4c12704b35a32

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:18 GMT
content-encoding: gzip
last-modified: Thu, 17 Mar 2016 17:52:17 GMT
server: nginx
etag: W/"56eaeed1-14e98"
vary: Accept-Encoding
x-hw: 1640877078.dop005.ml1.t,1640877078.cds217.ml1.hn,1640877078.cds027.ml1.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 29880

GET
H2 200 ice.js Show response
resources.infolinks.com/js/1775.005-3.025/ 207 KB
67 KB 34ms
33ms Script
application/javascript 172.66.42.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/1775.005-3.025/ice.js
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d276d676d044a790a34f40aa20de0fc4e3d1c561a635ae430d28c693fbe1473

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray: 6c5c332a0efc35f5-MAN
date: Thu, 30 Dec 2021 15:11:18 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Mon, 20 Dec 2021 15:26:44 GMT
server: cloudflare
age: 10881
etag: W/"33cd8-5d395842823b6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
content-encoding: gzip
expires: Sat, 29 Jan 2022 12:09:57 GMT

GET
H2 200 hbw_master_313926_10240.js Show response
player.adtelligent.com/prebidlink/455799/ 151 KB
30 KB 104ms
31ms Script
application/javascript 45.133.44.4
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/prebidlink/455799/hbw_master_313926_10240.js
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/wrapper_hb_313926_10240.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1e07dc5f74ce36a9e8ec8068b4fdfb91d7044fa29aa19492914bc0ceb55ac639

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:18 GMT
content-encoding: gzip
last-modified: Wed, 29 Dec 2021 13:36:31 GMT
server: nginx
etag: W/"61cc645f-25dfb"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Thu, 30 Dec 2021 16:11:18 GMT
cache-control: max-age=3600
x-proxy-cache: HIT

GET
H3 200 21735472908 Show response
fundingchoicesmessages.google.com/i/ 80 KB
28 KB 116ms
68ms Script
application/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/21735472908?ers=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

388405119307f1f72e8b6e9c8e7c3bded6622131bb2d5b0b6590b627343ffb67

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-6Iu2sei7BTt8DUhskpbrvA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'nonce-6Iu2sei7BTt8DUhskpbrvA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-6Iu2sei7BTt8DUhskpbrvA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'nonce-6Iu2sei7BTt8DUhskpbrvA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
cross-origin-opener-policy: same-origin
date: Thu, 30 Dec 2021 15:11:18 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ajax-loader.gif
leviatanscans.com/wp-content/themes/madara/js/slick/ 4 KB
5 KB 69ms
69ms Image
image/gif 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/themes/madara/js/slick/ajax-loader.gif
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/wp-content/themes/madara/js/slick/slick-theme.css?ver=5.8.2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/wp-content/themes/madara/js/slick/slick-theme.css?ver=5.8.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:18 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2378619
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4178
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: "61235442-1052"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1VhbI62msju%2BiscbMTlho0zVK27V3zAhKEnKbiZBArwXVHCt8U76zupmQ3pbvgOsRLsv2L5KitRt9sY3WWCaUFvnw1mkz8qg2ZWzlKwRfrT%2BfIly291s9VttDykouhBE8L9CtQWfkBzX6ptgRthaYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c332a8af959fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 slick.woff
leviatanscans.com/wp-content/themes/madara/js/slick/fonts/ 1 KB
2 KB 87ms
87ms Font
font/woff 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/js/slick/fonts/slick.woff
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/wp-content/themes/madara/js/slick/slick-theme.css?ver=5.8.2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26726bac4060abb1226e6ceebc1336e84930fe7a7af1b3895a109d067f5b5dcc

Request headers

Referer: https://leviatanscans.com/wp-content/themes/madara/js/slick/slick-theme.css?ver=5.8.2
Origin: https://leviatanscans.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:18 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2374177
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1380
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: "61235442-564"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ABpPGnmshmASyiNkyT4x31MjiOTB%2FYJDK%2F%2FezojezI35ckei13wes2B%2F1CS%2FYYnxRUcvTQfZ7uxm8GRKDI1sCak9PEJDZcmnJSsOzISrOK04X3WXegFzJJoRSjXv%2FaZ0gbEz5fJQ%2BLHK%2BMStgHcyjg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6c5c332aab8e59fb-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 AGSKWxWQvpelspZEhJ6cSA1XlaaXBqApybOZpwc83kBOMCdNSvXKXwvcFYvrl3JYjf2xLEaQ0OFalScpTiko_KNYVoM= Show response
fundingchoicesmessages.google.com/f/ 42 KB
16 KB 68ms
67ms Script
application/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWQvpelspZEhJ6cSA1XlaaXBqApybOZpwc83kBOMCdNSvXKXwvcFYvrl3JYjf2xLEaQ0OFalScpTiko_KNYVoM=?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjQwODc3MDc5LDEzNzAwMDAwMF0sIkQyOTU2MTQ1LTYzMDUtNDQ3Ri05OTI0LUQ1QUM3Mzg2RUVCMyIsIjQ3RURFQzYxLTBGNUItNEI1OS1CQTk2LTA4MDQ3NkY0QURGNCIsbnVsbCxbbnVsbCxbN10sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLHRydWUsdHJ1ZV0sImh0dHBzOi8vbGV2aWF0YW5zY2Fucy5jb20vbXgiLG51bGwsW11d

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.KLc8KbJV95Q.es5.O/d=1/rs=AJlcJMy8x6z2cRmkx1hP8IStX6fvzi0o_Q/m=kernel_loader,loader_js_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1677330ebdd2cc50c12bc87e4d7baad8d1f7b2477aae9033a40bc53053890cfd

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-dbMnuZ7IXAwTDGDIHBociA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-dbMnuZ7IXAwTDGDIHBociA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorGlobalRouterHttp"
x-frame-options: SAMEORIGIN
report-to: {"group":"ContributorGlobalRouterHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorGlobalRouterHttp/external"}]}
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'report-sample' 'nonce-dbMnuZ7IXAwTDGDIHBociA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-dbMnuZ7IXAwTDGDIHBociA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 221 B
449 B 77ms
50ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=leviatanscans.com&callback=_gfp_s_&client=ca-pub-4875972488010851

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

344553683bf450a1df810af5339bbd8a92d0b631d12d9aeff094f1fef5f24dcb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 203
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
792 B 164ms
51ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=leviatanscans.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 15:11:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 143ms
50ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 15:11:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 72ms
72ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fleviatanscans.com%2Fmx&tn=DIV&cls=go-to-top%20active&ign=false&pw=1600&ph=1200&x=1575&y=1175

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B653 257 KB
62 KB 512ms
464ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&adk=1812271804&adf=3025194257&lmt=1640876906&plat=1%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fleviatanscans.com%2Fmx&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=148&bdt=674&idt=32&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=242587292157&frm=20&pv=2&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=504

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0479911127b27309910046e621e9813c33171f25eed795c5f933041f1b11dec9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 30 Dec 2021 15:11:18 GMT
server: cafe
content-length: 63350
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 30 Dec 2021 15:11:18 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9C47 81 KB
28 KB 1015ms
973ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3064878007&adk=4082483822&adf=57030562&pi=t.ma~as.3064878007&w=1200&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=1&bdt=673&idt=120&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=CpMJWv7tim&p=https%3A//leviatanscans.com&dtd=512

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b2031f37deaf7d4187f4af0a104aa9222934efcc0085e9257917ae2727ff18dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 30 Dec 2021 15:11:19 GMT
server: cafe
content-length: 29071
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 30 Dec 2021 15:11:19 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9F6B 83 KB
28 KB 1002ms
998ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=3079630965&adf=1996529579&pi=t.ma~as.8517528668&w=1110&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=2&bdt=673&idt=129&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeE%7C&abl=NS&pfx=0&cms=2&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=rVQVJPiktD&p=https%3A//leviatanscans.com&dtd=550

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2433a649238f0fa3def41b128d7d8885e7a20524a0b3725952ff3adcab77b0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 30 Dec 2021 15:11:19 GMT
server: cafe
content-length: 29001
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 30 Dec 2021 15:11:19 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DC73 603 B
68 B 434ms
434ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7913044002918072&output=html&h=90&slotname=www.leviatanscans.com&adk=2326191791&adf=2974420697&pi=t.ma~as.www.leviatanscans.c_&w=728&lmt=1640876906&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=7&bdt=673&idt=182&shv=r20211207&mjsv=m202112060101&ptt=5&saldr=sa&abxe=1&prev_fmts=0x0%2C1200x280%2C1110x280&nras=1&correlator=242587292157&frm=20&pv=2&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=502&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=B2y76268N8&p=https%3A//leviatanscans.com&dtd=630

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 30 Dec 2021 15:11:18 GMT
server: cafe
content-length: 46
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 30 Dec 2021 15:11:18 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 22DE 83 KB
28 KB 451ms
450ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3406818463&adk=249225904&adf=4032207530&pi=t.ma~as.3406818463&w=1110&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=17&bdt=673&idt=242&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1110x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2335&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=eN3pPo50FQ&p=https%3A//leviatanscans.com&dtd=634

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3d3e547db2a13d41df925331856b26585b2329ccc95ba9366517e94f45816e7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 30 Dec 2021 15:11:18 GMT
server: cafe
content-length: 29023
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 30 Dec 2021 15:11:18 GMT
cache-control: private

GET
H2 200 manage Show response
router.infolinks.com/usync/ Frame 4F0A 9 KB
2 KB 165ms
154ms Document
text/html 172.66.42.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fdb3e6de194f648755da7ac37f139d711ace40c9b0d3b7a67fc44ceab6d80c5f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

date: Thu, 30 Dec 2021 15:11:18 GMT
content-type: text/html;charset=UTF-8
cache-control: no-store
p3p: CP="NON DSP NID OUR COR"
via: 1.1 google
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6c5c332cfc5b35f5-MAN
content-encoding: gzip

GET
H2 200 lcmanage Show response
router.infolinks.com/usync/ 0
35 B 191ms
186ms Script
text/plain 172.66.42.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/usync/lcmanage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:18 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control: no-store
cf-ray: 6c5c332cfc5e35f5-MAN
content-length: 0

GET
H2 200 gsd Show response
router.infolinks.com/ 0
44 B 126ms
124ms Script
text/plain 172.66.42.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/gsd?evt=afterGSD&pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx&jsv=1775.005-3.025&_cb=16408770793500
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:18 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 6c5c332cfc5c35f5-MAN
content-length: 0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

POST
H3 404 type_error:SafeUrl Show response
leviatanscans.com/ 40 KB
10 KB 365ms
365ms XHR
text/html 2606:4700:3032::6815:2c71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/type_error:SafeUrl
Requested by: Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.KLc8KbJV95Q.es5.O/d=1/rs=AJlcJMy8x6z2cRmkx1hP8IStX6fvzi0o_Q/m=kernel_loader,loader_js_executable
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:2c71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cfd841ef08a38fe64bd9a45b256277ebd038b938c8fdf2cd4ba7781087c3873e

Request headers

Referer: https://leviatanscans.com/mx
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 30 Dec 2021 15:11:18 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
link: <https://leviatanscans.com/mx/wp-json/>; rel="https://api.w.org/"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=odxZ3jufAk7n19SDICZNPVZzezWQ2NgxzgBL4u1Oz5ZFK437Gvi9bfN9vjGhPIWKExUBMCcZDds%2FHDU2W08O0suE5T7bbV9OyaUNAwM4HJkTS12mWZTlf%2BLn8UsSIwFnFWkVufA4LuY3uOfrRe6NpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
cf-ray: 6c5c332d5b4059fb-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 block.jpg
delivery.adrecover.com/ 631 B
817 B 69ms
69ms Image
image/jpeg 2606:4700::6812:353
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://delivery.adrecover.com/block.jpg?ts=1640877079434
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:353 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9284d948e86d2e99f31483b5f4b3a4c3e65e0a6fbca9a8d2db8c6095f82ac3f5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:18 GMT
cf-cache-status: HIT
age: 284244
last-modified: Wed, 23 Jun 2021 06:37:54 GMT
content-length: 631
cf-bgj: h2pri
server: cloudflare
etag: "60d2d6c2-277"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=432000
accept-ranges: bytes
cf-ray: 6c5c332d8a775a13-MXP
expires: Tue, 04 Jan 2022 15:11:18 GMT

GET
H/1.1 200
OK / Show response
ghb.adtelligent.com/geo/ 142 B
395 B 135ms
30ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/geo/
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/455799/hbw_master_313926_10240.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: 6757f6d5adae8696fa2d13c32f005130f9a068979fd87d2aa15a1f4e2abab917

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://leviatanscans.com
Date: Thu, 30 Dec 2021 15:11:17 GMT
Access-Control-Allow-Credentials: true
Server: VertaMedia 1.0
Connection: Keep-Alive
Content-Length: 142
Content-Type: application/json

GET
H/1.1 200
OK tracking Show response
ghb.adtelligent.com/adunit/ 43 B
419 B 135ms
30ms XHR
image/gif 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/adunit/tracking?event=11&type=0&client_id=313926&site_id=10240&full_page_url=https%3A%2F%2Fleviatanscans.com%2Fmx&adid=t3uhjq.am&features=0&vpbv=N040&lifecycle_tte=2398
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/455799/hbw_master_313926_10240.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://leviatanscans.com
Date: Thu, 30 Dec 2021 15:11:17 GMT
Access-Control-Allow-Credentials: true
Server: VertaMedia 1.0
Connection: Keep-Alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 avcplayer.js Show response
player.avplayer.com/script/2/v/ 242 KB
58 KB 271ms
66ms Script
application/javascript 2a02:26f0:6c00::210:bb21
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.avplayer.com/script/2/v/avcplayer.js
Requested by: Host: tg1.modoro360.com
URL: https://tg1.modoro360.com/api/adserver/spt?AV_TAGID=6194e42745be0c7521582835&AV_PUBLISHERID=6194e37dd64d962c3c046ac4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:bb21 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 88d34d768fff67e23429eef90f0221bfb514aa59a013560d2a3286f2c6ea4534

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:18 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycduS1V5w_6ZXbMaZIgKJUiYFW9UhAY7DOcBC0yzdZwH23B6LrOalcwwmB2mbc28rCM9S0MELJxGa95OSmp9A5HE
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
content-length: 58932
last-modified: Wed, 01 Dec 2021 07:43:20 GMT
server: UploadServer
etag: "2a52a4eea594d28a4782b234215c3e57"
vary: Accept-Encoding
x-goog-hash: crc32c=uDNYqQ==, md5=KlKk7qWU0opHgrI0IVw+Vw==
content-language: en
x-goog-generation: 1638344600242304
cache-control: public, max-age=300
x-goog-stored-content-length: 58932
accept-ranges: bytes
content-type: application/javascript
expires: Thu, 30 Dec 2021 15:16:18 GMT

GET
H2 200 track
servt.modoro360.com/ 0
71 B 396ms
119ms Image
text/plain 35.171.252.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://servt.modoro360.com/track?pid=6194e37dd64d962c3c046ac4&cid=6194e38884e57b3ffd645344&cb=1640877079440&r=leviatanscans.com&stagid=6194e42745be0c7521582835&stplid=61992a63ecd4ee6f534beea5&d35=&e=playerLoaded
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.171.252.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-171-252-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:18 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 config.json Show response
player.adtelligent.com/exchange_rates/313925/ 6 KB
3 KB 91ms
32ms XHR
application/json 45.133.44.4
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/exchange_rates/313925/config.json?cb=https%3A%2F%2Fleviatanscans.com%2Fmx
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: 5ad633e35c299ba6208e50825fbae678dd6272ab28aa0944c2a55bf067f9e456

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 30 Dec 2021 15:11:18 GMT
content-encoding: gzip
last-modified: Thu, 30 Dec 2021 12:01:08 GMT
server: nginx
etag: W/"61cd9f84-19a4"
content-type: application/json
access-control-allow-origin: https://leviatanscans.com
expires: Thu, 30 Dec 2021 16:11:18 GMT
cache-control: max-age=3600
x-proxy-cache: HIT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 95 KB
28 KB 238ms
237ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3827809114459309&correlator=3719063470127394&output=ldjh&impl=fifs&eid=31060439&vrg=2021120601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20211230&iu_parts=21797538459%2CPapayAds_LeviatanScans_Interstitial&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ists=1&fas=8&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1640876906&dt=1640877079464&dlt=1640877077981&idt=934&frm=20&biw=1600&bih=1200&oid=2&adxs=-9&adys=-9&adks=4232083514&ucis=1&ifi=6&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fleviatanscans.com%2Fmx&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1&msz=0x-1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=true&ga_cid=960163704.1640877079&fws=2&ohw=0&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

a74e0f1d2802b17f26b2d04e92e0783f68bcce7a488f736f4fe5afdc749aef65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:18 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28962
x-xss-protection: 0
google-lineitem-id: 5756871766
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138358703504
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://leviatanscans.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 13CD 6 KB
4 KB 178ms
49ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 30 Dec 2021 15:11:18 GMT
expires: Fri, 30 Dec 2022 15:11:18 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pubads_impl_page_level_ads_2021120601.js Show response
securepubads.g.doubleclick.net/gpt/ 34 KB
13 KB 53ms
53ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2021120601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

6438deeda87c2438473fc3c887e708b7f23b9c27dbf7df19e2e525f3b299abd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12940
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 09:34:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 30 Dec 2021 15:11:18 GMT

POST
H3 204 AGSKWxVzdxD6yN0qnmpasL5zz91voiSGRjKlvth3dPrji6qetUX7GmZuvR4_y8d5yBaUYFrCz2t6BnoM2kXwLcO0W_YMOJUniF7HGL1mnWmZBJobAacRoA2fObmrnjd4adIgKwSutwO6M30-x-8sc3Wm3iAl28qckCRd72gaMzLZQriG0y-C1jXaf4-E2nAt Show response
fundingchoicesmessages.google.com/el/ 0
26 B 111ms
61ms XHR
text/html 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVzdxD6yN0qnmpasL5zz91voiSGRjKlvth3dPrji6qetUX7GmZuvR4_y8d5yBaUYFrCz2t6BnoM2kXwLcO0W_YMOJUniF7HGL1mnWmZBJobAacRoA2fObmrnjd4adIgKwSutwO6M30-x-8sc3Wm3iAl28qckCRd72gaMzLZQriG0y-C1jXaf4-E2nAt

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorIabCcpaWebSignalJs.en_US.3Ulf59yNN2w.es5.O/d=1/rs=AJlcJMwlxlERzPok7JaO5CaPU8LF7NnbLg/m=iabccpawebsignalscript

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-cHKwEKpm2ZBjF+SKOXO4tw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-cHKwEKpm2ZBjF+SKOXO4tw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 30 Dec 2021 15:11:18 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://leviatanscans.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-cHKwEKpm2ZBjF+SKOXO4tw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-cHKwEKpm2ZBjF+SKOXO4tw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxW7qTTmZN47yKPAVnebyxukD0NCa6uf43_rn_2WPviQHqGT3uaszk4KJ3-ZEC_WjC0__BYwrszPpwdfhCw4VdukWXUVFgu3DK5aKHdZOpf5q2hHLrb5otl86YMlJ7dcJwu1yHzTkgEGHcUJhHUjkUv1c7JraX15xvYjcWx2N46Mr5SqtVSIyyewSai- Show response
fundingchoicesmessages.google.com/f/ 61 KB
22 KB 115ms
114ms Script
application/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxW7qTTmZN47yKPAVnebyxukD0NCa6uf43_rn_2WPviQHqGT3uaszk4KJ3-ZEC_WjC0__BYwrszPpwdfhCw4VdukWXUVFgu3DK5aKHdZOpf5q2hHLrb5otl86YMlJ7dcJwu1yHzTkgEGHcUJhHUjkUv1c7JraX15xvYjcWx2N46Mr5SqtVSIyyewSai-?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjQwODc3MDc5LDQ3ODAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsMTBdLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxLDFdLCJodHRwczovL2xldmlhdGFuc2NhbnMuY29tL214IixudWxsLFtdXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

43294c18e22cdf63ac68c86743b7258eb8475bf45b88e7876784aa9a0eefdd58

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-/o9Pt9A+q5h8KAk762xMow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-/o9Pt9A+q5h8KAk762xMow' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'report-sample' 'nonce-/o9Pt9A+q5h8KAk762xMow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-/o9Pt9A+q5h8KAk762xMow' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
de.tynt.com/deb/ Frame 3D92 75 B
289 B 356ms
113ms Document
text/html 67.202.105.34
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.34 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip34.67-202-105.static.steadfastdns.net
Software: /
Resource Hash: e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://router.infolinks.com/

Response headers

cache-control: max-age=86400
expires: Fri, 31 Dec 2021 15:11:19 GMT
referrer-policy: unsafe-url
content-type: text/html
content-length: 75
date: Thu, 30 Dec 2021 15:11:18 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H/1.1

200
OK

usermatch Show response
ssum-sec.casalemedia.com/ Frame 7D34
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=191306&cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1

2 KB
3 KB

81ms
81ms

Document
text/html

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: adb7adacd821afa09bc6595a7ccf56381fb9d5caec83ec76702b5ef7b2d070cf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://router.infolinks.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 45|241|230|39|31|40|5|81
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1626
Expires: Thu, 30 Dec 2021 15:11:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:18 GMT
Connection: keep-alive

Redirect headers

Server: Apache
Content-Length: 311
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Thu, 30 Dec 2021 15:11:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:18 GMT
Connection: keep-alive

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 22E5 2 KB
814 B 164ms
42ms Document
text/html 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90

Requested by

Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://router.infolinks.com/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
strict-transport-security: max-age=15552000

GET
H2

200

usersync
router.infolinks.com/dyn/ Frame 4F0A
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infoli...
https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infoli...
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=Q0I4RTZFQzgtMjU2Qy00M0M4LTgyNzQtMDQzOTY0MTVCRTFF&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?p=60809&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fusersync%3Fpmuservalue%3D67B93125-4F73-4CE7-B889-9D4D778019AB
https://router.infolinks.com/dyn/usersync?pmuservalue=67B93125-4F73-4CE7-B889-9D4D778019AB

0
237 B

153ms
152ms

Image
text/plain

172.66.42.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/usersync?pmuservalue=67B93125-4F73-4CE7-B889-9D4D778019AB
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx
Protocol: H2
Server: 172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
cache-control: no-store
cf-ray: 6c5c3334eb4235f5-MAN
content-length: 0

Redirect headers

location: https://router.infolinks.com/dyn/usersync?pmuservalue=67B93125-4F73-4CE7-B889-9D4D778019AB
date: Thu, 30 Dec 2021 15:11:18 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

apn-usync
router.infolinks.com/dyn/ Frame 4F0A
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fapn-usync%3Fuser_id%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fapn-usync%253Fuser_id%253D%2524UID
https://router.infolinks.com/dyn/apn-usync?user_id=3796356488368242503

35 B
188 B

124ms
124ms

Image
image/gif

172.66.42.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/apn-usync?user_id=3796356488368242503
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx
Protocol: H2
Server: 172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6c5c3330ebfb35f5-MAN
content-length: 35
expires: Wed, 30 Dec 2020 15:11:19 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:19 GMT
X-Proxy-Origin: 89.238.142.213; 89.238.142.213; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: ee9e811a-581c-4a3d-a10f-f3966591ca7d
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://router.infolinks.com/dyn/apn-usync?user_id=3796356488368242503
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 cm
u.openx.net/w/1.0/ Frame 4F0A 43 B
305 B 112ms
35ms Image
image/gif 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u.openx.net/w/1.0/cm?id=9b5994f2-035d-46de-8c12-bc0e9a4e66c2&r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fox-usync%3Fuid%3D
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:18 GMT
content-encoding: gzip
server: OXGW/17.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

VR-usync
router.infolinks.com/dyn/ Frame 4F0A
Redirect Chain

https://ups.analytics.yahoo.com/ups/58422/occ
https://ups.analytics.yahoo.com/ups/58422/occ?verify=true
https://router.infolinks.com/dyn/VR-usync?uid=y-Y4_.JvhE2uFuXpeZEnwNUl9mlkPCc8iVUVDowjc-~A

35 B
301 B

124ms
124ms

Image
image/gif

172.66.42.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/VR-usync?uid=y-Y4_.JvhE2uFuXpeZEnwNUl9mlkPCc8iVUVDowjc-~A
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx
Protocol: H2
Server: 172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6c5c33307b1135f5-MAN
content-length: 35
expires: Wed, 30 Dec 2020 15:11:19 GMT

Redirect headers

location: https://router.infolinks.com/dyn/VR-usync?uid=y-Y4_.JvhE2uFuXpeZEnwNUl9mlkPCc8iVUVDowjc-~A
date: Thu, 30 Dec 2021 15:11:19 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

r1-usync
router.infolinks.com/dyn/ Frame 4F0A
Redirect Chain

https://sync.1rx.io/usersync2/infolinks
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3848169318
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3848169318
https://sync.1rx.io/usersync/tradedesk/c6d710a3-e93d-4331-be42-5db246c85db2
https://sync.targeting.unrulymedia.com/csync/RX-10eddfa2-253c-4734-be3d-74b87e49d521-003?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fr1-usync%3Fuid%3DRX-10eddfa2-253c-4734-be3d-74b87e49d521-003
https://router.infolinks.com/dyn/r1-usync?uid=RX-10eddfa2-253c-4734-be3d-74b87e49d521-003

35 B
204 B

126ms
125ms

Image
image/gif

172.66.42.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/r1-usync?uid=RX-10eddfa2-253c-4734-be3d-74b87e49d521-003
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx
Protocol: H2
Server: 172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6c5c33330ff035f5-MAN
content-length: 35
expires: Wed, 30 Dec 2020 15:11:19 GMT

Redirect headers

location: https://router.infolinks.com/dyn/r1-usync?uid=RX-10eddfa2-253c-4734-be3d-74b87e49d521-003
date: Thu, 30 Dec 2021 15:11:19 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX10eddfa2253c4734be3d74b87e49d521003
content-type: text/html

GET
H2

200

zmn-usync
router.infolinks.com/dyn/ Frame 4F0A
Redirect Chain

https://b1sync.zemanta.com/usersync/infolinks/?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fzmn-usync%3Fuid%3D__ZUID__
https://router.infolinks.com/dyn/zmn-usync?uid=

35 B
90 B

130ms
130ms

Image
image/gif

172.66.42.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/zmn-usync?uid=
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx
Protocol: H2
Server: 172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store
cf-ray: 6c5c33316d1b35f5-MAN
content-length: 35

Redirect headers

Location: https://router.infolinks.com/dyn/zmn-usync?uid=
Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:19 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 70
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK us
sync.go.sonobi.com/ Frame 4F0A 0
474 B 186ms
41ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsonobi-usync%3Fuid%3D%5BUID%5D

Requested by

Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:18 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

ca.png
s.cpx.to/ Frame 4F0A
Redirect Chain

https://ib.adnxs.com/getuid?https://s.cpx.to/ca.png?ref=https%253A%252F%252Fleviatanscans.com%252Fmx&pid=12306&adnxs_uid=$UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3Dhttps%25253A%25252F%25252Fleviatanscans.com%25252Fmx%26pid%3D12306%26adnxs_uid%3D%24UID
https://s.cpx.to/ca.png?ref=https%3A%2F%2Fleviatanscans.com%2Fmx&pid=12306&adnxs_uid=3796356488368242503

95 B
945 B

166ms
39ms

Image
image/png

54.154.182.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/ca.png?ref=https%3A%2F%2Fleviatanscans.com%2Fmx&pid=12306&adnxs_uid=3796356488368242503

Requested by

Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx

Protocol

HTTP/1.1

Server

54.154.182.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-154-182-198.eu-west-1.compute.amazonaws.com

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache, no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Thu, 30 Dec 2021 15:11:19 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0, no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Content-Length: 95
Expires: Thu, 30 Dec 2021 15:11:19 UTC

Redirect headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:19 GMT
X-Proxy-Origin: 89.238.142.213; 89.238.142.213; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: fe27d457-6362-4cb2-a151-42404f667912
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://s.cpx.to/ca.png?ref=https%3A%2F%2Fleviatanscans.com%2Fmx&pid=12306&adnxs_uid=3796356488368242503
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK sync
dsp.adkernel.com/ Frame 4F0A 42 B
233 B 308ms
99ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsp.adkernel.com/sync?exchange=202&r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fearn-usync%3Fuid%3D%7BUID%7D
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:18 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H2

200

an-usersync
router.infolinks.com/dyn/ Frame 4F0A
Redirect Chain

https://ad.360yield.com/server_match?r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fan-usersync%3Fuser_id%3D%7BPUB_USER_ID%7D%26partner_id%3D1531
https://ad.360yield.com/ul_cb/server_match?r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fan-usersync%3Fuser_id%3D%7BPUB_USER_ID%7D%26partner_id%3D1531
https://router.infolinks.com/dyn/an-usersync?user_id=e6c6ded2-b467-4d71-913c-eb56668b8895&partner_id=1531

35 B
200 B

249ms
249ms

Image
image/gif

172.66.42.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/an-usersync?user_id=e6c6ded2-b467-4d71-913c-eb56668b8895&partner_id=1531
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx
Protocol: H2
Server: 172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6c5c33307b0d35f5-MAN
content-length: 35
expires: Wed, 30 Dec 2020 15:11:19 GMT

Redirect headers

location: https://router.infolinks.com/dyn/an-usersync?user_id=e6c6ded2-b467-4d71-913c-eb56668b8895&partner_id=1531
date: Thu, 30 Dec 2021 15:11:19 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

outh-usync
router.infolinks.com/dyn/ Frame 4F0A
Redirect Chain

https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true
https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&apid=UPbd9f6ef3-6982-11ec-95c7-028185212c26
https://router.infolinks.com/dyn/outh-usync?uid=y-O2ltmGBE2uHg6z08RT91NdbXkRuLhzF2~A~UPbd9f6ef3-6982-11ec-95c7-028185212c26

35 B
234 B

124ms
124ms

Image
image/gif

172.66.42.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/outh-usync?uid=y-O2ltmGBE2uHg6z08RT91NdbXkRuLhzF2~A~UPbd9f6ef3-6982-11ec-95c7-028185212c26
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx
Protocol: H2
Server: 172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6c5c3330fc0e35f5-MAN
content-length: 35
expires: Wed, 30 Dec 2020 15:11:19 GMT

Redirect headers

location: https://router.infolinks.com/dyn/outh-usync?uid=y-O2ltmGBE2uHg6z08RT91NdbXkRuLhzF2~A~UPbd9f6ef3-6982-11ec-95c7-028185212c26
date: Thu, 30 Dec 2021 15:11:19 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 200
OK usersync
match.bnmla.com/ Frame 4F0A 0
114 B 349ms
122ms Image
text/plain 38.27.122.158
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.bnmla.com/usersync?sspid=1000361&redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fenbd-usync%3Fuid%3D%5BUUID%5D
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 38.27.122.158 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 15:11:19 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

200

sovrn-usync
router.infolinks.com/dyn/ Frame 4F0A
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID
https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID&sovrn_retry=true
https://router.infolinks.com/dyn/sovrn-usync?uid=72520c5b6a85ba298733ec15

35 B
193 B

130ms
129ms

Image
image/gif

172.66.42.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/sovrn-usync?uid=72520c5b6a85ba298733ec15
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx
Protocol: H2
Server: 172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6c5c3331ad7735f5-MAN
content-length: 35
expires: Wed, 30 Dec 2020 15:11:19 GMT

Redirect headers

Date: Thu, 30 Dec 2021 15:11:19 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://router.infolinks.com/dyn/sovrn-usync?uid=72520c5b6a85ba298733ec15
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H2

200

usersync
router.infolinks.com/dyn/ Frame 4F0A
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolink...
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NjdCOTMxMjUtNEY3My00Q0U3LUI4ODktOUQ0RDc3ODAxOUFC&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?p=60809&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fusersync%3Fpmuservalue%3D67B93125-4F73-4CE7-B889-9D4D778019AB
https://router.infolinks.com/dyn/usersync?pmuservalue=67B93125-4F73-4CE7-B889-9D4D778019AB

0
157 B

124ms
123ms

Image
text/plain

172.66.42.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/usersync?pmuservalue=67B93125-4F73-4CE7-B889-9D4D778019AB
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx
Protocol: H2
Server: 172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
cache-control: no-store
cf-ray: 6c5c3334eb4435f5-MAN
content-length: 0

Redirect headers

location: https://router.infolinks.com/dyn/usersync?pmuservalue=67B93125-4F73-4CE7-B889-9D4D778019AB
date: Thu, 30 Dec 2021 15:11:18 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

zeta-usync
router.infolinks.com/dyn/ Frame 4F0A
Redirect Chain

https://p.rfihub.com/cm?pub=43153&in=1
https://router.infolinks.com/dyn/zeta-usync?uid=5144588519097907694

35 B
188 B

190ms
189ms

Image
image/gif

172.66.42.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/zeta-usync?uid=5144588519097907694
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx
Protocol: H2
Server: 172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6c5c33331ff835f5-MAN
content-length: 35
expires: Wed, 30 Dec 2020 15:11:19 GMT

Redirect headers

Location: https://router.infolinks.com/dyn/zeta-usync?uid=5144588519097907694
Date: Thu, 30 Dec 2021 15:11:19 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame 4F0A 0
72 B 361ms
113ms Image
text/plain 67.202.105.22
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssc-cms.33across.com/ps/?ri=0010b00002CpYhEAAV&ru=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2F33a-usync%3Fuid%3D33XUSERID33X
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.22 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip22.67-202-105.static.steadfastdns.net
Software: 33XP003 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-33x-status: 2000208
date: Thu, 30 Dec 2021 15:11:18 GMT
server: 33XP003

GET
H2 200 iq-usync
router.infolinks.com/dyn/ Frame 4F0A 0
35 B 125ms
125ms Image
text/plain 172.66.42.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/iq-usync
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fmx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control: no-store
cf-ray: 6c5c3331bd7b35f5-MAN
content-length: 0

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 170ms
50ms Preflight 37.157.5.142
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.142 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://leviatanscans.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Thu, 30 Dec 2021 15:11:19 GMT
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://leviatanscans.com
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1
pragma: no-cache
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 localstore.js Show response
script.4dex.io/ 483 B
970 B 209ms
71ms Script
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1863
content-type: application/javascript
x-amz-request-id: tx002dec70dafe483ba85bc-0061adedd1
x-amz-id-2: tx002dec70dafe483ba85bc-0061adedd1
last-modified: Mon, 06 Dec 2021 11:00:36 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x9F9KjeVOf9CK2eglelwn6hrIZ0bMm3znS6dF5k%2B89s3o2MRrZZpjyd%2B60qtsdK58MxeAruly7nfgHB9SjsAkOfm7DsGN8UCpeE8NrQPMQ8W1bYQT4R3rpYaZZ4IhHdiSwlEtp6fom1LmP2T"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 1638788436623244
cache-control: public, max-age=1800
cf-ray: 6c5c332f7f4a375b-MXP
expires: Thu, 30 Dec 2021 15:41:18 GMT

POST
H/1.1 204
No Content / Show response
b1h.zemanta.com/api/bidder/prebid/bid/ 0
123 B 478ms
114ms XHR
text/plain 64.74.236.191
INTERNAP-BLK5

General

Check archive.org

Show headers Download Go to

Full URL: https://b1h.zemanta.com/api/bidder/prebid/bid/
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.74.236.191 , United States, ASN19024 (INTERNAP-BLK5, US),
Reverse DNS: chi.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://leviatanscans.com
Access-Control-Allow-Credentials: true

POST
H2 200 prebid Show response
mp.4dex.io/ 99 B
596 B 272ms
136ms XHR
application/json 2606:4700::6812:372
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:372 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc924e0a347039ab6a1652e4f006ae5596dd0942c3607c78de1b4975fa7847e3

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

cf-ray: 6c5c333059c73753-MXP
pragma: no-cache
date: Thu, 30 Dec 2021 15:11:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
x-warn: Validating the Prebid Request. empty supply chain, Validating the Prebid Request adunit sizes. 3 unsupported banner sizes for adUnit: div-gpt-ad-1616326898623-0, Selecting bids. No selected bids
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://leviatanscans.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
server: cloudflare
expires: 0

POST
H2 204 adapter Show response
useast.quantumdex.io/auction/ 0
339 B 324ms
182ms XHR
text/plain 2606:4700:10::6816:2460
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://useast.quantumdex.io/auction/adapter
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2460 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 30 Dec 2021 15:11:19 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, GET
access-control-allow-origin: https://leviatanscans.com
access-control-allow-credentials: true
cf-ray: 6c5c33307965374d-MXP

POST auction
rtb.adxpremium.services/openrtb2/ 0
0

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 95 B
750 B 215ms
121ms XHR
application/json 216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.20.0
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash: 0cf4c08b0f6827c2b9128ee87e6b252605d9e255f562c9f9188b486d9cdd0394

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 30 Dec 2021 15:11:19 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://leviatanscans.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 100

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
364 B 43ms
43ms XHR
application/json 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: https://leviatanscans.com
cache-control: no-transform, no-cache
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

POST
H/1.1 204
No Content hb Show response
cpm.unibots.in/ 0
264 B 162ms
46ms XHR
text/plain 77.245.57.72
WEBAIR-INTERNET-MTL

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.unibots.in/hb?zone=154227&v=1.6
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:19 GMT
Server: nginx
Age: 0
Access-Control-Allow-Origin: https://leviatanscans.com
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Connection: close
Content-Length: 0

GET
H2 200 arj Show response
adtelligent-d.openx.net/w/1.0/ 73 B
206 B 50ms
44ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adtelligent-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fleviatanscans.com%2Fmx&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=7b882065-d8f8-4ec2-ba93-9075dd11fb99%2C580f5704-94d0-4c0b-9384-ddddc58da384%2C909c8aab-ea62-46d1-b8f3-065859101250&nocache=1640877079778&pubcid=7c56050b-b76a-4906-a7a0-5266c84e4d6c&schain=1.0%2C1!adtelligent.com%2C313926%2C1%2C%2C%2C&aus=1024x768%2C768x1024%2C970x250%2C970x90%2C728x90%2C480x320%2C300x600%2C320x480%2C300x250%2C336x280%2C320x100%2C320x50%7C1024x768%2C768x1024%2C970x250%2C970x90%2C728x90%2C480x320%2C300x600%2C320x480%2C300x250%2C336x280%2C320x100%2C320x50%7C970x90%2C728x90%2C320x100&divids=div-gpt-ad-1616326708758-0%2Cdiv-gpt-ad-1616326898623-0%2Cdiv-gpt-ad-1615738338538-0&aucs=%2C%2C&auid=541177132%2C541177132%2C541177132
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 139e3933d1528be86b8e9111d4c0c891b1a9d6cc61f5f0d5f4bb23c4f34f24fc

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:19 GMT
content-encoding: gzip
server: OXGW/17.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://leviatanscans.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 openrtb Show response
adx.adform.net/adx/ 0
410 B 227ms
124ms XHR
text/plain 37.157.5.142
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.142 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:19 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://leviatanscans.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
179 B 188ms
67ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://leviatanscans.com
date: Thu, 30 Dec 2021 15:11:19 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 37 B
333 B 273ms
164ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=356568&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2284926c0aa95e552%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fleviatanscans.com%2Fmx%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A3%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A3%2C%22ren%22%3Afalse%2C%22version%22%3A%225.20.0%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2285d6218408eb614%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A320%2C%22h%22%3A100%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22320x100%22%7D%7D%2C%7B%22w%22%3A320%2C%22h%22%3A50%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22320x50%22%7D%7D%2C%7B%22w%22%3A336%2C%22h%22%3A280%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22336x280%22%7D%7D%2C%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2292d48589fced303%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A320%2C%22h%22%3A100%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22320x100%22%7D%7D%2C%7B%22w%22%3A320%2C%22h%22%3A50%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22320x50%22%7D%7D%2C%7B%22w%22%3A336%2C%22h%22%3A280%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22336x280%22%7D%7D%2C%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2299b192ce0c7162a%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A320%2C%22h%22%3A100%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22320x100%22%7D%7D%2C%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%7D
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 663f09386ec791dec8eaf3b1b18f3c24c2dd06351f9277bba880d9c2a29a91d6

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:19 GMT
x-ak-initial-geo: CC:[GB], RC:[EN], CN:[EU], CIP:[89.238.142.213], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://leviatanscans.com
x-cs-client-geo: 27
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 37
x-ak-client-geo: 27
expires: Thu, 30 Dec 2021 15:11:19 GMT

POST
H2 200 adreq Show response
ads.servenobid.com/ 981 B
716 B 458ms
364ms XHR
application/json 34.242.66.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=7298
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.242.66.111 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-242-66-111.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: fae2efcd0576c10d5c398f04b3839d8d1b49127eff6c7af7a701099998204bda

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 30 Dec 2021 15:11:19 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://leviatanscans.com
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true

POST
H2 200 / Show response
prebid.smilewanted.com/ 0
709 B 136ms
76ms XHR
application/json 104.26.6.39
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.39 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 30 Dec 2021 15:11:19 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: https://leviatanscans.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rGng4%2BWMebM8UlDj1e0vNoXutesxlkHGGavoCAPbAA7tjD%2BqvtwqT7Y0WiaOU5%2Fj9R3zpMK%2B%2FL0qAJGfkf1%2B1NOmd5eh0p%2BQUv0YOEHyE96CfQUrqvZXPY%2BLF3uK%2FRwOFqrwSvzcnEU%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 6c5c333018af5499-MAN
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H2 200 / Show response
prebid.smilewanted.com/ 0
284 B 136ms
76ms XHR
application/json 104.26.6.39
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.39 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 30 Dec 2021 15:11:19 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: https://leviatanscans.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DpolypmJWVoDX%2FhpxqM4gAz%2B0gthsVgTHongbqdOgiquqdMDW4VbGjzVCPFzlMVoPp%2BL0w89cK1b%2FKmwFrzAQDEcxDt7%2Funb%2F2AyWkp%2FvVqpwPglvMlU5l7ttioNniRxPKkjRmCIwN0%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 6c5c333018b05499-MAN
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H2 200 / Show response
prebid.smilewanted.com/ 0
296 B 220ms
161ms XHR
application/json 104.26.6.39
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.39 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 30 Dec 2021 15:11:19 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: https://leviatanscans.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BJSM%2BcuBpolNHvK%2FcR7QPVbMNdU1mKLBqVm7oIZWIRXGDX8l4Uo5p%2F5TPGowfN%2B%2FbvOT%2FpxdZS0uDWaIX%2Bzza4RSl1YU%2BN7ew91s61SIdadHqvcbOhXBVvaL7nRjZ9doYoTrS5Vkb8Y%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 6c5c333018b25499-MAN
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
364 B 45ms
45ms XHR
application/json 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: https://leviatanscans.com
cache-control: no-transform, no-cache
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 95 B
750 B 194ms
104ms XHR
application/json 216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.20.0
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash: 38a6885a0efdd1ef7dda598e7567b2c9cb8e19da939256a6885a852247705f4f

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 30 Dec 2021 15:11:19 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://leviatanscans.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 100

POST
H2 200 adreq Show response
ads.servenobid.com/ 849 B
715 B 455ms
365ms XHR
application/json 34.242.66.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=397
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.242.66.111 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-242-66-111.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 1d0a0e27a6e814d6d73e847ee7ae8a1bf22e1625992543eff268728fd2f7e5a4

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 30 Dec 2021 15:11:19 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://leviatanscans.com
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 24 KB
7 KB 131ms
102ms XHR
application/json 37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

ff4b0bfbe8f2b851571ba2d36a152dbdc57cf417cd323848dcd99f59041af582

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 30 Dec 2021 15:11:19 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 89.238.142.213; 89.238.142.213; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: d6187614-ad11-4035-ba9c-3d8d127e93ff
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://leviatanscans.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 370 B
1 KB 182ms
145ms XHR
application/json 37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

6b33e4f491c6c9f0fd996c4daa8244b50e59299235caa187aadb0eaacb89aff8

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:19 GMT
X-Proxy-Origin: 89.238.142.213; 89.238.142.213; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 5d42105b-83ca-49c5-9d24-ec3a6b4d30ad
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://leviatanscans.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 370
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 adjson Show response
ads.betweendigital.com/ 2 B
913 B 258ms
92ms XHR
application/json 23.111.200.117
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.betweendigital.com/adjson?t=prebid
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.111.200.117 , Russian Federation, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://leviatanscans.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json

POST
H2 200 cdb Show response
bidder.criteo.com/ 18 B
314 B 154ms
70ms XHR
application/json 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=5.20.0&cb=96497096158

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 30 Dec 2021 15:11:18 GMT
content-encoding: gzip
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://leviatanscans.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 44

GET
H2

200

ROS Show response
pbjs.e-planning.net/hb/1/2e43c/1/leviatanscans.com/
Redirect Chain

https://pbjs.e-planning.net/pbjs/1/2e43c/1/leviatanscans.com/ROS?rnd=0.5307919136729111&e=300x250_0%3A300x250%2C728x90%2C300x600%2C970x250%2C970x90%2C1024x768%2C768x1024%2C480x320%2C320x480%2C336x2...
https://pbjs.e-planning.net/hb/1/2e43c/1/leviatanscans.com/ROS?ct=1&r=pbjs&rnd=0.5307919136729111&e=300x250_0%3A300x250%2C728x90%2C300x600%2C970x250%2C970x90%2C1024x768%2C768x1024%2C480x320%2C320x4...

680 B
1 KB

46ms
46ms

XHR
application/json

5.178.65.245
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pbjs.e-planning.net/hb/1/2e43c/1/leviatanscans.com/ROS?ct=1&r=pbjs&rnd=0.5307919136729111&e=300x250_0%3A300x250%2C728x90%2C300x600%2C970x250%2C970x90%2C1024x768%2C768x1024%2C480x320%2C320x480%2C336x280%2C320x100%2C320x50%2B300x250_1%3A300x250%2C728x90%2C300x600%2C970x250%2C970x90%2C1024x768%2C768x1024%2C480x320%2C320x480%2C336x280%2C320x100%2C320x50%2B728x90_0%3A728x90%2C970x90%2C320x100&ur=https%3A%2F%2Fleviatanscans.com%2Fmx&pbv=5.20.0&ncb=1&vs=FFF&crs=UTF-8&fr=https%3A%2F%2Fleviatanscans.com%2Fmx&e_pubcid=7c56050b-b76a-4906-a7a0-5266c84e4d6c
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Server: 5.178.65.245 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: 95d4d8629ad355ddde1a0d71170cacdfd2d97846f9c9d98f361fe5ecb90639fe

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:19 GMT
server: openresty
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin: https://leviatanscans.com
expires: Thu, 30 Dec 2021 15:11:19 GMT
cache-control: max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 680
x-sid: AMS-603

Redirect headers

date: Thu, 30 Dec 2021 15:11:19 GMT
server: openresty
access-control-allow-origin: https://leviatanscans.com
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
location: /hb/1/2e43c/1/leviatanscans.com/ROS?ct=1&r=pbjs&rnd=0.5307919136729111&e=300x250_0%3A300x250%2C728x90%2C300x600%2C970x250%2C970x90%2C1024x768%2C768x1024%2C480x320%2C320x480%2C336x280%2C320x100%2C320x50%2B300x250_1%3A300x250%2C728x90%2C300x600%2C970x250%2C970x90%2C1024x768%2C768x1024%2C480x320%2C320x480%2C336x280%2C320x100%2C320x50%2B728x90_0%3A728x90%2C970x90%2C320x100&ur=https%3A%2F%2Fleviatanscans.com%2Fmx&pbv=5.20.0&ncb=1&vs=FFF&crs=UTF-8&fr=https%3A%2F%2Fleviatanscans.com%2Fmx&e_pubcid=7c56050b-b76a-4906-a7a0-5266c84e4d6c
access-control-allow-credentials: true
content-type: text/html; charset=iso-8859-1
x-sid: AMS-603

POST
H/1.1 200
OK / Show response
ghb.adtelligent.com/v2/auction/ 1 KB
648 B 33ms
33ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/v2/auction/
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: 6a775ca98cf4ff122fca7d13aaf3ec5bbf324d0834d0b1404fc6efc70a8e37a5

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 30 Dec 2021 15:11:18 GMT
Content-Encoding: gzip
Server: VertaMedia 1.0
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://leviatanscans.com
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Length: 356

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
204 B 587ms
343ms XHR
text/plain 147.75.61.140
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.61.140 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://leviatanscans.com
date: Thu, 30 Dec 2021 15:11:19 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 225
vary: origin, Accept-Encoding

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
349 B 498ms
256ms XHR
text/plain 147.75.61.140
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.61.140 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://leviatanscans.com
date: Thu, 30 Dec 2021 15:11:19 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 135
vary: origin, Accept-Encoding

GET
H/1.1 200
OK csyncs Show response
ghb.adtelligent.com/ 572 B
617 B 30ms
30ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/csyncs?aid1=617707&aid2=617708&aid3=undefined
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/455799/hbw_master_313926_10240.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: 8c6fb7c5b9f878275e8ba560fbf1ff002c2823809ee40ff75e5113d8682dd653

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 15:11:18 GMT
Content-Encoding: gzip
Server: VertaMedia 1.0
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://leviatanscans.com
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Length: 325

GET
H2 200 css2
fonts.googleapis.com/ Frame F91C 4 KB
1 KB 148ms
53ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 14:35:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Dec 2021 15:11:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Dec 2021 15:11:19 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame F91C 205 B
743 B 135ms
43ms Image
image/png 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:04:03 GMT
x-content-type-options: nosniff
age: 14836
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 30 Dec 2022 11:04:03 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame F91C 604 B
696 B 135ms
44ms Image
image/png 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 13:27:25 GMT
x-content-type-options: nosniff
age: 179034
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 28 Dec 2022 13:27:25 GMT

GET
H2 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame F91C 19 KB
9 KB 136ms
44ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc7731959f24eb86dc0127adfa88c91e71d68b5a0c958dae09aab1b34438256c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 13:44:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5230
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8346
x-xss-protection: 0
server: cafe
etag: 3177319193432224586
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 13:44:09 GMT

GET

csync
sync.adtelligent.com/ Frame F972
Redirect Chain

https://csync.loopme.me/?redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D319130%26extuid%3D%7Bdevice_id%7D
https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=41ced089-453f-4567-9a6d-4e1768a7315b

0
0

GET csync
sync.adtelligent.com/ 0
0

GET
H2 204 match
dm.hybrid.ai/ 0
238 B 298ms
96ms Image
text/plain 37.18.16.21
HYBRID-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dm.hybrid.ai/match?id=186&burl=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D324902%26extuid%3D%24%7BVID%7D

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.18.16.21 , Russian Federation, ASN205675 (HYBRID-AS, RU),

Reverse DNS

Software

Hybrid Web Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:19 GMT
server: Hybrid Web Server
p3p: CP="NOI DSP COR CUR ADMa DEVo TAIo PSAo PSDo IVAo IVDo OUR IND COM NAV INT STA OTC"
access-control-allow-origin: *
cache-control: no-cache, no-store
x-mode: 120
x-xss-protection: 1; mode=block
expires: -1

GET
DATA 200
OK truncated
/ 385 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 82df16c2b9566862302bf45688a07667a9e658325d3fb54e5dcf9482306a39fa

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 240 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eaa3d12c6890efadb732d28d679f37a9d9f513ac686e7de453e82000612a7536

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 480 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ee9a49aae5d1fc7602361ae5c6d69fc8eb128d007b4dee67d42ce19bbf2c87e0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 216 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41c8460c9c718fb0e8c275b7baa9083f5477ec0919bab552ef952ecee74c567b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 AVmanager.js Show response
player.aniview.com/script/6.1/ Frame FCFC 365 KB
103 KB 211ms
64ms Script
application/javascript 2a02:26f0:6c00:28a::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=6194e37dd64d962c3c046ac4
Requested by: Host: player.avplayer.com
URL: https://player.avplayer.com/script/2/v/avcplayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:28a::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: afcee61ffa77c766763143e934d9ea4ab0fbb86e65b5fca2bf8e72fb8cf980b4

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:19 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycduC1-gRo3R35jJPqQPRccbYy-1ZeiVB7183PcZ-xNcLED12un-WADMuA-QGjkQ5pZqE3TtrSvfGhfoDy8LcH-E
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
content-length: 105203
last-modified: Wed, 15 Dec 2021 08:26:56 GMT
server: UploadServer
etag: "3faeddaf733d543bb1aa15327b216609"
vary: Accept-Encoding
x-goog-hash: crc32c=WLqW6Q==, md5=P67dr3M9VDuxqhUyeyFmCQ==
content-language: en
access-control-allow-origin: *
x-goog-generation: 1639556816117989
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 105203
accept-ranges: bytes
content-type: application/javascript
expires: Thu, 30 Dec 2021 15:16:19 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 22DE 6 KB
743 B 57ms
53ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3406818463&adk=249225904&adf=4032207530&pi=t.ma~as.3406818463&w=1110&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=17&bdt=673&idt=242&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1110x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2335&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=eN3pPo50FQ&p=https%3A//leviatanscans.com&dtd=634

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 14:11:14 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Dec 2021 15:11:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Dec 2021 15:11:19 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 22DE 1 KB
960 B 58ms
47ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 14:47:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1455
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 853
x-xss-protection: 0
server: cafe
etag: 7170004918125193417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 14:47:04 GMT

GET
H2 200 adagio.js Show response
script.4dex.io/ 71 KB
23 KB 216ms
87ms Fetch
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb04b94656de1350a1fe252e640d692b44f9501188d48c01884d6962bea38913

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:19 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2088246
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: txb5f752a807864ed0a56cd-0061adeed5
x-amz-id-2: txb5f752a807864ed0a56cd-0061adeed5
last-modified: Mon, 06 Dec 2021 11:00:35 GMT
server: cloudflare
etag: W/"d56fadf5a52703aee9982c415a17065a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tt5M%2FMogMaUurgwfErlWOHk3sHhvK5RyCtc4d9yCrOp7YSpZGNbKoBi%2BZEZSZAS7L3GHMi%2F2dhtrqCaQIObctd%2Fb91gj%2F6J40Z6ABanSgMqXBAqpP4w39SxmLsvA0DMbsvoSJ4M7732MZ4zJ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1638788435319991
cf-ray: 6c5c3331bfe03755-MXP
access-control-allow-headers: Authorization

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 7D34
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Yc3MFuip2E8Nf8xyJABULgAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEMn61Oo_k9KG0sXGVcoPcuo&google_cver=1&gdpr=1

43 B
1 KB

95ms
95ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEMn61Oo_k9KG0sXGVcoPcuo&google_cver=1&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 30 Dec 2021 15:11:19 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEMn61Oo_k9KG0sXGVcoPcuo&google_cver=1&gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 325
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 7D34
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&dcc=t

43 B
645 B

119ms
118ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:19 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 5ZSGEBVF7W20QQGW7QCD
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:19 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 24ZY8SRZ6P6VSAGKT8NW
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame 7D34
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&gdpr_consent=&us_privacy=&gdpr=1
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEO5i8MyqBv0hAITaUiUjBf8&google_cver=1

43 B
315 B

62ms
62ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEO5i8MyqBv0hAITaUiUjBf8&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Thu, 30 Dec 2021 15:11:19 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEO5i8MyqBv0hAITaUiUjBf8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 343
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 7D34 70 B
264 B 42ms
41ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:19 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

noop
px.owneriq.net/ Frame 7D34
Redirect Chain

https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID)
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ6941634792130552180&uid=Q6941634792130552180&ref=%2Feucm%2Fp%2Fcc
https://px.owneriq.net/noop?ct=image%2Fgif

0
287 B

43ms
43ms

Image
image/gif

104.111.242.53
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.owneriq.net/noop?ct=image%2Fgif
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Server: 104.111.242.53 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-53.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 15:11:19 GMT
Server: Apache/2.2.15 (CentOS)
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-Powered-By: PHP/5.3.3
Content-Length: 0
Content-Type: image/gif

Redirect headers

Location: https://px.owneriq.net/noop?ct=image%2Fgif
Date: Thu, 30 Dec 2021 15:11:19 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H2 200 ix
ad4m.at/ad/sim/ Frame 7D34 0
0 213ms
74ms Image
text/html 2606:4700:3039::6815:c0a7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad4m.at/ad/sim/ix?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c0a7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7D34
Redirect Chain

https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=1&external_user_id=2b6-eIzs7CvCu7l63OrwKNq27CTC7uQuje7o7dPL

43 B
1012 B

60ms
59ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=1&external_user_id=2b6-eIzs7CvCu7l63OrwKNq27CTC7uQuje7o7dPL
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 30 Dec 2021 15:11:19 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:19 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=1&external_user_id=2b6-eIzs7CvCu7l63OrwKNq27CTC7uQuje7o7dPL
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 ix-usync
router.infolinks.com/dyn/ Frame 7D34 35 B
196 B 157ms
156ms Image
image/gif 172.66.42.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/ix-usync?uid=Yc3MFuip2E8Nf8xyJABULgAA%26646
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6c5c33310c3235f5-MAN
content-length: 35
expires: Wed, 30 Dec 2020 15:11:19 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 22DE 19 KB
8 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:05:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 335
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:05:44 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 22DE 2 KB
1 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:07:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:07:29 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 22DE 15 KB
6 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:01:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 590
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:01:29 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 22DE 119 KB
37 KB 147ms
56ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:11:19 GMT

GET
H2 200 6d065ef8aad4e53a06604e1059b7b7b3.js Show response
www.gstatic.com/mysidia/ Frame 22DE 27 KB
12 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 14:00:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 177021
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11408
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 07:52:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 28 Mar 2022 14:00:58 GMT

GET
H2

200

cs&eq_cc=1 Show response
um2.eqads.com/um/ Frame 58F4
Redirect Chain

https://um2.eqads.com/um/cs
https://um2.eqads.com/um/cs&eq_cc=1

186 B
370 B

113ms
113ms

Document
text/html

54.174.249.39
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://um2.eqads.com/um/cs&eq_cc=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.174.249.39 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-174-249-39.compute-1.amazonaws.com
Software: /
Resource Hash: f5543fc3c1e30b255c151988d389c90709913491fc964efa8393cc3964c28f81

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/

Response headers

date: Thu, 30 Dec 2021 15:11:19 GMT
content-type: text/html; charset=utf-8
content-length: 186
cache-control: no-cache, must-revalidate
expires: Sat, 6 May 1995 12:00:00 GMT
last-modified: Thu, 30 Dec 2021 15:11:19 GMT
pragma: no-cache

Redirect headers

date: Thu, 30 Dec 2021 15:11:19 GMT
content-type: text/html; charset=utf-8
content-length: 41
location: /um/cs&eq_cc=1

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/6841757679334641607/ Frame 22DE 12 KB
12 KB 47ms
47ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6841757679334641607/downsize_200k_v1?w=400&h=209

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0795c0f2ee324de950910865d36a6e93888db235510619459f88f53e11c77c20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 12:17:01 GMT
x-content-type-options: nosniff
age: 10458
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12304
x-xss-protection: 0
last-modified: Mon, 13 Sep 2021 13:53:32 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 30 Dec 2022 12:17:01 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/6821080672580767921/ Frame 22DE 2 KB
2 KB 43ms
43ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6821080672580767921/downsize_200k_v1?w=100&h=100

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f790f464d4514565e44c49d81bd4f9362b540346a33846681c7b125868733290

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 23:03:26 GMT
x-content-type-options: nosniff
age: 58073
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1914
x-xss-protection: 0
last-modified: Thu, 08 Oct 2020 15:00:50 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 29 Dec 2022 23:03:26 GMT

GET
H3

200

B26373433.312536450;dc_pre=CPO6vrvni_UCFRrruwgdro8AHw;dc_trk_aid=505350903;dc_trk_cid=157069137;ord=4031216360;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= Show response
ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/ Frame 22DE
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B26373433.312536450;dc_trk_aid=505350903;dc_trk_cid=157069137;ord=4031216360;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr...
https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B26373433.312536450;dc_pre=CPO6vrvni_UCFRrruwgdro8AHw;dc_trk_aid=505350903;dc_trk_cid=157069137;ord=4031216360;dc_lat=;dc_rdid=;tag_for_ch...

42 B
63 B

110ms
61ms

Fetch
image/gif

142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B26373433.312536450;dc_pre=CPO6vrvni_UCFRrruwgdro8AHw;dc_trk_aid=505350903;dc_trk_cid=157069137;ord=4031216360;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?

Requested by

Protocol

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:19 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B26373433.312536450;dc_pre=CPO6vrvni_UCFRrruwgdro8AHw;dc_trk_aid=505350903;dc_trk_cid=157069137;ord=4031216360;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 22DE 0
0 84ms
83ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CFPenFszNYee_H4mYrAS-hpqgAdO126dnmMGOwJYO8unKzbUpEAEg_bzvA2C7hoCA0AqgAcTl8IEDyAEJqQL2auyHaJO2PqgDAcgDywSqBNEBT9B44O3cINAJHv0Ep5LplNxbvf7OGkD4aMykJHCX8s8EYPFLK8WQlixKAaNkBEW-uk_46tB59oMeTf9Uh9254iheJIOc6PgmI1P3tiIvftfgmFWRl7reQEDf9h-7tjU5ePwAtFQJUL5aC5Zoz7QKBZoLYFfmEX5Wjg3USARPOPOsEOCLPgFtIus2uvHS2dwthlX21P_MJwNmtlqLu25EWSn2Xa9CqSCB-C3JlBcFF14qSWqJ46woKVb_gdHh6drTkn9U4F2851EdsR_PAwd_sdDABMGf89LiA5IFBAgEGAGSBQQIBRgEoAYugAekmo9-qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQmuwB0ggJCIDhgBAQARgfgAoByAsB2BMNiBQC0BUBmBYBgBcBshccChoIABIUcHViLTQ4NzU5NzI0ODgwMTA4NTEYAA&sigh=JboClqL_9lI&uach_m=[UACH]&template_id=484

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3406818463&adk=249225904&adf=4032207530&pi=t.ma~as.3406818463&w=1110&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=17&bdt=673&idt=242&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1110x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2335&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=eN3pPo50FQ&p=https%3A//leviatanscans.com&dtd=634
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 30 Dec 2021 15:11:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 30 Dec 2021 15:11:19 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 5C99 19 KB
8 KB 94ms
42ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:05:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 335
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:05:44 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 5C99 2 KB
1 KB 96ms
45ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:07:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:07:29 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5C99 119 KB
37 KB 80ms
79ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:11:19 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 5C99 0
0 100ms
49ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRto7evg3IryTzc_5a00jFsltIHNSEC31DwYoDW0NvDetX9a9uSHDah95MUnSH5Piyn_CtHi6qST7SKTIDugj1oRO4ybA
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 15379734581793170068
tpc.googlesyndication.com/simgad/ Frame 5C99 95 KB
95 KB 97ms
47ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15379734581793170068

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d644dcb9365080ee85a79888a1c032897d5736aa21cb27f429630b81b4fd34ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 13:30:52 GMT
x-content-type-options: nosniff
age: 92427
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 97307
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 15:37:21 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 29 Dec 2022 13:30:52 GMT

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/ 149 KB
53 KB 73ms
73ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/reactive_library_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dbea79f2df0b90afb4a54efb447d86eeb387be30ca8387fb69b069a46ae4896a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54388
x-xss-protection: 0
server: cafe
etag: 7489837695308457557
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 15:11:19 GMT

GET
DATA 200
OK truncated
/ Frame 22DE 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0b2ff73f55bb392d94dced5e70652a97b7090a3ace877f9e74383540f1cc1af5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 22DE 15 KB
15 KB 42ms
42ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 17:58:32 GMT
x-content-type-options: nosniff
age: 76367
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Dec 2022 17:58:32 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 22DE 15 KB
15 KB 46ms
44ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 17:56:19 GMT
x-content-type-options: nosniff
age: 76500
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Dec 2022 17:56:19 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 22DE 15 KB
15 KB 56ms
54ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 13:39:48 GMT
x-content-type-options: nosniff
age: 523891
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 24 Dec 2022 13:39:48 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 9C47 6 KB
670 B 97ms
49ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3064878007&adk=4082483822&adf=57030562&pi=t.ma~as.3064878007&w=1200&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=1&bdt=673&idt=120&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=CpMJWv7tim&p=https%3A//leviatanscans.com&dtd=512

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 13:54:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Dec 2021 15:11:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Dec 2021 15:11:19 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 9C47 1 KB
880 B 41ms
41ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3064878007&adk=4082483822&adf=57030562&pi=t.ma~as.3064878007&w=1200&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=1&bdt=673&idt=120&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=CpMJWv7tim&p=https%3A//leviatanscans.com&dtd=512

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 14:47:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1455
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 853
x-xss-protection: 0
server: cafe
etag: 7170004918125193417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 14:47:04 GMT

GET
H3 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
122 B 99ms
50ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=leviatanscans.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 15:11:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 99ms
50ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 15:11:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/ Frame 615F 11 KB
5 KB 40ms
39ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 29 Dec 2021 19:07:16 GMT
expires: Wed, 12 Jan 2022 19:07:16 GMT
content-type: text/html; charset=UTF-8
etag: 17731914101004188133
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4884
x-xss-protection: 0
age: 72243
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/ Frame 1F3E 11 KB
5 KB 40ms
40ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 29 Dec 2021 19:07:16 GMT
expires: Wed, 12 Jan 2022 19:07:16 GMT
content-type: text/html; charset=UTF-8
etag: 17731914101004188133
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4884
x-xss-protection: 0
age: 72243
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 css
fonts.googleapis.com/ Frame 9F6B 6 KB
670 B 49ms
48ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=3079630965&adf=1996529579&pi=t.ma~as.8517528668&w=1110&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=2&bdt=673&idt=129&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeE%7C&abl=NS&pfx=0&cms=2&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=rVQVJPiktD&p=https%3A//leviatanscans.com&dtd=550

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 14:10:45 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Dec 2021 15:11:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Dec 2021 15:11:19 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 9F6B 1 KB
880 B 41ms
41ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=3079630965&adf=1996529579&pi=t.ma~as.8517528668&w=1110&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=2&bdt=673&idt=129&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeE%7C&abl=NS&pfx=0&cms=2&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=rVQVJPiktD&p=https%3A//leviatanscans.com&dtd=550

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 14:47:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1455
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 853
x-xss-protection: 0
server: cafe
etag: 7170004918125193417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 14:47:04 GMT

GET
H2 200 track
servt.modoro360.com/ 0
70 B 117ms
117ms Image
text/plain 35.171.252.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://servt.modoro360.com/track?r=leviatanscans.com&sn=&ic=0&tgt=0&app=&wi=600&he=338&test=&d36=6.1.2.92&apppkg=&fv=1&proto=https&pid=6194e37dd64d962c3c046ac4&cid=6194e38884e57b3ffd645344&stagid=6194e42745be0c7521582835&stplid=61992a63ecd4ee6f534beea5&e=inventory&vi=100&cb=1640877080423
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.171.252.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-171-252-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:19 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 9C47 19 KB
8 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3064878007&adk=4082483822&adf=57030562&pi=t.ma~as.3064878007&w=1200&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=1&bdt=673&idt=120&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=CpMJWv7tim&p=https%3A//leviatanscans.com&dtd=512

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:05:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 335
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:05:44 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 9C47 2 KB
1 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3064878007&adk=4082483822&adf=57030562&pi=t.ma~as.3064878007&w=1200&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=1&bdt=673&idt=120&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=CpMJWv7tim&p=https%3A//leviatanscans.com&dtd=512

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:07:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:07:29 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9C47 119 KB
36 KB 154ms
105ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3064878007&adk=4082483822&adf=57030562&pi=t.ma~as.3064878007&w=1200&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=1&bdt=673&idt=120&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=CpMJWv7tim&p=https%3A//leviatanscans.com&dtd=512

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:11:19 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 9C47 15 KB
6 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3064878007&adk=4082483822&adf=57030562&pi=t.ma~as.3064878007&w=1200&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=1&bdt=673&idt=120&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=CpMJWv7tim&p=https%3A//leviatanscans.com&dtd=512

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:01:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 590
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:01:29 GMT

GET
H3 200 6d065ef8aad4e53a06604e1059b7b7b3.js Show response
www.gstatic.com/mysidia/ Frame 9C47 27 KB
11 KB 98ms
49ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3064878007&adk=4082483822&adf=57030562&pi=t.ma~as.3064878007&w=1200&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=1&bdt=673&idt=120&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=CpMJWv7tim&p=https%3A//leviatanscans.com&dtd=512

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 14:00:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 177021
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11408
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 07:52:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 28 Mar 2022 14:00:58 GMT

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 8F3A 35 KB
13 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 13:17:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6821
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 30 Dec 2022 13:17:38 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 73 KB
28 KB 625ms
625ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3827809114459309&correlator=2646837784956766&output=ldjh&impl=fifs&eid=31060439&vrg=2021120601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20211230&iu_parts=21797538459%2CPapayAds_LeviatanScans_TOP_Banner%2CPapayAds_LeviatanScans_BOTTOM_Banner%2CPapayAds_LeviatanScans_Sticky_Footer&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=1024x768%7C768x1024%7C970x250%7C970x90%7C728x90%7C480x320%7C300x600%7C320x480%7C300x250%7C336x280%7C320x100%7C320x50%2C1024x768%7C768x1024%7C970x250%7C970x90%7C728x90%7C480x320%7C300x600%7C320x480%7C300x250%7C336x280%7C320x100%7C320x50%2C970x90%7C728x90%7C320x100&prev_scp=test%3Drefresh%26hb_rfBid%3D0%26excl_cat%3DPREPOST%7Ctest%3Drefresh%26hb_rfBid%3D0%26excl_cat%3DPREPOST%7Ctest%3Drefresh%26hb_rfBid%3D0%26excl_cat%3DPREPOST&eri=1&cookie=ID%3Dc64806832bcc985c-229f4dbb11cd000f%3AT%3D1640877078%3AS%3DALNI_MbcEREu-4geAko1swbmmsUzbUPjag&bc=31&abxe=1&lmt=1640876906&dt=1640877080447&dlt=1640877077981&idt=934&frm=20&biw=1600&bih=1200&oid=2&adxs=288%2C288%2C315&adys=592%2C2615%2C1110&adks=2354234553%2C2624567957%2C2691573345&ucis=2%7C3%7C4&ifi=9&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fleviatanscans.com%2Fmx&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1110x0%7C1110x0%7C970x-1&msz=1110x0%7C1110x0%7C970x-1&psts=AGkb-H-8cl9YysLcOCYc-QJmDgEVtFTQiIaVRhPFBRmJamtPJtmB-A9iHuhzrpbzAvab42i67oJ5TJtvMHaHG2uuAx57svNU9EiiFu8&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=true&ga_cid=960163704.1640877079&fws=4%2C4%2C516&ohw=1600%2C1600%2C1600&btvi=0%7C1%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

554b646191d2ab8967ebd91131ed931ad31c9b0445fd199382c13016e71af0e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28752
x-xss-protection: 0
google-lineitem-id: -1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://leviatanscans.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/2870807192806921165/ Frame 9C47 13 KB
13 KB 45ms
45ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2870807192806921165/downsize_200k_v1?w=400&h=209

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3064878007&adk=4082483822&adf=57030562&pi=t.ma~as.3064878007&w=1200&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=1&bdt=673&idt=120&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=CpMJWv7tim&p=https%3A//leviatanscans.com&dtd=512

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fc7d2e3184231305ec73246789dbe11e0110ff4d332d25cce5a29f5858513f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 16:39:27 GMT
x-content-type-options: nosniff
age: 81112
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13399
x-xss-protection: 0
last-modified: Wed, 15 Dec 2021 17:17:14 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 29 Dec 2022 16:39:27 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/1003291695108599190/ Frame 9C47 3 KB
3 KB 49ms
49ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1003291695108599190/downsize_200k_v1?w=100&h=100

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3064878007&adk=4082483822&adf=57030562&pi=t.ma~as.3064878007&w=1200&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=1&bdt=673&idt=120&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=CpMJWv7tim&p=https%3A//leviatanscans.com&dtd=512

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d4c71fb9eac90a3822e490161a6c0f645e4a36c4508d296ab69b694ed995a7ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 23 Dec 2021 15:14:04 GMT
x-content-type-options: nosniff
age: 604635
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3450
x-xss-protection: 0
last-modified: Wed, 04 Mar 2020 15:36:11 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 23 Dec 2022 15:14:04 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 9F6B 19 KB
8 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=3079630965&adf=1996529579&pi=t.ma~as.8517528668&w=1110&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=2&bdt=673&idt=129&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeE%7C&abl=NS&pfx=0&cms=2&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=rVQVJPiktD&p=https%3A//leviatanscans.com&dtd=550

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:05:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 335
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:05:44 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 9F6B 2 KB
1 KB 46ms
46ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=3079630965&adf=1996529579&pi=t.ma~as.8517528668&w=1110&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=2&bdt=673&idt=129&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeE%7C&abl=NS&pfx=0&cms=2&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=rVQVJPiktD&p=https%3A//leviatanscans.com&dtd=550

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:07:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:07:29 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9F6B 119 KB
36 KB 77ms
64ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=3079630965&adf=1996529579&pi=t.ma~as.8517528668&w=1110&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=2&bdt=673&idt=129&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeE%7C&abl=NS&pfx=0&cms=2&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=rVQVJPiktD&p=https%3A//leviatanscans.com&dtd=550

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:11:19 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 9F6B 15 KB
6 KB 46ms
46ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=3079630965&adf=1996529579&pi=t.ma~as.8517528668&w=1110&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=2&bdt=673&idt=129&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeE%7C&abl=NS&pfx=0&cms=2&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=rVQVJPiktD&p=https%3A//leviatanscans.com&dtd=550

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:01:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 590
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:01:29 GMT

GET
H3 200 6d065ef8aad4e53a06604e1059b7b7b3.js Show response
www.gstatic.com/mysidia/ Frame 9F6B 27 KB
11 KB 56ms
42ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=3079630965&adf=1996529579&pi=t.ma~as.8517528668&w=1110&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=2&bdt=673&idt=129&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeE%7C&abl=NS&pfx=0&cms=2&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=rVQVJPiktD&p=https%3A//leviatanscans.com&dtd=550

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 14:00:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 177021
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11408
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 07:52:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 28 Mar 2022 14:00:58 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 9C47 0
0 81ms
81ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CK1W0FszNYbWyGtqHrAS8mZ6oAcqrsZtnvKOCgswPnb_lubgrEAEg_bzvA2C7hoCA0AqgAf-p9usDyAEJqQIvYHY5k5S2PqgDAcgDywSqBMsBT9CjHXPyJ6WgCT7OLXJslg7dgt3rHQXyJRR_B3ljzJ2_97BSHIBGUDxgrmwG4ifKT3eYCXLyPgenygitCTHGUmf7H93E_O8975NyMWyoBvhkHXBaVyLv7O0MW0KiwEMzoo-szSxi1kn9cCi7Om6UNua6nN0LyAJiYgqZMehftqHnZ9_AI1XBzkGnIzgYffUiN2CWjjGVVkDvNqJ65kUxLHBk1kPf8wM-OG8061n-gKU8i6kJYklE-gha4oDlz1ZEB234F5tFJ13Q9WvABMXmibjiA5IFBAgEGAGSBQQIBRgEoAYugAfp1YkUqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQueMB0ggJCIDhgBAQARgfgAoByAsB2BMN0BUBmBYBgBcBshccChoIABIUcHViLTQ4NzU5NzI0ODgwMTA4NTEYAA&sigh=rRVBZjj80b0&uach_m=[UACH]&template_id=484

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3064878007&adk=4082483822&adf=57030562&pi=t.ma~as.3064878007&w=1200&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=1&bdt=673&idt=120&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=CpMJWv7tim&p=https%3A//leviatanscans.com&dtd=512

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3064878007&adk=4082483822&adf=57030562&pi=t.ma~as.3064878007&w=1200&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=1&bdt=673&idt=120&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=CpMJWv7tim&p=https%3A//leviatanscans.com&dtd=512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 30 Dec 2021 15:11:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 / Show response
serv.modoro360.com/api/adserver/tag/ 25 KB
3 KB 442ms
178ms XHR
application/json 54.88.99.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://serv.modoro360.com/api/adserver/tag/?AV_TAGID=6194e42745be0c7521582835&AV_PUBLISHERID=6194e37dd64d962c3c046ac4&AV_SLOTT=-2&AV_SECURED=1&AV_LANGUAGE=en&AV_URL=https%3A%2F%2Fleviatanscans.com%2Fmx&AV_CHANNELID=6194e38884e57b3ffd645344&tgt=0&AV_SUBID=&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=&pce=1&npx=1&AV_DETDOMAIN=leviatanscans.com&AV_DADPOS=1&AV_TAG=6194e42745be0c7521582835&AV_TEMPLATE=61992a63ecd4ee6f534beea5&d36=6.1.2.92&sver=1&avtoken=80422&AV_WIDTH=600&AV_HEIGHT=338&AV_CCPA=1---&AV_DNT=0&cb=1640877080499
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=6194e37dd64d962c3c046ac4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.88.99.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-88-99-244.compute-1.amazonaws.com
Software: /
Resource Hash: ba606c9e3929f635a637959c231747c7969dd4f5b5ec0bd29c5872a2e040dc8f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:20 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://leviatanscans.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Sun, 19 Dec 2021 01:24:40 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/10073206676534724499/ Frame 9F6B 12 KB
12 KB 44ms
43ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10073206676534724499/downsize_200k_v1?w=400&h=209

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=3079630965&adf=1996529579&pi=t.ma~as.8517528668&w=1110&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=2&bdt=673&idt=129&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeE%7C&abl=NS&pfx=0&cms=2&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=rVQVJPiktD&p=https%3A//leviatanscans.com&dtd=550

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d98213a583cc573cd291302ec1e71094804e54f3a259ca70324161c9695b961

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 27 Dec 2021 17:08:33 GMT
x-content-type-options: nosniff
age: 252166
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12625
x-xss-protection: 0
last-modified: Mon, 13 Sep 2021 13:53:21 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 27 Dec 2022 17:08:33 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/6821080672580767921/ Frame 9F6B 2 KB
2 KB 46ms
46ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6821080672580767921/downsize_200k_v1?w=100&h=100

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=3079630965&adf=1996529579&pi=t.ma~as.8517528668&w=1110&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=2&bdt=673&idt=129&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeE%7C&abl=NS&pfx=0&cms=2&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=rVQVJPiktD&p=https%3A//leviatanscans.com&dtd=550

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f790f464d4514565e44c49d81bd4f9362b540346a33846681c7b125868733290

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 23:03:26 GMT
x-content-type-options: nosniff
age: 58073
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1914
x-xss-protection: 0
last-modified: Thu, 08 Oct 2020 15:00:50 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 29 Dec 2022 23:03:26 GMT

GET
H3

200

B26373433.312536450;dc_pre=CMK_1Lvni_UCFfbIuwgdnrILYA;dc_trk_aid=505350903;dc_trk_cid=156847799;ord=2330378574;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= Show response
ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/ Frame 9F6B
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B26373433.312536450;dc_trk_aid=505350903;dc_trk_cid=156847799;ord=2330378574;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr...
https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B26373433.312536450;dc_pre=CMK_1Lvni_UCFfbIuwgdnrILYA;dc_trk_aid=505350903;dc_trk_cid=156847799;ord=2330378574;dc_lat=;dc_rdid=;tag_for_ch...

42 B
63 B

64ms
63ms

Fetch
image/gif

142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B26373433.312536450;dc_pre=CMK_1Lvni_UCFfbIuwgdnrILYA;dc_trk_aid=505350903;dc_trk_cid=156847799;ord=2330378574;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=3079630965&adf=1996529579&pi=t.ma~as.8517528668&w=1110&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=2&bdt=673&idt=129&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeE%7C&abl=NS&pfx=0&cms=2&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=rVQVJPiktD&p=https%3A//leviatanscans.com&dtd=550

Protocol

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:19 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B26373433.312536450;dc_pre=CMK_1Lvni_UCFfbIuwgdnrILYA;dc_trk_aid=505350903;dc_trk_cid=156847799;ord=2330378574;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 9F6B 0
0 86ms
86ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CF4j6FszNYfG5GtiHrASOuqvwDtO126dnrNb4g7cOkuvKzbUpEAEg_bzvA2C7hoCA0AqgAcTl8IEDyAEJqQIvYHY5k5S2PqgDAcgDywSqBNEBT9C25ZZGzxXA1sf-d4iCg-nnbkA-oae7v4ycOyIIWecyXXS6e7qSa12tTpwvWB2K9vGpZIUSwUeOp4lN7O7GACDyD_taz85bhmMC_PbBIY7XACfMwAvtOKiHR9-c73mfRfDJGYvQVJRIHWjMMZZyzAByNgP-FEz43_ua8zdVKJM3gH3CpXh4ePTb4e32EdQqYU7gyNp_tecBlhLn1YHILI9myzTdkj_7ZAz1K7TyBcSY8xHBnC63t-jxwRh_BORBWjpPi1UH27m_biziSm6ldajABMGf89LiA5IFBAgEGAGSBQQIBRgEoAYugAekmo9-qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQxr8P0ggJCIDhgBAQARgfgAoByAsB2BMN0BUBmBYBgBcBshccChoIABIUcHViLTQ4NzU5NzI0ODgwMTA4NTEYAA&sigh=3QZy5tNOY0E&uach_m=[UACH]&template_id=484

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=3079630965&adf=1996529579&pi=t.ma~as.8517528668&w=1110&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=2&bdt=673&idt=129&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeE%7C&abl=NS&pfx=0&cms=2&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=rVQVJPiktD&p=https%3A//leviatanscans.com&dtd=550

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=3079630965&adf=1996529579&pi=t.ma~as.8517528668&w=1110&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=2&bdt=673&idt=129&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeE%7C&abl=NS&pfx=0&cms=2&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=rVQVJPiktD&p=https%3A//leviatanscans.com&dtd=550
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 30 Dec 2021 15:11:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 css2
fonts.googleapis.com/ Frame 615F 4 KB
634 B 49ms
49ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 14:11:04 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Dec 2021 15:11:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Dec 2021 15:11:19 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 615F 205 B
229 B 41ms
40ms Image
image/png 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:04:03 GMT
x-content-type-options: nosniff
age: 14836
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 30 Dec 2022 11:04:03 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 615F 604 B
628 B 41ms
41ms Image
image/png 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 13:27:25 GMT
x-content-type-options: nosniff
age: 179034
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 28 Dec 2022 13:27:25 GMT

GET
H3 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame 615F 19 KB
8 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc7731959f24eb86dc0127adfa88c91e71d68b5a0c958dae09aab1b34438256c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 13:44:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5230
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8346
x-xss-protection: 0
server: cafe
etag: 3177319193432224586
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 13:44:09 GMT

GET
H/1.1 200
OK crum
dsum-sec.casalemedia.com/ Frame 58F4 43 B
1 KB 60ms
59ms Image
image/gif 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=40&external_user_id=90dbe02f-2d5a-4dda-9ec2-99c46e9a5c17&expiration=1648653079
Requested by: Host: um2.eqads.com
URL: https://um2.eqads.com/um/cs&eq_cc=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://um2.eqads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 30 Dec 2021 15:11:19 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 1F3E 19 KB
8 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:05:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 335
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:05:44 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 1F3E 2 KB
1 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:07:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:07:29 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1F3E 119 KB
36 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:11:19 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 1F3E 15 KB
6 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:01:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 590
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:01:29 GMT

GET
H3 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 1F3E 27 KB
11 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2cc36b7e19b912c6d09739d2c3edbbb05a272be96736ae9fb0b0a70c2a331d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 08:47:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23007
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11415
x-xss-protection: 0
server: cafe
etag: 3382072337847676073
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 08:47:52 GMT

GET
H3 200 14310031211371660061
tpc.googlesyndication.com/daca_images/simgad/ Frame 1F3E 56 KB
56 KB 44ms
44ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/14310031211371660061

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

477556439826bff483f5a539220d3a748c0b9d18f153f6337be70b883925847b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 26 Dec 2021 00:03:58 GMT
x-content-type-options: nosniff
age: 400041
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57310
x-xss-protection: 0
last-modified: Sat, 06 Nov 2021 06:24:02 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 26 Dec 2022 00:03:58 GMT

GET
DATA 200
OK truncated
/ Frame 9F6B 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7d4d5fbc26db94a6051ca0ad0867ed9282e5ebbbfe0803209ca5845027ea166f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 9C47 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60a846787e162ec553422194e9323334ac6a62d40f36a858c6f7f2f38f15b3e2

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 9C47 15 KB
15 KB 41ms
40ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 17:58:32 GMT
x-content-type-options: nosniff
age: 76367
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Dec 2022 17:58:32 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 9C47 15 KB
15 KB 43ms
43ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 17:56:19 GMT
x-content-type-options: nosniff
age: 76500
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Dec 2022 17:56:19 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 9C47 15 KB
15 KB 52ms
52ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 13:39:48 GMT
x-content-type-options: nosniff
age: 523891
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 24 Dec 2022 13:39:48 GMT

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 9F6B 15 KB
15 KB 62ms
62ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 17:58:32 GMT
x-content-type-options: nosniff
age: 76367
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Dec 2022 17:58:32 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 9F6B 15 KB
15 KB 70ms
70ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 17:56:19 GMT
x-content-type-options: nosniff
age: 76500
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Dec 2022 17:56:19 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 9F6B 15 KB
15 KB 78ms
78ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 13:39:48 GMT
x-content-type-options: nosniff
age: 523891
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 24 Dec 2022 13:39:48 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 5230 3 KB
579 B 49ms
48ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 14:21:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Dec 2021 15:11:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Dec 2021 15:11:19 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 5230 1 KB
880 B 42ms
41ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 14:47:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1455
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 853
x-xss-protection: 0
server: cafe
etag: 7170004918125193417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 14:47:04 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 5230 19 KB
8 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:05:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 335
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:05:44 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 5230 2 KB
1 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:07:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:07:29 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5230 119 KB
36 KB 60ms
59ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:11:19 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 5230 15 KB
6 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:01:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 590
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:01:29 GMT

GET
H3 200 6d065ef8aad4e53a06604e1059b7b7b3.js Show response
www.gstatic.com/mysidia/ Frame 5230 27 KB
11 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 14:00:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 177021
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11408
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 07:52:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 28 Mar 2022 14:00:58 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 65A0 143 B
163 B 39ms
39ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 30 Dec 2021 15:02:24 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 535
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame BC91 35 KB
13 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3064878007&adk=4082483822&adf=57030562&pi=t.ma~as.3064878007&w=1200&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=1&bdt=673&idt=120&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=CpMJWv7tim&p=https%3A//leviatanscans.com&dtd=512

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 13:17:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6822
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 30 Dec 2022 13:17:38 GMT

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 17E5 35 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=3079630965&adf=1996529579&pi=t.ma~as.8517528668&w=1110&fwrn=4&fwrnh=100&lmt=1640876906&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fleviatanscans.com%2Fmx&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640877078654&bpp=2&bdt=673&idt=129&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=242587292157&frm=20&pv=1&ga_vid=647145903.1640877079&ga_sid=1640877079&ga_hid=2052766813&ga_fc=1&ga_cid=960163704.1640877079&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750774&oid=2&pvsid=3827809114459309&pem=70&tmod=254&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeE%7C&abl=NS&pfx=0&cms=2&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=rVQVJPiktD&p=https%3A//leviatanscans.com&dtd=550

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 13:17:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6822
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 30 Dec 2022 13:17:38 GMT

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame D942 35 KB
13 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 13:17:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6822
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 30 Dec 2022 13:17:38 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 65A0
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

77ms
77ms

Document
text/html

2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 30 Dec 2021 15:11:20 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 30 Dec 2021 15:11:20 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 30 Dec 2021 15:11:20 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 8005 35 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 13:17:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6822
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 30 Dec 2022 13:17:38 GMT

GET
H2

200

cookiesyncendpoint Show response
servs.modoro360.com/ Frame D1CF
Redirect Chain

https://ad.360yield.com/server_match?partner_id=1581&r=https%3A%2F%2Fservs.modoro360.com%2Fcookiesyncendpoint%3Fpid%3D59c9148628a0612da3689288%26biddername%3D22%26auid%3D1640877080009-991052717804-...
https://servs.modoro360.com/cookiesyncendpoint?pid=59c9148628a0612da3689288&biddername=22&auid=1640877080009-991052717804-008490-003-006045&key=e6c6ded2-b467-4d71-913c-eb56668b8895

0
240 B

392ms
114ms

Document
text/plain

34.231.131.161
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://servs.modoro360.com/cookiesyncendpoint?pid=59c9148628a0612da3689288&biddername=22&auid=1640877080009-991052717804-008490-003-006045&key=e6c6ded2-b467-4d71-913c-eb56668b8895
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=6194e37dd64d962c3c046ac4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.231.131.161 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-231-131-161.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

date: Thu, 30 Dec 2021 15:11:20 GMT
content-length: 0

Redirect headers

date: Thu, 30 Dec 2021 15:11:20 GMT
content-type: text/plain
content-length: 0
location: https://servs.modoro360.com/cookiesyncendpoint?pid=59c9148628a0612da3689288&biddername=22&auid=1640877080009-991052717804-008490-003-006045&key=e6c6ded2-b467-4d71-913c-eb56668b8895
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 204 sync
pixel.advertising.com/ups/58246/ Frame 7857 0
0 43ms
43ms Document
text/plain 18.197.73.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://pixel.advertising.com/ups/58246/sync?&gdpr=1&gdpr_consent=&redir=true

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=6194e37dd64d962c3c046ac4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.197.73.85 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-197-73-85.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

date: Thu, 30 Dec 2021 15:11:20 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
strict-transport-security: max-age=31536000

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame D13F 14 KB
5 KB 153ms
46ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=160993&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Fservs.modoro360.com%2Fcookiesyncendpoint%3Fpid%3D59c9148628a0612da3689288%26biddername%3D1%26auid%3D1640877080009-991052717804-008490-003-006045%26key%3D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=6194e37dd64d962c3c046ac4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=78522
expires: Fri, 31 Dec 2021 13:00:02 GMT
date: Thu, 30 Dec 2021 15:11:20 GMT
vary: Accept-Encoding

GET
H2

200

cookiesyncendpoint Show response
servs.modoro360.com/ Frame 03AB
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=aniview&redir=https%3A%2F%2Fservs.modoro360.com%2Fcookiesyncendpoint%3Fpid%3D59c9148628a0612da3689288%26biddername%3D200%26auid%3D1640877080009-991052717804...
https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-10eddfa2-253c-4734-be3d-74b87e49d521-003&rndcb=4361240654
https://x.bidswitch.net/ul_cb/sync?ssp=adconductor&user_id=RX-10eddfa2-253c-4734-be3d-74b87e49d521-003&rndcb=4361240654
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=adconductor&bsw_param=fbf77986-0b88-4928-a681-9a4466aae365&google_hm=ZmJmNzc5ODYtMGI4OC00OTI4LWE2ODEtOWE0NDY2YWFl...
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEKjZfKwDDVdOI3hkMKo_zsg&google_cver=1&ssp=adconductor&bsw_param=fbf77986-0b88-4928-a681-9a4466aae365
https://sync.1rx.io/usersync/bidswitch/fbf77986-0b88-4928-a681-9a4466aae365?gdpr=&gdpr_consent=
https://sync.targeting.unrulymedia.com/csync/RX-10eddfa2-253c-4734-be3d-74b87e49d521-003?redir=https%3A%2F%2Fservs.modoro360.com%2Fcookiesyncendpoint%3Fpid%3D59c9148628a0612da3689288%26biddername%3...
https://servs.modoro360.com/cookiesyncendpoint?pid=59c9148628a0612da3689288&biddername=200&auid=1640877080009-991052717804-008490-003-006045&key=RX-10eddfa2-253c-4734-be3d-74b87e49d521-003

0
251 B

116ms
115ms

Document
text/plain

34.231.131.161
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://servs.modoro360.com/cookiesyncendpoint?pid=59c9148628a0612da3689288&biddername=200&auid=1640877080009-991052717804-008490-003-006045&key=RX-10eddfa2-253c-4734-be3d-74b87e49d521-003
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=6194e37dd64d962c3c046ac4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.231.131.161 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-231-131-161.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

date: Thu, 30 Dec 2021 15:11:20 GMT
content-length: 0

Redirect headers

server: Tengine
date: Thu, 30 Dec 2021 15:11:20 GMT
content-type: text/html
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location: https://servs.modoro360.com/cookiesyncendpoint?pid=59c9148628a0612da3689288&biddername=200&auid=1640877080009-991052717804-008490-003-006045&key=RX-10eddfa2-253c-4734-be3d-74b87e49d521-003
etag: RX10eddfa2253c4734be3d74b87e49d521003

GET
H2 204 services
sync.technoratimedia.com/ Frame 29F5 0
0 345ms
107ms Document
text/plain 129.159.70.95
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=70&uid=1640877080009-991052717804-008490-003-006045&cb=https%3A%2F%2Fservs.modoro360.com%2Fcookiesyncendpoint%3Fpid%3D59c9148628a0612da3689288%26biddername%3D3%26auid%3D1640877080009-991052717804-008490-003-006045%26key%3D%5BUSER_ID%5D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=6194e37dd64d962c3c046ac4
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 129.159.70.95 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

server: nginx
date: Thu, 30 Dec 2021 15:11:20 GMT
access-control-allow-origin: https://leviatanscans.com/
access-control-allow-credentials: true
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 140968543
age: 0
via: 1.1 varnish

GET
H/1.1 204
No Content merge
ce.lijit.com/ Frame 2ABF 0
0 145ms
49ms Document
text/plain 72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ce.lijit.com/merge?pid=376385&3pid=1640877080009-991052717804-008490-003-006045&us_privacy=1---&gdpr=1&gdpr_consent=&location=https%3A%2F%2Fservs.modoro360.com%2Fcookiesyncendpoint%3Fpid%3D59c9148628a0612da3689288%26biddername%3D18%26auid%3D1640877080009-991052717804-008490-003-006045%26key%3D%5BSOVRNID%5D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=6194e37dd64d962c3c046ac4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

Server: nginx
Date: Thu, 30 Dec 2021 15:11:20 GMT
X-MERGE: GDPR Optout true
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap3ams1

GET
H2 200 avpb3.js Show response
player.aniview.com/script/6.1/ Frame FCFC 314 KB
98 KB 69ms
69ms Script
application/javascript 2a02:26f0:6c00:28a::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/avpb3.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=6194e37dd64d962c3c046ac4
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:28a::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: eda76969217d61f1d94de37ea52f15c2266eb2c4fb56f107ff5835c59273bbd8

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:20 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdup1HDO6QLtvu3rwxFy9zcAvZozJTDnakuI3mBn7imyuFPyOSS-y2ipLVM-6811gg8A5oEekAR_kCO8LyUlhbg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
content-length: 99492
last-modified: Wed, 15 Dec 2021 08:25:49 GMT
server: UploadServer
etag: "106d630db54a500f0a231346c7dd14cd"
vary: Accept-Encoding
x-goog-hash: crc32c=PuUYZw==, md5=EG1jDbVKUA8KIxNGx90UzQ==
content-language: en
access-control-allow-origin: *
x-goog-generation: 1639556749784456
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 99492
accept-ranges: bytes
content-type: application/javascript
expires: Thu, 30 Dec 2021 15:16:20 GMT

GET
H2 200 avpb3a1.js Show response
player.aniview.com/script/6.1/ Frame FCFC 64 KB
20 KB 88ms
87ms Script
application/javascript 2a02:26f0:6c00:28a::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/avpb3a1.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=6194e37dd64d962c3c046ac4
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:28a::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 8d2eb62cccd023cef02f0dc3054c1798027ef758e40856869748dd1c740a1cfb

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:20 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycduNByjG2NtHsjWIe4m0Uv2RaMqPEjAwKsWAi3KZWOyzh8oku3HN_y8PyeCUtwjCOVIAvDK_ciGTsjgxmh7oZi0
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
content-length: 19996
last-modified: Wed, 15 Dec 2021 08:26:16 GMT
server: UploadServer
etag: "476b0c9c2c8ba0bfebd59b2cffba86e6"
vary: Accept-Encoding
x-goog-hash: crc32c=d0rWbg==, md5=R2sMnCyLoL/r1Zss/7qG5g==
content-language: en
access-control-allow-origin: *
x-goog-generation: 1639556776750891
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 19996
accept-ranges: bytes
content-type: application/javascript
expires: Thu, 30 Dec 2021 15:16:20 GMT

GET
H2 200 track
servt.modoro360.com/ 0
70 B 123ms
123ms Image
text/plain 35.171.252.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://servt.modoro360.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=71326&t=1640877080&cip=89.238.142.213&sn=&tgt=0&osv=10&bv=96.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=6194e37dd64d962c3c046ac4&test=&aafaid=&proto=https&uid=1640877080009-991052717804-008490-003-006045&cha=0.7&stagid=6194e42745be0c7521582835&stplid=61992a63ecd4ee6f534beea5&d35=&d36=6.1.2.92&cb=51678316431&d9=1000&d37=realtime&AV_WIDTH=400&AV_HEIGHT=225&&ppid=6194e37dd64d962c3c046ac4&nid=60095c900c0799791c46d8d4&pcid=6194e38884e57b3ffd645344&ncid=6194e3a994b65d4a2859ae88&pasid=6194e3c51aa41b34db7b01e6&e=request&cb=1640877081035&asid=6194e87a48e85727c24481a8%2C6194e86fac4cf11ed815a156%2C6194e86a33199e7e61076915%2C6194e7e8c0031b40a05f5ba6%2C6194e87548e85727c24481a6%2C61a8c2dff760b679ae3739ac%2C6194e87d8a4970280d4102a7%2C6194e882e723ed2e2c775ee6%2C61a8c2dff760b679ae3739aa%2C61a8c2dff760b679ae3739ae%2C61a8c2dff760b679ae3739a8%2C619e1be84bb44339121f7bc1%2C619e1be94bb44339121f7bd3%2C611a457f87e270137b58cd4c&ofpr=%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C0.5&fpo=%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.171.252.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-171-252-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:20 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3 200 container.html Show response
a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3A7F 6 KB
3 KB 92ms
43ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 30 Dec 2021 15:11:18 GMT
expires: Fri, 30 Dec 2022 15:11:18 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame EADB 6 KB
3 KB 92ms
46ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 30 Dec 2021 15:11:18 GMT
expires: Fri, 30 Dec 2022 15:11:18 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 109B 6 KB
3 KB 65ms
41ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 30 Dec 2021 15:11:18 GMT
expires: Fri, 30 Dec 2022 15:11:18 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ads_-ad-exo-&googleadword= Show response
fundingchoicesmessages.google.com/f/AGSKWxXViivpouzw8QxEFHYI2Wnr8w-Yj62Y8aRd9X2AFvD5fA2vnlTn1nBqXfsEvquIADwkalaTLFXtlEODOKXpTClO2rScW--qwAfus3CiM5NOUsk9fx49bRW68810T-yaYUcNjGuxAY9O9B2rKcID1YEtCFHBI... 54 B
106 B 59ms
58ms Script
application/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXViivpouzw8QxEFHYI2Wnr8w-Yj62Y8aRd9X2AFvD5fA2vnlTn1nBqXfsEvquIADwkalaTLFXtlEODOKXpTClO2rScW--qwAfus3CiM5NOUsk9fx49bRW68810T-yaYUcNjGuxAY9O9B2rKcID1YEtCFHBIl8C37KZxPGezM6O5_7i1r2dTSiEuhJclUuGp9WRRd_RlynTX_IBt8PhnWpufWCOFTnLNsPSF-cCAIXhsn8=/_/richoas._160x600_/live/ads_-ad-exo-&googleadword=

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingDetectionClientJs.en_US.I5jW2UAii_k.es5.O/d=1/rs=AJlcJMyiElFRX89-tncHBIfL3JvV4k9aEg/m=detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c1e83eb2cfab4d5ded08a5b16f24b685fb3c3bddd0ea1aad17ca7b00e62e7ee2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-yHTN9AbYC6J9E0BkCQDaaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-yHTN9AbYC6J9E0BkCQDaaQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'report-sample' 'nonce-yHTN9AbYC6J9E0BkCQDaaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-yHTN9AbYC6J9E0BkCQDaaQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 osd.js Show response
pagead2.googlesyndication.com/pagead/ 73 KB
27 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/osd.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b8bb7e25dcb0e1170eb74e39d61a923080019e5318d936a04d0ca8e17b93221

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 14:57:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 834
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28051
x-xss-protection: 0
server: cafe
etag: 15374541473190121361
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 15:57:26 GMT

POST
H3 204 AGSKWxXN-0gFI-ahzPOcP2La72ZX8G4UDT4ewTFdw8-cYy1cHMGChvagNvN7g8z6HF8pzryEP5Ux53wSRRCeLUjeRgNilai2LgiOOQ6nSiiZ3FuL86klcgMGKFMeqkhV4UWcWtV0Zt60CZW-NOIP8R4JrmLWZhAbEBr64hgcoh71jF93nke_8HMHfplAxMZU Show response
fundingchoicesmessages.google.com/el/ 0
27 B 54ms
54ms XHR
text/html 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxXN-0gFI-ahzPOcP2La72ZX8G4UDT4ewTFdw8-cYy1cHMGChvagNvN7g8z6HF8pzryEP5Ux53wSRRCeLUjeRgNilai2LgiOOQ6nSiiZ3FuL86klcgMGKFMeqkhV4UWcWtV0Zt60CZW-NOIP8R4JrmLWZhAbEBr64hgcoh71jF93nke_8HMHfplAxMZU

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-zSo/mlBJAJE1dYCL9bI2EA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-zSo/mlBJAJE1dYCL9bI2EA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 30 Dec 2021 15:11:20 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorLoggingHttp"
x-frame-options: SAMEORIGIN
report-to: {"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type: text/html; charset=utf-8
access-control-allow-origin: https://leviatanscans.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-zSo/mlBJAJE1dYCL9bI2EA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-zSo/mlBJAJE1dYCL9bI2EA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 64 B
288 B 183ms
109ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=cFJaFg4dmr64KsaKjGFx_2
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 9e4c187bb3bcd3bf31af74e20e70c88c4231ef43bb6ecdd229441cf6d055e77e

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 30 Dec 2021 15:11:20 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://leviatanscans.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame D13F 0
42 B 125ms
35ms Script
text/plain 198.47.127.19
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=72300982&p=160993&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=160993&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Fservs.modoro360.com%2Fcookiesyncendpoint%3Fpid%3D59c9148628a0612da3689288%26biddername%3D1%26auid%3D1640877080009-991052717804-008490-003-006045%26key%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:19 GMT
content-length: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2C80 624 B
297 B 52ms
52ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRDwoIKyAhiypd21ATAB&v=APEucNWH90TZd64nmVsyAU39lqGxwWC5nqlTOS8D8nIxGO_zm7nWjMbYAUw1dkjSym1f_P3B9WK40l-zt4qSAKRQe6ERzzsr-_ge79uLJlfJQwi9VIQgDsE3bbyj_myAK-6rIj7_WrH8mLVc7UAEIANy7FPtImODeyB2z4TYSiVwDtdAX7EUMIw

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 30 Dec 2021 15:11:20 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2629 12 KB
9 KB 71ms
71ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C1Op8Wt-Hg9H9iWPlaTAkId0dPdrB2Asr8phFeRuitBHtRN8xZtDqkPYNfR71DELDH9rSn1IZnRJPPvE25jcx9H4dLfCbj6UsbgNBIpNSgRtbD0t_D-I8P6llla2pIPsu08tJZgYhfeehSD-h-2IVonK1nDg&cry=1&dbm_d=AKAmf-Bb849dll4wIcO5UtPfQnixaaNyRk_FvVwxwEEf53ISiA1Cz9Wh0HyRU4jHZymOF3HKx_wA4crGqTW7FwHsd98VrFbJkGrhyWKbsva7TpyqpQjmLyr0eYfVPAJInd7LsoCp0bPqw5BhXTBvQG-PKQuTT5rMdV2-JVQV2FTRLzWS2s-HOGZUAw0gfYuF6MSPElWtHBAgiNJFDdNzxT5RMlE7054NBr0du_QFjFeslTp2coJvIKZBnFZuE3u_ybJxN4a4OH3sB_jDZFhAkoGmTBb5BxKqJj4Gt1Mws-SjEvKSi09zPEbdHSSZjA0_ufCoCNslIYHqOr_5HGUHxYWzuG6zYXGO2F2j-HZGqjqp_DUZFx8_OeU-FG5A88LIZHBOH3Roj6BsqIsY1WDu2uPV8xie4RnCmXU67Rf-1iSmGFTtTIzjY2sHwEbf1l5KSSS2GbnehrLbUdH2sLWGKtkvyPqbSWO4PIk5TbyBgmB3DfewlV05XV1cdUHJ8PFKK-X6yI884dQwRW6QYtA-L9Qxj_reboQrbueIx_hBX_2ooqWEbPzPZYZJblXKHoGtKLrarkcUt8BoKLbI8E1BoFU7msAGcaknlkr_1ULHXD6xRhRLB9KKnUeAzLZ8jsS2SDK-tjSMN2SDGCTBt9U82DJQ1L4utBGQGf9TxinYIy60ruRyd6HdMmPRDuIvw2DXvMyNt32fH8QDFgNp4GLyGmdERK-r5xgLvSvv7P2V7CZGgdt0o8nlQezLNW-4u9B6_D03EwsqqRvm66H27uYZr1drxXOv0ZIwjvVnd2jE2rU5hRBJFoC-N3u7aSJbKE3Z7Rl5iWE-h-TSiSnzvTqp8ABQGH8n5z9pEsJ6BVZRRVX7WlSYXgaOyoKIrnH_KXMSccSB2bzGmRIMcjQwnDdSnyUt1o9fp6P7WMKnQwuGXzu5o1iJJ3VZyobxQ4buGqlc_jUfJzpuZV-chiRVfM0lfszQwaxC6qo4xBk2YroMpZRe_I98ZCdqDQPQUBeiLxPlhSxLe94zlT6bSeSwm61IRE9uBgWInCoP7W_QSBMCalexsyLqbMqu7NrUkbrZzrZPAd-bZ5M_LrI8w8L8CfTg1S7PR4zxLMVyqMOgQQtVSLbb14slbUp7s36mzRNlsY6hWyv4u1Nkcj8NSmEKBEc8h7wpAQUt2lnilflDNtOuiAJznPi9P71hvU-qDqj0-AAW5CkO-5ARlATKlDIKIiLCz4OKWz7TKKKIPyb1_nOV_tB84FkWcGsZ_KGS3M8krSRK7KSYVcndWluNE1XzL-i7p5xZHNk9oOttX4uqOIsWqGJc4xIwvWOfm84kxSNtSRDu2cY0YcrG8ukjajUrr9hZihI1aICXZVZN5Y5quuDBhRXemaegNr6Nx1Ecd4wYj3FcN4z2TIvyJd5D4oTxi82TesfF7U_Ik1epYmwKwinkwAr2wAyb2D_yS1glA4m0IaotvRv6S-WofUZmwTUPsV1J1a8CejH7EyYoamKgKu5k0iXvMHQ2oKEl690_DyHJddiuv-QO8zF4r9GBpbqa_2xVI7QeTsaMS41XsmfUifhGaXI3UFWeb7hqdoW8O0j5MbXc0pMw4kiUXvAvda-XtWq9jIgHzuzU3W24oGyNW2lRwqStI1uUkF8Gg_YuEv-CMRtw86pDaBsaRvpSq-_dtYoDOkfaCIU57EKmT_CTp09J3CdsYvIvKV7BSig2DS8_Mc2mu7fWMdifOBkXDhePWlpVdz38J8d1TrrtqTc559qYbLzh03-m3myA79DBSu0T5p4tPek5AVa8UScPyKHtet_hjwcV0ScKb0xcdJ1bG0LrqnQ5rgePRUjb7FJqB4PcKijk80ee76bR3U726Y_SoDVD23CaeP8PYgK9xppniK9QcGOFPBwlKrUzcdK2bL5bh69uE44Kn_7dtJtZ4JDE8OdblEPjfGP0EP9FHxgyHOpuk83hY3w5S0pg9H6iOM7AlY5Xl_ohyCwcpXFUk04Cl_bLjEYRzLk29eiCKK22JU0b8M1woIFFuoeOr-4IVkl3-pTA3Ra57rI8Shacl3H08RB7rQtiXAKDCO7degV2EJEgPeeSukm12FJk9yw-FFUg7VBCgm_9f5bjMO4jJ7-yUuWmWij-oloDhXwj-QmASJKteLurhotkuzfGvozf_aUcX0_Q1tz1lVy7q3pJ54DpqLlvJujsTq33SLD2XmAa8SZvjRUGZJKfM_hmg-mJeOlxOj-tjN1fji1TNVTngegQImcexOGmDDrjTisc8UeEBrfwpywrc054iEqC8WW_OI7cksv14Jud-UOFIu0rPf9exaHSzbeEChC7H2UzsYt9eqByXf7V7f0Uyb7ocT9eKpqEJXlB7IcuiS091UVWqn3sGxRhu5rJ2ALCVQv6JwlvIqbPMSArxVhx6aOr8M3AnBR8h3-m7HtkZt2IpmLWpnZSCY9GUAF756AWkTfvc96UbYjpahcdwYDBLEoAC9tu0W49X6h79T-09tqETjtH5PQw1M2QV_wI01ZcwfO9hSS30GBgDmYz1lGOTdiWyw2W4QwAl0btJAoR6wLuduqZpq97nQI8Xv24kGD2FSowbnHP0EBlgwpxKOiDZOv7lVigyHJGkw-zOrPiYarsAve0ROTIL2rsPCWrjrTKkROQDiwdy9LllCMl8VtEFOsLq3m-jpdpT-O77tpyh-XJkURM3K0VLB_QF53NWKIg-QaWA1nCOjD4D6Ib0D--2W58zxIWEXt0OR4KYR6Z7IL1ePnSp1uqT8mfV4B2TfS-JQXc74ZjLbIhr3Se_YGgvKOfshDXsJ8-pTYgRedU-6U1XF1ZxavARjxLEm9exh5NYt344nSSgM6PUwjtbED2Dz7vq7hVtSV-Ir384uJjEtvzQMTAow4C6nspMgzFSmYBsG_KfS30BxvipAWOKQ-iFaq54DevF7NN6q6Cw2mLF-cgAvp-VCOz2v1OmwaXLe_7uGm4MBm9uf5Rq69TAaaLUzPQUC3nHnZN8aRr0kSlpW-LoCM1HGtGkXzt0oVzaJLLfAwGb45FZkPZMqwQKUgKvejsea-U5lzdmTPl0dk4_kvYvFZIavszHFiYwNZAdg_blCiEqlmB8yly4j_ed-9tRuRmPiGpKvlQNC_ovJ-7g5LLtsuZjQUmtra2vawNg6LIauVte3QJ4QIYy6TKCJjj4fnfUlsWI-cMWkRDyheOpnv0rOAs&cid=CAASEuRo14ejpJQF4sZENfKyl-O5YA&rfl=2%2Chttps%253A%252F%252Fleviatanscans.com%252F%240

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

91298475a2b34efd8e78ce2169f4d6eee3c4a067cdec1a379a5e8a96b26b4d09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8913
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dcmads.js Show response
fw.adsafeprotected.com/rjss/www.googletagservices.com/829650/57301876/dcm/ Frame 2629 229 KB
76 KB 163ms
63ms Script
application/javascript 34.241.165.231
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/www.googletagservices.com/829650/57301876/dcm/dcmads.js
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.165.231 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-165-231.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a9c873e1a5c6c0e31103888c1f6ca5e902303d00ce9d2862ca8fa8c1dd66163f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:20 GMT
content-encoding: gzip
x-server-name: app10.ie.303net.net
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame 2629 47 KB
14 KB 150ms
56ms Script
application/javascript 63.32.41.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=10933&advId=18517273&campId=47474512&pubId=1&chanId=705080160901&placementId=381113010&dealId=&adsafe_par&impId=ABAjH0gqnq5-HIm6J1pA9mw4fltd&bidurl=https://leviatanscans.com/mx
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.41.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-41-216.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6a53d94e4dae3c762a479c5eab42863daaffbfb81e8d587c49cb17f9cb4c486e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:20 GMT
content-encoding: gzip
x-server-name: app28.ie.303net.net
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 2629 2 KB
1 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:07:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:07:29 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2629 119 KB
36 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:11:20 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 2629 15 KB
6 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:01:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 591
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:01:29 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2629 42 B
63 B 73ms
72ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AtdE5VkL3J6qCsi8KBpNUf-97wAE9qr9ygeTnsA1z62qnjzo6x26EB1shnl8qYMfvvTOptsKRAaxxvJJNc_GewtXw3tBJDBTwyJWg21uP1Vdrn7U0

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 3A7F 0
0 82ms
82ms Fetch
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C2GWFF8zNYanpK-Wj7_UP1beegAymt6TbYd2Oo_nKDMCNtwEQASAAYLuGgIDQCoIBF2NhLXB1Yi00NTczMjMxNTUwMzU1MjIxyAEJ4AIAqAMBqgT9AU_QUvZ5IAbR6YbITR7piWE7WqdVbvE3pRJpl9DdzjFAStFp6yUIuXUbz4ye94OhT5PN7ckt6hPL3Y_ebn0jcR9BEujiWeoRnGFxtwX8KUsxZU0Fp8c6EP3ql4uRc4VD-lRX1OZUkYXTlwF1m1iGlSi5bFsr7UkfRMo1ePm1WmLWgnt9zpkedv8JKSBdQFr8sT2wlkpiRqimC6HyivCP54XsCp5vKOcLhU9Z1_grwdcOD6kUEeyjZY-3aoiQIEq-M9m54lqVru3LHaID4g4K_Qrt2rz-U-bPXsS2ReSIAS_A6hv2YZiqcalV51eNnuJ-LMFj-HPH-3VWG0uui2HgBAGABsLOtdiOyqP_4AGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfIIG2FkeC1zdWJzeW4tNzEzOTQ5ODgwNDI4MzQ2MIAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi00NTczMjMxNTUwMzU1MjIxGKuRcA&sigh=GWa4NnWHCG4&uach_m=[UACH]&cid=CAQSPACNIrLMGxnEJzevsTJTnO3F5G0QPz8vgrAkhw-Tg_Y1Dign-fNwUS8v0QhUHrbZSDNQh-2UtYAp_HmWgxgB
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H2 200 log
hblg.media.net/ Frame 3A7F 35 B
0 154ms
44ms Fetch
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hblg.media.net/log?logid=kfk&evtid=l1log&ctr=8.639868610771373E-5&app=0&cc=GB&viewability=63&device_id=4&cbdp=0.01&slotVisibility=2&dn=leviatanscans.com&acid=Yc3MFwAL6foH_YLf7gXoTQ_1&ugd=4&size=930x180&pvid=9&csip=rtb-common-58f94576b-w2cnn.BE&ogbdp=0.01&prvReqId=45227043571372_2088945112_684782597391&itype=ADX&requrl=https%3A%2F%2Fleviatanscans.com%2Fmx&scrid=1700080787652500930018000000500&mang=1&bidrestime=1640877079816&cid=8CUX271X2&rme=nurl
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-93.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.35.v20201120) /
Resource Hash

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:20 GMT
server: Jetty(9.4.35.v20201120)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Thu, 30 Dec 2021 15:11:20 GMT

GET
H/1.1 200
OK log
qsearch-a.akamaihd.net/ Frame 3A7F 35 B
0 164ms
44ms Fetch
image/gif 2.16.186.67
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://qsearch-a.akamaihd.net/log?logid=kfk&evtid=dmmra&ckfl=0&lper=&app_type=adx&bdr_typ=2&ss_d1=0&ogerpm=0.0000&ss_d2=0&stid=&other_prv=9&jar_err=&current_day=4.0&adtyp=0&req_id=Yc3MFwAL6foH_YLf7gXoTQ&bd_m3=0.0000&dmm_d36=NA&bidfp=0.0100&bd_m2=0.0000&bd_m1=0.0000&ugd=4&dim10=false&predicted_wr=36.3554&exp=&second_bidder=*&search_res=80&floor_bucket=0.00&seat=&size=930x180&url_l1=mx&f_seg=&prdp=0.0100&local_wr_url=0.0000&ogcbdp=0.0100&dfpbd=0.0100&server=1&ogerpm_wd_bkt=0-1&model_version=202112291357_generic_adx_2-_0&viewability=0.6300&dmm_r=0.3370&cut=0&dmm_l=0.0030&as_cache=1&tcyerpm=&sc=England&send_erpm=true&dmm_m9=0.0000&sd=1&hb_exp=&seg=&dmm_m4=0.0000&erpm_bucket=0.00&ugd_ver=&requrl=leviatanscans.com%2Fmx%2F&bidrestime=1640877079816&cc=GB&strg=harmony&ss=&current_hour=14&time_stamp=2021-12-30+15%3A11%3A19&model_key=generic_adx_2-_0&rvshhon=&mul_ratio=0.0000&bdp=0.0100&ct=manchester&akey=&mnckfl=0&bdp_bucket=0.00&algo=default&dc=eu_be&splid=&dim4=exploration&dn=leviatanscans.com&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F96.0.4664.93+Safari%2F537.36&bdp_wider_bucket=1&acid=Yc3MFwAL6foH_YLf7gXoTQ_1&infl=1&o_ver=NT+10.0&br_ver=96.0.4664.93&bdmm_m6=0.0000&bdmm_m7=0.7510&bdmm_m5=0.0000&ver=8.6&totalTimeBucket=2&visibility=2&totalTime=2534680&dmm_m1=2021-12-30+15%3A11%3A19.817732356&e_rpm=0.0100&dmm_m22=0.0000&gdpr=&vsid=&log_less=false&ogerpm_used=false&bdmm_m12=0.7510&cid=8CUX271X2&rawbid=0.0100&sub_bidder=0&pbshr=100.0000&dmm_d10=0&o_id=101&clisp=rtb-common-58f94576b-w2cnn.BE&dfp_bucket=0.02&adblk=2354234553&itype=adx&pvid_seat=9&cliIP=1508806144&advurl=topics.businessfocus.online%2F&level_base=0&crid=684782597&sat=1&br_id=265&cut_bkt=1&iwb=1&dmm_d22=0.00&second_bid=0.000000&sc_pvid=9&capd=1&other_bids=0.01
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.67 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-67.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.35.v20201120) /
Resource Hash

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:20 GMT
Server: Jetty(9.4.35.v20201120)
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Thu, 30 Dec 2021 15:11:20 GMT

GET
H2 200 nmedianet.js Show response
contextual.media.net/ Frame 3A7F 133 KB
45 KB 329ms
78ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/nmedianet.js?cid=8CUV8TI79

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e6b629a70cfd4ff3831c27fda3071db00a1988b5b011b782d248787fb0039735

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-mnt-h: 10-6
content-encoding: gzip
server: Apache
etag: "a2de9cf4f7838f387a4eba2613899eda"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
date: Thu, 30 Dec 2021 15:11:20 GMT
strict-transport-security: max-age=604800
x-mnt-w: 8-10
expires: Thu, 30 Dec 2021 15:16:20 GMT

GET
H2 200 adperformance.js Show response
warp.media.net/rtb/resource/ Frame 3A7F 0
85 B 165ms
64ms Script
text/plain 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://warp.media.net/rtb/resource/adperformance.js?v=35e90bcdc8

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=604800
cache-control: max-age=2592000
server: nginx
date: Thu, 30 Dec 2021 15:11:20 GMT
content-length: 0

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 3A7F 2 KB
1 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:07:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:07:29 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3A7F 119 KB
36 KB 73ms
72ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:11:20 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 3A7F 15 KB
6 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:01:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 591
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:01:29 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 3A7F 22 KB
7 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 10:10:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 104465
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 29 Dec 2022 10:10:15 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 32CC 624 B
297 B 50ms
50ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CICfxAEQifXSkAIYp_fQkQEwAQ&v=APEucNWSWpS9cqTgB9_h-Pb0RvqhsM7uRtcyqdCxOrwfxEVDFuMn_3nZlrbiEeULc41PhGmzdEXJkH4vnIsHkWz8vHz241O66t2GfJ9VV7WsMhlGaM78XOorSWwLQLPqG0NbXXqk3X2n0hBV7R9YPktR8hHhH7mEp4VRVaVdmdWhcsTkaWg6A2Y

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 30 Dec 2021 15:11:20 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame EADB 72 KB
30 KB 77ms
77ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CN7Y2J2WzfC6iUx4tVrHuWlLJtDaS3u8GczQn-Bc-usklq0fCLiFpeMkfzIDo6gXkCNffBaUPO-Xs1uQZrkj7AMjLNtM0bLn-Y04k7rQTz9-VZ2WUhPNeBaE2ZuUuIluvMmiH0ioUo1uIcGIadS9dPmg5RLw&dbm_d=AKAmf-AifJKIPjB4NNAjVJUx0dB_j8J1Fe2C4hUjr0qrxi_IbisEMKFNaTLh3NU9HkNdJLTRe9qLXIoZsjfL-iF-qk-xSeKVkqKYB7UpkNkfjgL9ZW2CHdP6i7Ub3wmN-YHD6Xf7v_QY_LGtV_N9NLQvjzpNxErj4eLvvqF3UsPumGkCarYYt3x7wnQKbXQagk3sHg06nS2tkEGzCHRff60O37kZa7pBLziSXHj_sVNq6oYkjQ0s5EV24yCImkhtFejWPTPl7e5Jzn5NNqTpyi4fI7Vsfi-uVp-Fp58XbLYnlfJpU6cOPl5eBOR4e6crremQWUQELMiBOOh1YA6wTJesvnkni9ZH-ErqRkIDr6m36ds6zfE26Oo6p4o4-yYschWmlmCHOBySjpYt2ag9i3FwucP5IacVFGVYilVHJehfTKrv9Gt_ioUl-BYeNicP-Qc8hEpZFl5icdY2DSSey1A5pH7WBWrmmYAic9xiEGXyoli7kWVTEysyugrLJ9P_jWhkUeHAGSBX54Y6ZvZW-zK1RWW3GNqHcIXLxWc11vIzSUcrWc7M6lmS5RFAbWMZvQUTTtACmRzEozuv3IKGPHJUJtYHEJFFkASECN9oKIOatNJtkYWUBk5_w6FUQ-pdz2hMgWpK3uNpJOiMgjtiiGpdpyXd95UfcPL6yC9wJpAzcMYAh6KtHS6sZoSUL8RIW1rlx0UyXa6QL2jckIfaiX1zVHX1B9ZfM6ZD4J89fth5bZji4oBW2rpwSG46MJskYNI49dqL3bgOR4d95-RcYptPfGuEiMl6KDdx8gMyT-5MOsbhNK3s2cKmFLHA7qowFfcRStswZHi_--DEAaPj4M1GkbchAyFzIb_pxhEDHLAYlBzI_yfe20d2aXBOgrEVa3J684SlSwY6BuxkyUY4_W6gUmbrGljzIn-f1pCtfuskWULQD4rOri2qbx3H-SJ6dpbjkgbN5I04osiZLSP3VDP25HdPRQhHvA8a5f5svPItj1fr1ezVPZBs8aPd8X0ACfqCYt42Mrh6S4ZKdfM4ew_vx8WxMzcTVsZOOPv7Ie-SOfF62S23NbxOe0laKHbCov_ARD86wqWdpkOVXOuzj3drMqanI6bRIceMpy3acRpBaObHM1_fnJuyec5_oCh791NaBXtoeEZho6t1V5qJczMKtsAIl9wjzP13BPdbcui3RS6bfmGblBM050HCM1lQ0MjsSVu1KSFkA8KpEwN07H_RbJa2GCM7Rmv6YzxQyCQ8ZJ6COwzhwlg0PbqXMSO3U4FgJe3ZlJi3hDPn5IVsrowveHFUz5LF0MOy_FKgjA77owkLZ7jR4uGhelRNqp8fP8kdM-o_Zub3nYr0azsYL6LTGxeqTv3ThOtwQjoOyCrPQ4Qy43jNJ5rLNOtpyk-lWkXaDoJ4s7RfI3cM_N-irMfURGNVOd4mx-LaKOHNmcVE5vw6aRQGM_jRfjdev1ZGYwPzgoGzFGRyf74nRbrYJofs-O-O7vhFJfsRbJWxtxMdYFtGpNGRRcwEeSXyfhe50XP_GLW3FT9JF2dk5FNSsHjnSMV2-SR1Q89YIgtvCKvbYyrpwY2muHlHK5LHrhs05XrupwdyZuQ5Qtn6zEjrKD3Gc3BZ1bvqVp4o0ODQ1-wryaVujWLedK-goVaJrKSIDpPRd0T85o5Rvpql_Kd53Z1DETrgr889GUwuy7_JzOnItcJqM_8UaPjOacrltUAG7PZf1N7abrc17-LUCq4Urs08L--yvFx2Dntv2Lomcp2hEgCQKNbWDVkE2am2kPE1EPKKhLZr6ljPo6BZ9qJV2Vv1Em957Q4tT9SHdmFO0FQWTeG7eysNgHgLjb_keP2x4cZ1nZQRgW8BDC1t1VpTcxHi_kPImvuFsuJdMRZ_4K1msuOuMSnfRlmXoN17VeAjLIjmSDZg6_PtkmrKeHGpTRFvOdbUaX57eULlM5moGQdejbDnQ9ogbJX5Fl82dZLNMvdZMeU2LHDs5lGN3cay0r69SAVwTewUcmMzVjro20PiqD6SsY3CWV8NjG2FoIRcLR6WeU2kovU96c1I9KxE9AzBE506MElRSPrTjDCmoekcdn34nnfmegD3wSNAk2X9fPmJfo8U94QPpclT-_OSFEaR8p6rcdOxxkZLvJ1RWJ6wStlz-2EZw9DjkenRXFKWwM55E1P2tkXltIOU5kX8Uxl1mXK7kkgq3juGRxbFiSvxlE0zD8VQFjmqSuKbcHEqEXaGc7a2Mvvc1OdbFJXG2tdU92Ec8jPCZLYS-CJ8fJBe1jexVOrYY0h1VhZQYq7KmDE4C6MdDt_pgue0P3e8IndquneS4NlBqeDifR1JwHPkRxB59nElAxszs0RVIEclOKL4Z-YVckt1NMVJ3WNW_lMgwis0UAwl_a7i1tfBwz8z-krMOf-MiIqMvcoLmveSjS2RI-o3_EEKw4Z2-ZVixNJmRHIEiCb5RExwLBY_DxLrUSOeazplqXld6rPwuVDvaTX_oa45b9ejdUP4DIz3NfK5K0F48fC9tLGaupH77C1WYW1GU9zitc8lio0yKD32-fYrc7qGsgrpxImzOwCfWL9pJbHaHxcPMhAOqKXtivAZkxFETNf0APWcs53xCMdCVeQJM6lVcq67krmz8egyRsL6zFYTSEGkq3Gu63_MomEK-Fpeh_HLG2DUVqIS-OPTy4yumO782kr66la-uOPEMwKTrc2wnVtEybukXk1VcsjlBuKpY-sZAHwDuqT93k7DzDuIHQFL5QVyJ8wrsyuQXp19OdrLkNwf4EesvW8Demeo_tcCkXPmCo38meN76z62PakNoy5w1wG9Gviup0xngrGSSINVuxux4ljZB6Ke6rloVVhu1-P8qxmxumJcYibKM_bPfHPv8zNIFsrs1xwEu3epeyxKHNVudQTMmatad3SS6JmpHYYvfNsGv2JJ7cY9rrKhEXzU1xx9yDpO3LkWWodA_TbxP8hlf8V6e5HhPPho88mPYFGu10M&cid=CAASEuRoUQQldszK7Uf-ePjChe5pMg&rfl=1%2Chttps%253A%252F%252Fleviatanscans.com%252F%240

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c27e617cb9beb801b8aa19c3722ef99d2d7ffa673c0da1eb99241de2be87ec7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30241
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame EADB 42 B
63 B 73ms
73ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C6FCHpycu1cy5KjsTSKpqa4njazFMnLx8RJuozB0JiDSaI2-RGmGgcq24gMbs4EbRTK5anqzmjVJJkEYMaiGfq4kJMAh0saCJVhKqjxUjJg0bs0yk

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame EADB 2 KB
1 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:07:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:07:29 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EADB 119 KB
36 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:11:20 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame EADB 15 KB
6 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:01:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 591
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:01:29 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame EADB 0
0 51ms
51ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSJS4slS3hVlkvQIBHC3UFO86_a7faM1pN7kHbWsPb8tw3XfTv5hYkYPaAUzRHx_2gl2x2z_S_nbPFi3D3PUKex7CIJ9w
Requested by: Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

POST
H3 204 AGSKWxXN-0gFI-ahzPOcP2La72ZX8G4UDT4ewTFdw8-cYy1cHMGChvagNvN7g8z6HF8pzryEP5Ux53wSRRCeLUjeRgNilai2LgiOOQ6nSiiZ3FuL86klcgMGKFMeqkhV4UWcWtV0Zt60CZW-NOIP8R4JrmLWZhAbEBr64hgcoh71jF93nke_8HMHfplAxMZU Show response
fundingchoicesmessages.google.com/el/ 0
26 B 59ms
59ms XHR
text/html 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-FPwWbE3Vn3534Z0iGDJdiQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-FPwWbE3Vn3534Z0iGDJdiQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 30 Dec 2021 15:11:20 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://leviatanscans.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-FPwWbE3Vn3534Z0iGDJdiQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-FPwWbE3Vn3534Z0iGDJdiQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxXN-0gFI-ahzPOcP2La72ZX8G4UDT4ewTFdw8-cYy1cHMGChvagNvN7g8z6HF8pzryEP5Ux53wSRRCeLUjeRgNilai2LgiOOQ6nSiiZ3FuL86klcgMGKFMeqkhV4UWcWtV0Zt60CZW-NOIP8R4JrmLWZhAbEBr64hgcoh71jF93nke_8HMHfplAxMZU Show response
fundingchoicesmessages.google.com/el/ 0
27 B 55ms
55ms XHR
text/html 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-NuhSYblYpGnPIuFq1VsAgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-NuhSYblYpGnPIuFq1VsAgw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 30 Dec 2021 15:11:20 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorLoggingHttp"
x-frame-options: SAMEORIGIN
report-to: {"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type: text/html; charset=utf-8
access-control-allow-origin: https://leviatanscans.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-NuhSYblYpGnPIuFq1VsAgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-NuhSYblYpGnPIuFq1VsAgw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxUYhV3-V29p4FU2uEC30VyEZUdtu_KDWZq8wl2NiQDzRhEN5qssZIYx8IgO1A2CQv-mnT3oAR5BUgoI_o7TsHaHWnvkyoK4L4rivz-CBUKx6aNFh9UaI6B2uTP4ViVBRgF73kuSizwF5VzPANy84_efOOehHUJOVs7bNJCVrC9bWOQ5cGIKCRZg8d8s Show response
fundingchoicesmessages.google.com/f/ 38 KB
14 KB 75ms
75ms Script
application/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUYhV3-V29p4FU2uEC30VyEZUdtu_KDWZq8wl2NiQDzRhEN5qssZIYx8IgO1A2CQv-mnT3oAR5BUgoI_o7TsHaHWnvkyoK4L4rivz-CBUKx6aNFh9UaI6B2uTP4ViVBRgF73kuSizwF5VzPANy84_efOOehHUJOVs7bNJCVrC9bWOQ5cGIKCRZg8d8s?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjQwODc3MDgxLDMzOTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsMTAsNl0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLDEsMSxudWxsLG51bGwsMV0sImh0dHBzOi8vbGV2aWF0YW5zY2Fucy5jb20vbXgiLG51bGwsW11d

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

68e84c18a824bdd11a4deb974a1606e5782c9dacf6cb1c9d12909e6efab3c80d

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-edS+2LS8QXiBBWL9nEVzVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-edS+2LS8QXiBBWL9nEVzVw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-edS+2LS8QXiBBWL9nEVzVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-edS+2LS8QXiBBWL9nEVzVw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxXN-0gFI-ahzPOcP2La72ZX8G4UDT4ewTFdw8-cYy1cHMGChvagNvN7g8z6HF8pzryEP5Ux53wSRRCeLUjeRgNilai2LgiOOQ6nSiiZ3FuL86klcgMGKFMeqkhV4UWcWtV0Zt60CZW-NOIP8R4JrmLWZhAbEBr64hgcoh71jF93nke_8HMHfplAxMZU Show response
fundingchoicesmessages.google.com/el/ 0
26 B 55ms
54ms XHR
text/html 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-AvDuj30O2pXxAN19RlhNBQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-AvDuj30O2pXxAN19RlhNBQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 30 Dec 2021 15:11:20 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://leviatanscans.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-AvDuj30O2pXxAN19RlhNBQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-AvDuj30O2pXxAN19RlhNBQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3

200

logo-banners.svg
www.papayads.net/images/LOGO/
Redirect Chain

https://papayads.net/images/LOGO/logo-banners.svg
https://www.papayads.net/images/LOGO/logo-banners.svg

90 KB
18 KB

97ms
97ms

Image
image/svg+xml

2606:4700:3037::6815:135b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.papayads.net/images/LOGO/logo-banners.svg
Requested by: Host: www.papayads.net
URL: https://www.papayads.net/clnt/leviatanscans/v2/adtags.css
Protocol: H3
Server: 2606:4700:3037::6815:135b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 94c3b7aef4f2ff7f46aa44ee6959cd1420a433a41e70bd8d901322c895752468

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.papayads.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 08 May 2021 18:30:14 GMT
server: cloudflare
age: 5143
etag: W/"16733-5c1d5bc3fc3ec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4BV2Bhu2ZeW%2F4b54kwQlpYunSTCdlJSPaVjh0plR%2BVOXIkYrjSwm6zu18EN2h35PmBLcbsh8i0JUfqXhgMJFOIClq0VOVMbwSXfkUQopXtvEdEeOx9QmPaZSJGEgX%2BVucd8CKtNGAvlwa7%2F%2B2YST"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6c5c333a189659d7-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

date: Thu, 30 Dec 2021 15:11:20 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1190
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jd7eUMfbRrOmEMqrhMcQN8DEVP9M2WELpEg3V0jDco4pRuHURUCmdD%2Fm4J8eRJeGOB%2FHZKNqzGEg9P77m32Wc8JFhnDKoUIg557ypksMmWlqiAsQwFzCSntZ3YmBq8IzyBKqHP7uyKtp4aY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
location: https://www.papayads.net/images/LOGO/logo-banners.svg
cache-control: max-age=14400
cf-ray: 6c5c33399f4b59d7-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2C80
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMn61Oo_k9KG0sXGVcoPcuo&google_cver=1

43 B
1 KB

98ms
57ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMn61Oo_k9KG0sXGVcoPcuo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRDwoIKyAhiypd21ATAB&v=APEucNWH90TZd64nmVsyAU39lqGxwWC5nqlTOS8D8nIxGO_zm7nWjMbYAUw1dkjSym1f_P3B9WK40l-zt4qSAKRQe6ERzzsr-_ge79uLJlfJQwi9VIQgDsE3bbyj_myAK-6rIj7_WrH8mLVc7UAEIANy7FPtImODeyB2z4TYSiVwDtdAX7EUMIw
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:20 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 30 Dec 2021 15:11:20 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:20 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMn61Oo_k9KG0sXGVcoPcuo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2C80
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yc3MFuip2E8Nf8xyJABULgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMn61Oo_k9KG0sXGVcoPcuo&google_cver=1

43 B
1 KB

101ms
101ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMn61Oo_k9KG0sXGVcoPcuo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRDwoIKyAhiypd21ATAB&v=APEucNWH90TZd64nmVsyAU39lqGxwWC5nqlTOS8D8nIxGO_zm7nWjMbYAUw1dkjSym1f_P3B9WK40l-zt4qSAKRQe6ERzzsr-_ge79uLJlfJQwi9VIQgDsE3bbyj_myAK-6rIj7_WrH8mLVc7UAEIANy7FPtImODeyB2z4TYSiVwDtdAX7EUMIw
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:20 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 30 Dec 2021 15:11:20 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:20 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMn61Oo_k9KG0sXGVcoPcuo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 2C80
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEAQl4paZ2otjzoREW8vEu-g&google_cver=1

43 B
1006 B

49ms
49ms

Image
image/gif

37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEAQl4paZ2otjzoREW8vEu-g&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRDwoIKyAhiypd21ATAB&v=APEucNWH90TZd64nmVsyAU39lqGxwWC5nqlTOS8D8nIxGO_zm7nWjMbYAUw1dkjSym1f_P3B9WK40l-zt4qSAKRQe6ERzzsr-_ge79uLJlfJQwi9VIQgDsE3bbyj_myAK-6rIj7_WrH8mLVc7UAEIANy7FPtImODeyB2z4TYSiVwDtdAX7EUMIw

Protocol

HTTP/1.1

Server

37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:20 GMT
X-Proxy-Origin: 89.238.142.213; 89.238.142.213; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 272bff71-1293-4e7d-bad3-50f75193e2cd
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:20 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEAQl4paZ2otjzoREW8vEu-g&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2C80
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzc5NjM1NjQ4ODM2ODI0MjUwMw%3D%3D

170 B
188 B

51ms
51ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzc5NjM1NjQ4ODM2ODI0MjUwMw%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:20 GMT
X-Proxy-Origin: 89.238.142.213; 89.238.142.213; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 643dd53b-44c1-4ace-8e0e-9e128bca4cc7
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzc5NjM1NjQ4ODM2ODI0MjUwMw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2629 41 KB
15 KB 44ms
41ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C1Op8Wt-Hg9H9iWPlaTAkId0dPdrB2Asr8phFeRuitBHtRN8xZtDqkPYNfR71DELDH9rSn1IZnRJPPvE25jcx9H4dLfCbj6UsbgNBIpNSgRtbD0t_D-I8P6llla2pIPsu08tJZgYhfeehSD-h-2IVonK1nDg&cry=1&dbm_d=AKAmf-Bb849dll4wIcO5UtPfQnixaaNyRk_FvVwxwEEf53ISiA1Cz9Wh0HyRU4jHZymOF3HKx_wA4crGqTW7FwHsd98VrFbJkGrhyWKbsva7TpyqpQjmLyr0eYfVPAJInd7LsoCp0bPqw5BhXTBvQG-PKQuTT5rMdV2-JVQV2FTRLzWS2s-HOGZUAw0gfYuF6MSPElWtHBAgiNJFDdNzxT5RMlE7054NBr0du_QFjFeslTp2coJvIKZBnFZuE3u_ybJxN4a4OH3sB_jDZFhAkoGmTBb5BxKqJj4Gt1Mws-SjEvKSi09zPEbdHSSZjA0_ufCoCNslIYHqOr_5HGUHxYWzuG6zYXGO2F2j-HZGqjqp_DUZFx8_OeU-FG5A88LIZHBOH3Roj6BsqIsY1WDu2uPV8xie4RnCmXU67Rf-1iSmGFTtTIzjY2sHwEbf1l5KSSS2GbnehrLbUdH2sLWGKtkvyPqbSWO4PIk5TbyBgmB3DfewlV05XV1cdUHJ8PFKK-X6yI884dQwRW6QYtA-L9Qxj_reboQrbueIx_hBX_2ooqWEbPzPZYZJblXKHoGtKLrarkcUt8BoKLbI8E1BoFU7msAGcaknlkr_1ULHXD6xRhRLB9KKnUeAzLZ8jsS2SDK-tjSMN2SDGCTBt9U82DJQ1L4utBGQGf9TxinYIy60ruRyd6HdMmPRDuIvw2DXvMyNt32fH8QDFgNp4GLyGmdERK-r5xgLvSvv7P2V7CZGgdt0o8nlQezLNW-4u9B6_D03EwsqqRvm66H27uYZr1drxXOv0ZIwjvVnd2jE2rU5hRBJFoC-N3u7aSJbKE3Z7Rl5iWE-h-TSiSnzvTqp8ABQGH8n5z9pEsJ6BVZRRVX7WlSYXgaOyoKIrnH_KXMSccSB2bzGmRIMcjQwnDdSnyUt1o9fp6P7WMKnQwuGXzu5o1iJJ3VZyobxQ4buGqlc_jUfJzpuZV-chiRVfM0lfszQwaxC6qo4xBk2YroMpZRe_I98ZCdqDQPQUBeiLxPlhSxLe94zlT6bSeSwm61IRE9uBgWInCoP7W_QSBMCalexsyLqbMqu7NrUkbrZzrZPAd-bZ5M_LrI8w8L8CfTg1S7PR4zxLMVyqMOgQQtVSLbb14slbUp7s36mzRNlsY6hWyv4u1Nkcj8NSmEKBEc8h7wpAQUt2lnilflDNtOuiAJznPi9P71hvU-qDqj0-AAW5CkO-5ARlATKlDIKIiLCz4OKWz7TKKKIPyb1_nOV_tB84FkWcGsZ_KGS3M8krSRK7KSYVcndWluNE1XzL-i7p5xZHNk9oOttX4uqOIsWqGJc4xIwvWOfm84kxSNtSRDu2cY0YcrG8ukjajUrr9hZihI1aICXZVZN5Y5quuDBhRXemaegNr6Nx1Ecd4wYj3FcN4z2TIvyJd5D4oTxi82TesfF7U_Ik1epYmwKwinkwAr2wAyb2D_yS1glA4m0IaotvRv6S-WofUZmwTUPsV1J1a8CejH7EyYoamKgKu5k0iXvMHQ2oKEl690_DyHJddiuv-QO8zF4r9GBpbqa_2xVI7QeTsaMS41XsmfUifhGaXI3UFWeb7hqdoW8O0j5MbXc0pMw4kiUXvAvda-XtWq9jIgHzuzU3W24oGyNW2lRwqStI1uUkF8Gg_YuEv-CMRtw86pDaBsaRvpSq-_dtYoDOkfaCIU57EKmT_CTp09J3CdsYvIvKV7BSig2DS8_Mc2mu7fWMdifOBkXDhePWlpVdz38J8d1TrrtqTc559qYbLzh03-m3myA79DBSu0T5p4tPek5AVa8UScPyKHtet_hjwcV0ScKb0xcdJ1bG0LrqnQ5rgePRUjb7FJqB4PcKijk80ee76bR3U726Y_SoDVD23CaeP8PYgK9xppniK9QcGOFPBwlKrUzcdK2bL5bh69uE44Kn_7dtJtZ4JDE8OdblEPjfGP0EP9FHxgyHOpuk83hY3w5S0pg9H6iOM7AlY5Xl_ohyCwcpXFUk04Cl_bLjEYRzLk29eiCKK22JU0b8M1woIFFuoeOr-4IVkl3-pTA3Ra57rI8Shacl3H08RB7rQtiXAKDCO7degV2EJEgPeeSukm12FJk9yw-FFUg7VBCgm_9f5bjMO4jJ7-yUuWmWij-oloDhXwj-QmASJKteLurhotkuzfGvozf_aUcX0_Q1tz1lVy7q3pJ54DpqLlvJujsTq33SLD2XmAa8SZvjRUGZJKfM_hmg-mJeOlxOj-tjN1fji1TNVTngegQImcexOGmDDrjTisc8UeEBrfwpywrc054iEqC8WW_OI7cksv14Jud-UOFIu0rPf9exaHSzbeEChC7H2UzsYt9eqByXf7V7f0Uyb7ocT9eKpqEJXlB7IcuiS091UVWqn3sGxRhu5rJ2ALCVQv6JwlvIqbPMSArxVhx6aOr8M3AnBR8h3-m7HtkZt2IpmLWpnZSCY9GUAF756AWkTfvc96UbYjpahcdwYDBLEoAC9tu0W49X6h79T-09tqETjtH5PQw1M2QV_wI01ZcwfO9hSS30GBgDmYz1lGOTdiWyw2W4QwAl0btJAoR6wLuduqZpq97nQI8Xv24kGD2FSowbnHP0EBlgwpxKOiDZOv7lVigyHJGkw-zOrPiYarsAve0ROTIL2rsPCWrjrTKkROQDiwdy9LllCMl8VtEFOsLq3m-jpdpT-O77tpyh-XJkURM3K0VLB_QF53NWKIg-QaWA1nCOjD4D6Ib0D--2W58zxIWEXt0OR4KYR6Z7IL1ePnSp1uqT8mfV4B2TfS-JQXc74ZjLbIhr3Se_YGgvKOfshDXsJ8-pTYgRedU-6U1XF1ZxavARjxLEm9exh5NYt344nSSgM6PUwjtbED2Dz7vq7hVtSV-Ir384uJjEtvzQMTAow4C6nspMgzFSmYBsG_KfS30BxvipAWOKQ-iFaq54DevF7NN6q6Cw2mLF-cgAvp-VCOz2v1OmwaXLe_7uGm4MBm9uf5Rq69TAaaLUzPQUC3nHnZN8aRr0kSlpW-LoCM1HGtGkXzt0oVzaJLLfAwGb45FZkPZMqwQKUgKvejsea-U5lzdmTPl0dk4_kvYvFZIavszHFiYwNZAdg_blCiEqlmB8yly4j_ed-9tRuRmPiGpKvlQNC_ovJ-7g5LLtsuZjQUmtra2vawNg6LIauVte3QJ4QIYy6TKCJjj4fnfUlsWI-cMWkRDyheOpnv0rOAs&cid=CAASEuRo14ejpJQF4sZENfKyl-O5YA&rfl=2%2Chttps%253A%252F%252Fleviatanscans.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 14:56:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 173674
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Dec 2022 14:56:46 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 32CC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMn61Oo_k9KG0sXGVcoPcuo&google_cver=1

43 B
1 KB

132ms
60ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMn61Oo_k9KG0sXGVcoPcuo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICfxAEQifXSkAIYp_fQkQEwAQ&v=APEucNWSWpS9cqTgB9_h-Pb0RvqhsM7uRtcyqdCxOrwfxEVDFuMn_3nZlrbiEeULc41PhGmzdEXJkH4vnIsHkWz8vHz241O66t2GfJ9VV7WsMhlGaM78XOorSWwLQLPqG0NbXXqk3X2n0hBV7R9YPktR8hHhH7mEp4VRVaVdmdWhcsTkaWg6A2Y
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:20 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 30 Dec 2021 15:11:20 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:20 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMn61Oo_k9KG0sXGVcoPcuo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 32CC
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yc3MFuip2E8Nf8xyJABULgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMn61Oo_k9KG0sXGVcoPcuo&google_cver=1

43 B
1 KB

57ms
57ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMn61Oo_k9KG0sXGVcoPcuo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICfxAEQifXSkAIYp_fQkQEwAQ&v=APEucNWSWpS9cqTgB9_h-Pb0RvqhsM7uRtcyqdCxOrwfxEVDFuMn_3nZlrbiEeULc41PhGmzdEXJkH4vnIsHkWz8vHz241O66t2GfJ9VV7WsMhlGaM78XOorSWwLQLPqG0NbXXqk3X2n0hBV7R9YPktR8hHhH7mEp4VRVaVdmdWhcsTkaWg6A2Y
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:20 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 30 Dec 2021 15:11:20 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:20 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMn61Oo_k9KG0sXGVcoPcuo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 32CC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEAQl4paZ2otjzoREW8vEu-g&google_cver=1

43 B
1006 B

46ms
46ms

Image
image/gif

37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEAQl4paZ2otjzoREW8vEu-g&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICfxAEQifXSkAIYp_fQkQEwAQ&v=APEucNWSWpS9cqTgB9_h-Pb0RvqhsM7uRtcyqdCxOrwfxEVDFuMn_3nZlrbiEeULc41PhGmzdEXJkH4vnIsHkWz8vHz241O66t2GfJ9VV7WsMhlGaM78XOorSWwLQLPqG0NbXXqk3X2n0hBV7R9YPktR8hHhH7mEp4VRVaVdmdWhcsTkaWg6A2Y

Protocol

HTTP/1.1

Server

37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:20 GMT
X-Proxy-Origin: 89.238.142.213; 89.238.142.213; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 4ac41d77-9f2b-47bc-920c-22f9f80e74b2
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:20 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEAQl4paZ2otjzoREW8vEu-g&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 32CC
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzc5NjM1NjQ4ODM2ODI0MjUwMw%3D%3D

170 B
188 B

51ms
51ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzc5NjM1NjQ4ODM2ODI0MjUwMw%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:20 GMT
X-Proxy-Origin: 89.238.142.213; 89.238.142.213; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 22be27b9-5fdb-43f1-8b9a-929e29c9b1d8
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzc5NjM1NjQ4ODM2ODI0MjUwMw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame EADB 106 KB
38 KB 162ms
41ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
Origin: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 14:56:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 874
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 31 Dec 2021 14:56:46 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame EADB 8 KB
3 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CN7Y2J2WzfC6iUx4tVrHuWlLJtDaS3u8GczQn-Bc-usklq0fCLiFpeMkfzIDo6gXkCNffBaUPO-Xs1uQZrkj7AMjLNtM0bLn-Y04k7rQTz9-VZ2WUhPNeBaE2ZuUuIluvMmiH0ioUo1uIcGIadS9dPmg5RLw&dbm_d=AKAmf-AifJKIPjB4NNAjVJUx0dB_j8J1Fe2C4hUjr0qrxi_IbisEMKFNaTLh3NU9HkNdJLTRe9qLXIoZsjfL-iF-qk-xSeKVkqKYB7UpkNkfjgL9ZW2CHdP6i7Ub3wmN-YHD6Xf7v_QY_LGtV_N9NLQvjzpNxErj4eLvvqF3UsPumGkCarYYt3x7wnQKbXQagk3sHg06nS2tkEGzCHRff60O37kZa7pBLziSXHj_sVNq6oYkjQ0s5EV24yCImkhtFejWPTPl7e5Jzn5NNqTpyi4fI7Vsfi-uVp-Fp58XbLYnlfJpU6cOPl5eBOR4e6crremQWUQELMiBOOh1YA6wTJesvnkni9ZH-ErqRkIDr6m36ds6zfE26Oo6p4o4-yYschWmlmCHOBySjpYt2ag9i3FwucP5IacVFGVYilVHJehfTKrv9Gt_ioUl-BYeNicP-Qc8hEpZFl5icdY2DSSey1A5pH7WBWrmmYAic9xiEGXyoli7kWVTEysyugrLJ9P_jWhkUeHAGSBX54Y6ZvZW-zK1RWW3GNqHcIXLxWc11vIzSUcrWc7M6lmS5RFAbWMZvQUTTtACmRzEozuv3IKGPHJUJtYHEJFFkASECN9oKIOatNJtkYWUBk5_w6FUQ-pdz2hMgWpK3uNpJOiMgjtiiGpdpyXd95UfcPL6yC9wJpAzcMYAh6KtHS6sZoSUL8RIW1rlx0UyXa6QL2jckIfaiX1zVHX1B9ZfM6ZD4J89fth5bZji4oBW2rpwSG46MJskYNI49dqL3bgOR4d95-RcYptPfGuEiMl6KDdx8gMyT-5MOsbhNK3s2cKmFLHA7qowFfcRStswZHi_--DEAaPj4M1GkbchAyFzIb_pxhEDHLAYlBzI_yfe20d2aXBOgrEVa3J684SlSwY6BuxkyUY4_W6gUmbrGljzIn-f1pCtfuskWULQD4rOri2qbx3H-SJ6dpbjkgbN5I04osiZLSP3VDP25HdPRQhHvA8a5f5svPItj1fr1ezVPZBs8aPd8X0ACfqCYt42Mrh6S4ZKdfM4ew_vx8WxMzcTVsZOOPv7Ie-SOfF62S23NbxOe0laKHbCov_ARD86wqWdpkOVXOuzj3drMqanI6bRIceMpy3acRpBaObHM1_fnJuyec5_oCh791NaBXtoeEZho6t1V5qJczMKtsAIl9wjzP13BPdbcui3RS6bfmGblBM050HCM1lQ0MjsSVu1KSFkA8KpEwN07H_RbJa2GCM7Rmv6YzxQyCQ8ZJ6COwzhwlg0PbqXMSO3U4FgJe3ZlJi3hDPn5IVsrowveHFUz5LF0MOy_FKgjA77owkLZ7jR4uGhelRNqp8fP8kdM-o_Zub3nYr0azsYL6LTGxeqTv3ThOtwQjoOyCrPQ4Qy43jNJ5rLNOtpyk-lWkXaDoJ4s7RfI3cM_N-irMfURGNVOd4mx-LaKOHNmcVE5vw6aRQGM_jRfjdev1ZGYwPzgoGzFGRyf74nRbrYJofs-O-O7vhFJfsRbJWxtxMdYFtGpNGRRcwEeSXyfhe50XP_GLW3FT9JF2dk5FNSsHjnSMV2-SR1Q89YIgtvCKvbYyrpwY2muHlHK5LHrhs05XrupwdyZuQ5Qtn6zEjrKD3Gc3BZ1bvqVp4o0ODQ1-wryaVujWLedK-goVaJrKSIDpPRd0T85o5Rvpql_Kd53Z1DETrgr889GUwuy7_JzOnItcJqM_8UaPjOacrltUAG7PZf1N7abrc17-LUCq4Urs08L--yvFx2Dntv2Lomcp2hEgCQKNbWDVkE2am2kPE1EPKKhLZr6ljPo6BZ9qJV2Vv1Em957Q4tT9SHdmFO0FQWTeG7eysNgHgLjb_keP2x4cZ1nZQRgW8BDC1t1VpTcxHi_kPImvuFsuJdMRZ_4K1msuOuMSnfRlmXoN17VeAjLIjmSDZg6_PtkmrKeHGpTRFvOdbUaX57eULlM5moGQdejbDnQ9ogbJX5Fl82dZLNMvdZMeU2LHDs5lGN3cay0r69SAVwTewUcmMzVjro20PiqD6SsY3CWV8NjG2FoIRcLR6WeU2kovU96c1I9KxE9AzBE506MElRSPrTjDCmoekcdn34nnfmegD3wSNAk2X9fPmJfo8U94QPpclT-_OSFEaR8p6rcdOxxkZLvJ1RWJ6wStlz-2EZw9DjkenRXFKWwM55E1P2tkXltIOU5kX8Uxl1mXK7kkgq3juGRxbFiSvxlE0zD8VQFjmqSuKbcHEqEXaGc7a2Mvvc1OdbFJXG2tdU92Ec8jPCZLYS-CJ8fJBe1jexVOrYY0h1VhZQYq7KmDE4C6MdDt_pgue0P3e8IndquneS4NlBqeDifR1JwHPkRxB59nElAxszs0RVIEclOKL4Z-YVckt1NMVJ3WNW_lMgwis0UAwl_a7i1tfBwz8z-krMOf-MiIqMvcoLmveSjS2RI-o3_EEKw4Z2-ZVixNJmRHIEiCb5RExwLBY_DxLrUSOeazplqXld6rPwuVDvaTX_oa45b9ejdUP4DIz3NfK5K0F48fC9tLGaupH77C1WYW1GU9zitc8lio0yKD32-fYrc7qGsgrpxImzOwCfWL9pJbHaHxcPMhAOqKXtivAZkxFETNf0APWcs53xCMdCVeQJM6lVcq67krmz8egyRsL6zFYTSEGkq3Gu63_MomEK-Fpeh_HLG2DUVqIS-OPTy4yumO782kr66la-uOPEMwKTrc2wnVtEybukXk1VcsjlBuKpY-sZAHwDuqT93k7DzDuIHQFL5QVyJ8wrsyuQXp19OdrLkNwf4EesvW8Demeo_tcCkXPmCo38meN76z62PakNoy5w1wG9Gviup0xngrGSSINVuxux4ljZB6Ke6rloVVhu1-P8qxmxumJcYibKM_bPfHPv8zNIFsrs1xwEu3epeyxKHNVudQTMmatad3SS6JmpHYYvfNsGv2JJ7cY9rrKhEXzU1xx9yDpO3LkWWodA_TbxP8hlf8V6e5HhPPho88mPYFGu10M&cid=CAASEuRoUQQldszK7Uf-ePjChe5pMg&rfl=1%2Chttps%253A%252F%252Fleviatanscans.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:08:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 172
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:08:28 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame EADB 24 KB
9 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:09:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 97
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9516
x-xss-protection: 0
server: cafe
etag: 14328493792227503680
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:09:43 GMT

POST
H3 204 AGSKWxUlG_guUZFAb-Zug9yv7OlcstmXJKAUEzKrN-5kvcQ5hRnXMpu2j2uQNyOs9v_Q28ST4S2RmegB6UpLX_SXERdFjPB68j2ZUvJcxKXpYgKDsAmQ3BKDn0CzT_hIJ3EEd39p9LCzhewWzUf-JXc_8cgZnanYVaHrUCWAJgsLSWQ_ZoyiDC6PBb6slYW9 Show response
fundingchoicesmessages.google.com/el/ 0
27 B 53ms
53ms XHR
text/html 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUlG_guUZFAb-Zug9yv7OlcstmXJKAUEzKrN-5kvcQ5hRnXMpu2j2uQNyOs9v_Q28ST4S2RmegB6UpLX_SXERdFjPB68j2ZUvJcxKXpYgKDsAmQ3BKDn0CzT_hIJ3EEd39p9LCzhewWzUf-JXc_8cgZnanYVaHrUCWAJgsLSWQ_ZoyiDC6PBb6slYW9

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingCookieRefreshClientJs.en_US.IK8TqyMANx0.es5.O/d=1/rs=AJlcJMzKVZ1DLNVebU4-5WTUxpqvfiGpRw/m=cookie_refresh

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-dBs3mW1w4iN4MuR2RUINLw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-dBs3mW1w4iN4MuR2RUINLw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 30 Dec 2021 15:11:20 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorLoggingHttp"
x-frame-options: SAMEORIGIN
report-to: {"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type: text/html; charset=utf-8
access-control-allow-origin: https://leviatanscans.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-dBs3mW1w4iN4MuR2RUINLw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-dBs3mW1w4iN4MuR2RUINLw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9370 22 KB
8 KB 41ms
41ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Tue, 28 Dec 2021 14:56:46 GMT
expires: Wed, 28 Dec 2022 14:56:46 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 173674
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H/1.1 204
No Content multitracking Show response
ghb.adtelligent.com/adunit/ 0
208 B 63ms
62ms XHR
text/plain 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/adunit/multitracking
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/455799/hbw_master_313926_10240.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://leviatanscans.com
Date: Thu, 30 Dec 2021 15:11:19 GMT
Access-Control-Allow-Credentials: true
Server: VertaMedia 1.0
Connection: Keep-Alive

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame EADB 41 KB
15 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 14:56:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 173674
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Dec 2022 14:56:46 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame D3F7 1 KB
751 B 41ms
41ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 30 Dec 2021 05:53:44 GMT
expires: Fri, 31 Dec 2021 05:53:44 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 33456
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame EADB 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dc301354349ed1e7a0e1f656393097d10991617bc77dc50a59eaa25c291f51af

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 track
servt.modoro360.com/ 0
70 B 115ms
115ms Image
text/plain 35.171.252.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://servt.modoro360.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=71326&t=1640877080&cip=89.238.142.213&sn=&tgt=0&osv=10&bv=96.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=6194e37dd64d962c3c046ac4&test=&aafaid=&proto=https&uid=1640877080009-991052717804-008490-003-006045&cha=0.7&stagid=6194e42745be0c7521582835&stplid=61992a63ecd4ee6f534beea5&d35=&d36=6.1.2.92&cb=51678316431&d9=1000&d37=realtime&AV_WIDTH=400&AV_HEIGHT=225&&ppid=6194e37dd64d962c3c046ac4&nid=60095c900c0799791c46d8d4&pcid=6194e38884e57b3ffd645344&ncid=6194e3a994b65d4a2859ae88&pasid=6194e3c51aa41b34db7b01e6&e=bid&cb=1640877081488&asid=6194e87a48e85727c24481a8%2C6194e86fac4cf11ed815a156%2C6194e86a33199e7e61076915%2C6194e7e8c0031b40a05f5ba6%2C6194e87548e85727c24481a6%2C61a8c2dff760b679ae3739ac%2C6194e87d8a4970280d4102a7%2C6194e882e723ed2e2c775ee6%2C61a8c2dff760b679ae3739aa%2C61a8c2dff760b679ae3739ae%2C61a8c2dff760b679ae3739a8%2C619e1be84bb44339121f7bc1%2C619e1be94bb44339121f7bd3&ofpr=%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C&fpo=%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.171.252.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-171-252-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:20 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3

200

dcmads.js Show response
www.googletagservices.com/dcm/ Frame 2629
Redirect Chain

https://fw.adsafeprotected.com/rfw/www.googletagservices.com/829650/57301876/dcm/dcmads.js?adsafe_url=https%3A%2F%2Fleviatanscans.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fleviatanscans.com%2F&ads...
https://www.googletagservices.com/dcm/dcmads.js

9 KB
4 KB

41ms
40ms

Script
text/javascript

2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c45a7b49c14477cd160a83d4ee1fb8c311e12314e042d0647c68bec62f16fe29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 14:38:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1956
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4486
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 19:29:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:38:44 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:20 GMT
x-server-name: app28.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://www.googletagservices.com/dcm/dcmads.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame CC48 80 KB
21 KB 155ms
49ms Script
application/javascript 2600:9000:223f:600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 18:55:08 GMT
content-encoding: gzip
age: 11477773
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 d4744f6f4cb683596fb4a26e59b2aba8.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA56-P5
content-type: application/javascript
x-amz-cf-id: jQAbob52elMuVpUQCmzTizSMWZ6a1aLFVN23JtDK4WMwER8eVIZgMQ==

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame FCFC 375 KB
124 KB 168ms
50ms Script
text/javascript 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=6194e37dd64d962c3c046ac4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92492a41ed7dbc02f64b8f399adef0bc87063f9011ea0dcf397d19a8d484bfa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126523
x-xss-protection: 0
expires: Thu, 30 Dec 2021 15:11:20 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2629 43 B
216 B 578ms
179ms Image
image/gif 54.218.141.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=829650&asId=7f758203-ffa9-0c64-25fb-f0ff712c7c9e&tv=%7Bc:yieeeG,pingTime:-3,time:88,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:320,h:50,t:31%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:88,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:31,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B81~0%5D,as:%5B81~320.50%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sT5D0M6+11%7C12%7C13%7C14%7C15%7C16%7C171%7C181%7C19%7C1a1%7C1b1%7C1b21%7C1b3%7C1c%7C1d1%7C1e%7C1f1%7C1f2%7C1f3%7C1f4%7C1f5%7C1f6%7C1g11%7C1h1%7C1h2%7C1i%7C1j1%7C1j2%7C1k1*.829650-57301876%7C1k11%7C1k12%7C1l%7C1m%7C1n%7C1o%7C1p,idMap:1k1*,rmeas:1,rend:0,renddet:IMG.us%7D&br=c
Requested by: Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.141.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-141-220.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
x-server-name: dt11.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2629 43 B
215 B 579ms
183ms Image
image/gif 54.218.141.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=829650&asId=7f758203-ffa9-0c64-25fb-f0ff712c7c9e&tv=%7Bc:yieeeH,pingTime:-6,time:89,type:i,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:90,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:31,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B83~0%5D,as:%5B83~320.50%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sT5D0M6+11%7C12%7C13%7C14%7C15%7C16%7C171%7C181%7C19%7C1a1%7C1b1%7C1b21%7C1b3%7C1c%7C1d1%7C1e%7C1f1%7C1f2%7C1f3%7C1f4%7C1f5%7C1f6%7C1g11%7C1h1%7C1h2%7C1i%7C1j1%7C1j2%7C1k1*.829650-57301876%7C1k11%7C1k12%7C1l%7C1m%7C1n%7C1o%7C1p,idMap:1k1*,rmeas:1,rend:0,renddet:IMG.us%7D&tpiLookup=ao:leviatanscans.com*%2Ca50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com*&br=c
Requested by: Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.141.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-141-220.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
x-server-name: dt01.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9C3C 22 KB
8 KB 42ms
42ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Tue, 28 Dec 2021 14:56:46 GMT
expires: Wed, 28 Dec 2022 14:56:46 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 173674
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2629 43 B
215 B 568ms
183ms Image
image/gif 54.218.141.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=829650&asId=7f758203-ffa9-0c64-25fb-f0ff712c7c9e&tv=%7Bc:yieeeV,pingTime:-2,time:103,type:a,im:%7Bsf:0,pom:1,prf:%7BmdA:14,mdZ:210,beA:268,beZ:269,mfA:271,cmA:273,inA:273,inZ:278,prA:278,prZ:294,si:301,poA:302,poZ:324,cmZ:324,mfZ:324,loA:357,loZ:360,ltA:371,ltZ:371%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:320.50,dom:ins%7D%7D,env:%7Bgca:false,cca:true,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:320,h:50,t:31%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:103,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:31,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B96~0%5D,as:%5B96~320.50%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sT5D0M6+11%7C12%7C13%7C14%7C15%7C16%7C171%7C181%7C19%7C1a1%7C1b1%7C1b21%7C1b3%7C1c%7C1d1%7C1e%7C1f1%7C1f2%7C1f3%7C1f4%7C1f5%7C1f6%7C1g11%7C1h1%7C1h2%7C1i%7C1j1%7C1j2%7C1k1*.829650-57301876%7C1k11%7C1k12%7C1l%7C1m%7C1n%7C1o%7C1p,idMap:1k1*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:IMG.us,sinceFw:69,readyFired:false%7D&br=c
Requested by: Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.141.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-141-220.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
x-server-name: dt05.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/ Frame 9992 7 KB
3 KB 89ms
41ms Document
text/html 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

260c4fa0bb32dd09b2436f751905cdd647ede2f6eecadc2d9aa34138f6a05906

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 2693
date: Sun, 26 Dec 2021 07:04:28 GMT
expires: Mon, 26 Dec 2022 07:04:28 GMT
last-modified: Wed, 16 Sep 2020 19:29:24 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
age: 374812
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame EADB 0
562 B 206ms
86ms Ping
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss8sqMTUKBvQnL1i097bI9CQKpE9u0F6Bc7Qhpbtmc7Wuz1Thh_Tcoxw5fRyhQsn3P4pgr7BBE7girQ-Si9suOaPNK8D8VCCcg1BMveP7ohyK571Nm-TyUkctxzpfwBJj3v-HBMtw1f-JuwNom625Zxg_6j4BDQXw6rJglYinBi_FXBlFJZZHSkvJfpvL4056UHiN9aH-XK6yhXm-EZ7a6Ex-_ZQjWywFqkN51sD164LmT6X4hQ8wKeqf2I-Qc5cCBRg41fXG_1TOFrdxJFNSbhcrdRQxECzCkTYQPYMfVcZSJxoH8YTYTQVFRtliy_jmVwQl824kMBy-0Xt9_MX-3W9-37x5UNwpjB7DIh0050TRm-rd2rwZHwEdqRUxNk21iqQxHQFqSnJ2vyZoIyA0CsPJ4U6zzVnQG4K0lVovGvpE_sQ4Ov0sDa00XvA2uzuTArGALX8blSlqBzvHYkemHTyTaJaq9uE5Rab3xEY5lHTsVJPUmpQfwNX_GUR3y-W2cQERy9_sVqG3TrF-M7MTV3kbnqFQGkWov3IsBHWWhkdWrTdNyVc26QC0zGPUSuPFh9MxQzAJIIn5MusPRDWR-joUqTX1abk1gkCVGJYvSA3Hoc-h-JgzVwFZYolOjw9LtZmAYgnmKhaUQ2FKJK_wVfbPG7W6vgLy1JOMgX1CucmOkeX_VU6_N6_BQGczRhkTi0QIBXa7QkxDfurXjc4V4-dYzAa9H50flCPoLHLFBHZvmEnnC6JWGy089gSz-7S4oqNNJhO_QWAc7amEncCSgE0dz6L-smlS63T8vGbiM9vnk7hwSgWRzAK7_n-12nkVKstLXNFrKiR4Npsb52RPaUpb_MViIQtIE6g-gQzljKEClcs69MmJwh0iJ-2z4ynyOZMLyghaO5sirUcsjkemXpJjEYbBy6wHhHBe740d2Sf2uVjn4DvyArSncW6x3Pfk1zT1ij0bp3MC_sdm_uXq2g3l1EJKIUJYeUKi-lq5xjV8G8dnhG7wP8Xp8L3M5hC0hQaVufji4B4RW5b2aawqYSe08jCdlrLFzjavMFV1Sc5UJeg_PD8EAJRABdCe_woy31r-3_ygNQn7HCSMAQGa-7vKk-K1nQCu6WlBKcCYf112uPw7Ah6ZZoBf2FotPxZ3xjhirx5IDHFwxscZrjXB_JenwZA9fFjg&sai=AMfl-YT7TEnYTUqKVyShKyhv_Gx3u9GECc1vz2VJYmjfXvqsTlBmVmuZ6KTbtIw0m-uY5qJWbqE1E7wBGMbfdzHUzTXY4UlzC-AP6JHsi07XdOZ8GjuoeCWFpFvtRcyZN7FJAZec2fTt44xO-Yh7Hn2pPwLLGd3NHA&sig=Cg0ArKJSzIvxtRs28zs5EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=271&cbvp=1&cstd=267&cisv=r20211207.55484&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Thu, 30 Dec 2021 15:11:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 smtr Show response
contextual.media.net/ Frame 3A7F 87 KB
32 KB 519ms
519ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CUV8TI79&cpcd=Po-xjRPGeMP9VYFKgTzMZA%3D%3D&crid=955327425&size=930x180&cc=GB&chnm=HARMONY&pid=8PO82R333&tpid=TIT364X&https=1&vif=2&requrl=https%3A%2F%2Fleviatanscans.com%2Fmx&nse=5&vi=1640877080224232221&lw=1&ugd=4&adt1=8CUX271X2&adt2=684782597&bae=B4Neqxx4xa&bcpf=B8fOnRrolnfOur84Neqxx4xa&bdrId=9&katbid=-103&ntv=0&matchstring=bcat%3D11%2Ca%2C35%2C16%2C14h%2Cg%2C2y%2Ch%2Cgo%2Ci2%2Ci5%2C3c%2Cyj%2Cod%2C7%2Chb%2Cy5%2Cmk%7Ccsh%3D1&katpre=1&nb=1&adomain=https%3A%2F%2Ftopics.businessfocus.online

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CUV8TI79

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Resource Hash

becb2bafc108983951976faeccb302abaf1830c159056ee0d6a6fcd9319d6b15

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
content-length: 32483
expires: Thu, 30 Dec 2021 15:11:21 GMT

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame E27B 15 KB
6 KB 60ms
59ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CUV8TI79&https=1&itype=CM

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

8a051973cd974d69938bd3994654ce4f699ea7aac4734e51d0bec3b5d430b79a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Sat, 01 Jan 2022 15:11:20 GMT
date: Thu, 30 Dec 2021 15:11:20 GMT
content-length: 5715

GET
H2 200 bping.php
lg3.media.net/ Frame 3A7F 35 B
189 B 53ms
45ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRVCXX19&cid=8CUV8TI79&crid=955327425&vi=1640877080224232221&ugd=4&lf=6&cc=GB&sc=EN&lper=100&wsip=2886781041&r=1640877081708&requrl=https%3A%2F%2Fleviatanscans.com%2Fmx&vgd_l2type=sca&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_rakh=1640877080174397589&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fnmedianet.js&vgd_pgid=p02029186064t202112301511&vgd_pgids=1&vgd_uspa=0&hvsid=00001640877081705015088061444495&gdpr=1&vgd_end=1

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Thu, 30 Dec 2021 15:11:20 GMT
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Thu, 30 Dec 2021 15:11:20 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D3F7
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEP5BziN_Y1MR3srEcIH6ohs&google_cver=1&google_push=AYg5qPK20uyc7Ghm61SGw-AjTKZr2EVKXBAc3DhekLZPBu1pxSwpysBiD-...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPK20uyc7Ghm61SGw-AjTKZr2EVKXBAc3DhekLZPBu1pxSwpysBiD-UEFqZdXqJDi2qgey5j4EQooCGQG-IsVttAFV4SmVQ&google_hm=KF4EeRq...

170 B
188 B

51ms
51ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPK20uyc7Ghm61SGw-AjTKZr2EVKXBAc3DhekLZPBu1pxSwpysBiD-UEFqZdXqJDi2qgey5j4EQooCGQG-IsVttAFV4SmVQ&google_hm=KF4EeRqd5v3_yEoCkkaOZQ

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:20 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPK20uyc7Ghm61SGw-AjTKZr2EVKXBAc3DhekLZPBu1pxSwpysBiD-UEFqZdXqJDi2qgey5j4EQooCGQG-IsVttAFV4SmVQ&google_hm=KF4EeRqd5v3_yEoCkkaOZQ
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D3F7
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPKQOd-yVuE3DfPtWOB121Xoa6gjVva1Ma0IvgC7fsG_utM0uDI79ibpsMq0wd5Oia1CmZeFcWWvX-N-C76sEQiS2aq3aQ&google_gid=CAESEMz8enq516fPC0kWBeMJvv0&googl...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCJmYt44GEgUI6AcQAEIASm5nb29nbGVfcHVzaD1BWWc1cVBLUU9kLXlWdUUzRGZQdFdPQjEyMVhvYTZnalZ2YTFNYTBJdmdDN2ZzR191dE0wdURJNzlpYnBzTXEwd2Q1T2lhMUNtWmVGY1dXdlgtTi1DNz...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwSXJIbDNZRF9vN0dlSVVqd2hidXEyTjVsaGs5bkJJNUR5cjFuWDFFWld4NA==&google_push

170 B
188 B

52ms
52ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwSXJIbDNZRF9vN0dlSVVqd2hidXEyTjVsaGs5bkJJNUR5cjFuWDFFWld4NA==&google_push

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 30 Dec 2021 15:11:21 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwSXJIbDNZRF9vN0dlSVVqd2hidXEyTjVsaGs5bkJJNUR5cjFuWDFFWld4NA==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame D3F7 43 B
324 B 117ms
42ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEIm_camQJQ8bDORlNqtyrxw&google_push=AYg5qPLHT-IjDUyTZqCx37xqY2vPtIU0o8Gwj21VwtFMSj8jAZM4qG5opZqbmrJ2jnziV-jlpopdmLSfeuf93sOLYMAALBMXdME&google_cver=1
Requested by: Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame D3F7 43 B
350 B 102ms
32ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEBGFBsS81y7u0-enUssRGt8&google_cver=1&google_push=AYg5qPK2ffU06bQmFcKidZQJI5C257m5waKajO9Tc95TRA1bOAytTy4ajiksjWeCdA7fRwj65wyo4wrG7fptDUx9uob6kLeE73Y
Requested by: Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:20 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 85teshnc7ookpssav1v00e2c1303fb5k

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D3F7
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Z7kxJU9zTOe4iZ1Nd4AZqw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

52ms
51ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Z7kxJU9zTOe4iZ1Nd4AZqw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPK4NG1F6WBWqDtmX2A_fYHWiI1QdME6pkKk7t2l_uU6-b7QnWcjDnzKcnrZo7j-ipFCq6DwLxtpuZPxLe32j5Pw8-m9trk

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Z7kxJU9zTOe4iZ1Nd4AZqw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPK4NG1F6WBWqDtmX2A_fYHWiI1QdME6pkKk7t2l_uU6-b7QnWcjDnzKcnrZo7j-ipFCq6DwLxtpuZPxLe32j5Pw8-m9trk
date: Thu, 30 Dec 2021 15:11:19 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D3F7
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG6AX9KyDXVewxM4Bri6F4U&google_cver=1&google_push=AYg5qPJky06NQDE25Q3kMKACjgMlOPdy3vworAg8eVuuyen0yZpfg06BVASNPEltC5wVcPXzVUB...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hUM1VJVzAtMjUtRkZXVQ==&google_push=AYg5qPJky06NQDE25Q3kMKACjgMlOPdy3vworAg8eVuuyen0yZpfg06BVASNPEltC5wVcPXzVUB9XlLBwCFflaMQv-quPKn9DXk

170 B
188 B

53ms
53ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hUM1VJVzAtMjUtRkZXVQ==&google_push=AYg5qPJky06NQDE25Q3kMKACjgMlOPdy3vworAg8eVuuyen0yZpfg06BVASNPEltC5wVcPXzVUB9XlLBwCFflaMQv-quPKn9DXk

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hUM1VJVzAtMjUtRkZXVQ==&google_push=AYg5qPJky06NQDE25Q3kMKACjgMlOPdy3vworAg8eVuuyen0yZpfg06BVASNPEltC5wVcPXzVUB9XlLBwCFflaMQv-quPKn9DXk
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame D3F7
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid...

0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame D3F7 0
12 B 50ms
49ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JFIE_R18raRWmggwHSN2lJnTK5L2ljZP8V_JC52xfMgI8uHeJbZarJHl7niYvs4mOSlvLY

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:20 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 9370 35 KB
13 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 13:17:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6822
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 30 Dec 2022 13:17:38 GMT

GET
H3 200 impl_v81.js Show response
www.googletagservices.com/dcm/ Frame 2629 41 KB
17 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v81.js

Requested by

Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/www.googletagservices.com/829650/57301876/dcm/dcmads.js?adsafe_url=https%3A%2F%2Fleviatanscans.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fleviatanscans.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fa50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fa50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=bd&adsafe_jsinfo=,id:7f758203-ffa9-0c64-25fb-f0ff712c7c9e,c:yieedM,sl:outOfView,em:true,fr:false,thd:1,mn:app10ie,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,nbld:0,mtim:3,fm:sT5D0M6+11%7C12%7C13%7C14%7C15%7C16%7C171%7C181%7C19%7C1a1%7C1b1%7C1b21%7C1b3%7C1c%7C1d1%7C1e%7C1f1%7C1f2%7C1f3%7C1f4%7C1f5%7C1f6%7C1g11%7C1h1%7C1h2%7C1i%7C1j1%7C1j2%7C1k1*.829650-57301876%7C1k11%7C1k12%7C1l%7C1m%7C1n%7C1o%7C1p,idMap:1k1*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:32,oid:be9c9331-6982-11ec-b6ab-0634eb268b40,v:19.8.273,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f3be6ad457ba5d4425f4d105688e9cf5a32595ff156bd290c8ccbe0e6ca3a68a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 27 Dec 2021 12:47:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 267827
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17189
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 19:28:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 27 Dec 2022 12:47:33 GMT

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame F28D 27 KB
10 KB 69ms
69ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CUX271X2&prvid=99%2C77%2C3018%2C4%2C246%2C10000%2C9%2C2033&purpose1=1&gdprconsent=1&gdpr=1&usp_status=0&usp_consent=1&itype=ADX

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

babb159dce958bffda3e25bc459c0ddec5ec4d5d95cf13b3acbe3b1c0785811d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Sat, 01 Jan 2022 15:11:20 GMT
date: Thu, 30 Dec 2021 15:11:20 GMT
content-length: 9787

GET
H2 200 clog
hblg.media.net/ Frame 3A7F 35 B
172 B 46ms
45ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hblg.media.net/clog?logid=awlog&prvAccId=955327425&ckfl=0&lper=1&mx_tgs=300x250%7C300x600%7C320x480%7C336x280%7C728x90%7C930x180%7C970x90%7C970x250&cbdp=0.01&mx_nsz=8&csex=1&spSource=0&vid=Yc3MFwAL6foH_YLf7gXoTQ&pvdTmax=253&s_city=brussels&ltime=18.0&ugd=4&epc=955327425&bcat%3C%3E=10050%23%2311493%23%231000010%23%231000008%23%2313768%23%231000007%23%231000005%23%231000037%23%231000036%23%231000004%23%231000003%23%231000035%23%2313423%23%2311504%23%231000031%23%231000030%23%231000027%23%231000024%23%231000023%23%231000019%23%2313725%23%231000018&prvReqId=45227043571372_2088945112_684782597391&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7Cclt%3D2%7Cfl_rl%3D1%7CssProfile%3D0%7Cdbr%3D1%7Ctpi%3D1&app=0&ctr=8.639868610771373E-5&exid=31&spFst=0&mx_TAF=2&mx_GCID=0&cliIPType=v4&device_id=4&pexid=ADX-pub-4573231550355221&ae=false&brsrclk=0&mx_UCC=1&sbdrid=99&prspt=headerBid&rtttime=23&usp_status=0&apTags%3C%3E=75&mx_PC=1&og_cbdp=0.010&size=930x180&wsip=mowx-554c7d69f6-ccf7g&mx_TAS=1&currsrc_date=2021-12-28+00%3A00%3A00&mx_gpid_sent=false&xtmax=290&commit_id=dab937fa&scrid=1700080787652500930018000000500&mx_SPRIG=0&psrc=fail&viewability=63&be=0&rtime=10.0&adj0=0.0&tmax=300&s_ip=172.253.215.11&adj2=0.0&adj1=0.0&geoll=false&mx_lr_seg_cnt=0&adtypes=0&mx_aabpc=0&debug_ts=2021-12-30+15%3A11%3A19&reqid=Yc3MFwAL6foH_YLf7gXoTQ&sc=England&sd=1&mx_ssProfile=0&mx_SC=1&reftime=0&pbidflr=0.010&spbf=0&mowxReqId=Yc3MFwAL6foH_YLf7gXoTQ_1_1&currsrc=API&fpusp=false&requrl=https%3A%2F%2Fleviatanscans.com%2Fmx&mnrfc=-1&bidrestime=1640877079816&pv_adtype=0&cc=GB&strg=HARMONY&amptype=1&pcrid=8CUV8TI79-955327425-1-14&moau=true&coppa_enf=false&ocurr=USD&abk=2354234553&is_rewarded=false&bdp=0.010&ct=manchester&spIsReq=3&s=1&snm=SUCCESS&abs=0%7C0%7Cxtmax%3D290%7Cbflag%3D0%7CHARMONY%7Cbrr%3D1&mx_IAB2=0&mx_epbc=8CUV8TI79&mx_ssBucket=0&vls=0&pubcc=CA&asn=9009&usp_enf=1&bidflr=0.010&mang=1&mx_isLossNtf=false&advUrl=https%3A%2F%2Ftopics.businessfocus.online&dn=leviatanscans.com&pid=8PR113JGC&spTo=3&dt=O&acid=Yc3MFwAL6foH_YLf7gXoTQ_1&actltime=18&act=headerBid&pvid=9&iframingState=0&is_ortb=false&mx_aurl_hc=0&mx_lr_seg_deal=0&mx_maq_call=false&exclattr=32%7C34%7C70%7C13%7C14%7C15%7C48%7C16%7C17%7C18%7C114%7C19%7C20%7C22%7C25%7C26%7C27%7C30&dfpBd=0.01&sckfl=1&dmm_erpm=true&mx_lr=0&mx_uid_sent=0&mx_sbp=-10.0&mnrf=0&slotVisibility=2&dbf=1&smbrid=adx-2&bfs=103&rfc=-1&gdpr=1&prvApiId=8CUV8TI79&gqid=AADH9t9QWee_bB-klb3iX0YBpjW1j7KKNqpdj-MFujIamsqluaansnH0nRC25D5h0zhXv6E2&dmm_ogerpm=false&epcexp=false&pubid=pub-ADX-118903234488-pub-rep&csip=rtb-common-58f94576b-w2cnn.BE&mx_bsProfile=0&mx_bsBucket=0&cid=8CUX271X2&bcrid=1700080787652500930018000000500&mx_aurt=0&omul=1.0&spIvt=3&apPrfs%3C%3E=13%23%2316%23%2318&ptype=23&vertical=0&chnl=HARMONY&smsrc=1&pst=0&acsn=1&reqsize=930x180&dtc=eu_be&adpos=3&mx_aqcpl_crid=4&ogbdp=0.01&tpbTkn=false&fpuReq=1&itype=ADX&vcmplrt=-1.0&mx_g_one_uid_sent=None&crid=684782597&geo_source=2&sat=1&mnet_ckfl=0&spCst=0&tgtval=pub-ADX-118903234488-pub-rep&__expireat=1640877680069&gsi=1&opbidflr=0.010&reftype=0&rme=adm&bdata=dc%3Dgcp-eu-west1-b~ck_fl%3D0~bhp%3D0~~std%3Dna~itype%3DADX~visibility%3D2~ref_cnt%3D0~r_ip%3D89.238.142.0~r_sc%3DENGLAND~rbo%3D5_3~bx_a1%3D0~dmm_d1%3D0~dmm_d2%3DT~dmm_d3%3D0~dmm_d4%3D10~dmm_d5%3D0~dmm_d6%3D0~dmm_d7%3D0~dmm_d8%3D0~dmm_d9%3D0~dmm_d10%3D0~dmm_d13%3D0~dmm_d14%3D0~dmm_d15%3D1~dmm_d16%3D0~dmm_d17%3D0~dmm_d18%3D50~dmm_d19%3D0~dmm_d21%3D-1~dmm_d22%3D0.00~dmm_d23%3D0~dmm_d24%3D5~dmm_d25%3D0~dmm_d26%3D000~dmm_d27%3D0~dmm_d28%3D2~dmm_d29%3D0.60~dmm_d30%3D4~dmm_d33%3D0~dmm_d36%3DNA~dmm_d37%3DUTC~dmm_d40%3D0~dmm_d42%3D0~dmm_d43%3D0~dmm_d44%3Dprod~dmm_d45%3D0~dmm_d46%3DR~hc%3D0~dmm_d51%3D0~dmm_d52%3D0~dmm_d53%3D000~dmm_d55%3DT~dmm_d56%3Dfalse~bx_sgmt%3Dempty~sgmt%3Dempty~bx_rpc%3D001001~bx_intmd%3D0~bx_ginsu%3D0~bx_j%3D0~bx_rsp%3D0~dmm_l%3D0.003~dmm_r%3D0.337~e_rpm%3D0.010~dmm_m1%3D0.010~dmm_m2%3D0.004~dmm_m3%3D1.000~dmm_m7%3D0.751~dmm_m10%3D1.000~dmm_m11%3D0.824~dmm_m12%3D0.751~dmm_m14%3D1.000~dmm_m16%3D0.337~dmm_m21%3D1.000~dmm_m28%3D1.000~dmm_m30%3D1.000~dmm_m32%3D0.010~dmm_m33%3D1.000~dmm_m35%3D3.000~dmm_m36%3D3.000~dmm_m39%3D24851.000~dmm_m40%3D24851.000~dmm_m43%3D0.018~dmm_m44%3D5.000~erpm%3D0.010~vbr%3D3~~bid%3D0.01~dmm_d39%3D-2~dmm_d55%3Dnull~bx_ybnenv%3Dprod~supply_tag_id%3D%7Eviewability%3D0.63%7Eamp%3D1%7Ecbdp%3D0.010%7Edmm%3Dharmony%7Esd%3D1%7Edtc%3Deu_be%7Exid%3DADX-pub-4573231550355221%7Edalg%3Ddefault%7Ebflag%3D0%7Ehtml%3D1%7Esobp%3D%7Ectr%3D8.639868610771373E-5%7Ebdpcapd%3D0%7Edmm_erpm%3Dtrue%7Ebflr%3D0.010%7Eogbid%3D0.010%7Eac_type%3D1%7Eseller_tag_id%3D%7Ead_blk_key%3D2354234553%7Edetected_tag_id%3D%7Edcut%3D1%7Edogb%3D0-1~ibc%3D1~&utime=1929&sf=0&cpr=0.949691169097918
Requested by: Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-93.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: max-age=3600
date: Thu, 30 Dec 2021 15:11:20 GMT
server: Apache
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=21600
content-length: 35
expires: Thu, 30 Dec 2021 21:11:20 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 8299 1 KB
751 B 39ms
39ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 30 Dec 2021 05:53:44 GMT
expires: Fri, 31 Dec 2021 05:53:44 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 33456
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 3A7F 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60421ba56c118854378a7e90ecd0a0180fd598fc0e0faf0b5aa5e8dddb627ce0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 createjs-2015.11.26.min.js Show response
code.createjs.com/ Frame 9992 186 KB
48 KB 235ms
76ms Script
text/javascript 2a02:26f0:6c00::210:ba1a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/createjs-2015.11.26.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: 575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:21 GMT
content-encoding: gzip
server: Apache
cache-control: max-age=900
vary: Accept-Encoding
content-type: text/javascript
x-n: S
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:26:21 GMT

GET
H3 200 300x250.js Show response
s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/ Frame 9992 115 KB
23 KB 41ms
41ms Script
application/x-javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/300x250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8091c035b2cfc560596369db3cc3df6de8dbafd5c825d9585d9a076176a61183

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 26 Dec 2021 07:04:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 374812
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24022
x-xss-protection: 0
last-modified: Wed, 16 Sep 2020 19:29:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 26 Dec 2022 07:04:29 GMT

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 9C3C 35 KB
13 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 13:17:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6823
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 30 Dec 2022 13:17:38 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9F6B 42 B
64 B 125ms
76ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssPUOKn0gBUpIyzhiVSsVlezF6Bxp6DwdTe4rCdZBdJsLC3h6tQWLGZo2_JC9kl_lz5Rt7f6OVYqui5Pd3_MsgCBO_PXqfFGmMTBkeV3CchHapK8JSiPA&sai=AMfl-YRxlKPv0wxREy7dsqL30546Qq6s2BzNvPhiHie63yz9ORt1L17SxjKDNya1qSRQEzs2Dm2RLqL62ovH&sig=Cg0ArKJSzKNDP4c3W4KiEAE&id=lidar2&mcvt=1016&p=0,0,280,1110&mtos=1016,1016,1016,1016,1016&tos=1016,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=3079630965&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1640877079205&rpt=1578&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 B26459005.313936549;dc_ver=81.236;dc_eid=40004001;sz=320x50;u_sd=1;dc_adk=388007327;ord=pl3ezv;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdS2hF8zNYcTsK-Wj7_UP1beeg... Show response
ad.doubleclick.net/ddm/adj/N8714.4053162MIQ_PUBLICIS_UK/ Frame 2629 59 KB
24 KB 80ms
79ms Script
text/javascript 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N8714.4053162MIQ_PUBLICIS_UK/B26459005.313936549;dc_ver=81.236;dc_eid=40004001;sz=320x50;u_sd=1;dc_adk=388007327;ord=pl3ezv;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdS2hF8zNYcTsK-Wj7_UP1beegAy_8tbyZtHqxbWdDvAuEAEg_NfkfGC7hoCA0AqgAZPfos4ByAEJqQIvYHY5k5S2PqgDAaoE6gFP0DedAqAheeB3TXj0n00h89Pdk9ZrmjtAnxm6ASNYAivKqNmOJFmU-62hx8kOxoqnCmCnlXR2IKmjF5kzJ6K8zY3h9F-rXw5h2q5CXH8fi_lQvlNbNApHoPxqbIZb5Oipx3ujOsrNYFjzH_TPLdUU5J28tZK1b1yiFaFrRS6OefMHLoxuEXxHUB_5r9vpOvwXogqmwAobx7LOS0_Uvq66uDjqSE726vVFV7ecJIxOJUXbWB2wPqjomp0eV2c6QM7-NAnb5jmlwAlIGQF4AcIU9efd-Bp-5zbHRj9bpN3Ufz5_CqetBvqFWDzABIzJ2s3ZA-AEA5AGAaAGTYAH1aDdsQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIgOGAEBABGB2ACgGYCwHICwGADAGwE838xg3QEwDYEw3YFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASEuRo14ejpJQF4sZENfKyl-O5YA%26sig%3DAOD64_3-XvPI2E6bYp3G_hD4rSxZLufgUg%26client%3Dca-pub-7130522558251201%26dbm_c%3DAKAmf-ATMVzVx7Xn4O8DLa0ldSCteINxr8t30c2TbCREb-7RqayZJW8VtX0G8JfH3HIJ83iYInky8KY6VpXFk95nJl6ry5CHu8vDRXYmYDOJSE3bn_mY33t_IB9_eXbxCmtW04K5A7UM0rXXZLQ_rQ62lvb5v_F33A%26cry%3D1%26dbm_d%3DAKAmf-DSJUKibXoFOvsQb0UEDd_VxL_h9iV5y1BueR2s7lE5kkNI7vwzmtxBBHPSRB1jrqjddlRzfFRuAP4IfZ_-r_X7IieRRZUkXrqIE3tWez1Sth_9OmCSPDLbB3v7HugdS6h4JExHtS4pmdfxdWCeIBqE6TwDuxKILc6vWDNPI8n_Ss-4BegBPWdI01RlkDwdWjs-Eq-SUvAGY5-LK5E190amhs8N10rqRC90NV0J5DA_X3gEut9eQZ20--fT_hedecq2J0QGkQ3E54bldZH9vX98fNQaqhkRViXGHdbArIxiw4m2wRslCfnIo5CvKhaoq2lUyI1yZMRQdkxPE-KpUwj5FbLIJpo2SNQjMeK3g4X-RTNUhfKhER2xjDim__goGOfAlSlStXdHzqCG5UAJpK-YwozGUls3So5TSQwhLO8duSzC6UESJwvpNqu512C6fZv91dA_8F2WJ_ysOZaDeDtbQoWzQQ%26adurl%3D;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=2,https%3A%2F%2Fleviatanscans.com%2F$0;xdt=1;crlt=OyjsGnejM0;sttr=92;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v81.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

dbcbfbedb663b6a5d8569ebe4c279fa1ac0c97e62f91d116e1ff169931dbef20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24943
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 publishertag.prebid.113.js Show response
static.criteo.net/js/ld/ 85 KB
27 KB 139ms
60ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.113.js

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

e6969b69570c743952ab51b9fba22410be503db91b0566753d6da10894e76dad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:21 GMT
content-encoding: gzip
last-modified: Wed, 08 Sep 2021 12:50:31 GMT
server: nginx
etag: W/"6138b197-1532d"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 31 Dec 2021 15:11:21 GMT

GET
H3 200 bridge3.493.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 7814 598 KB
194 KB 93ms
43ms Document
text/html 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 198942
date: Tue, 28 Dec 2021 14:56:35 GMT
expires: Wed, 28 Dec 2022 14:56:35 GMT
last-modified: Wed, 15 Dec 2021 20:12:41 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 173686
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 client.js Show response
s0.2mdn.net/instream/video/ Frame FCFC 44 KB
16 KB 48ms
48ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 15:11:21 GMT

GET
H3 200 bridge3.493.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 4621 598 KB
194 KB 68ms
47ms Document
text/html 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 198942
date: Tue, 28 Dec 2021 14:56:35 GMT
expires: Wed, 28 Dec 2022 14:56:35 GMT
last-modified: Wed, 15 Dec 2021 20:12:41 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 173686
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 bridge3.493.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 63C2 598 KB
194 KB 71ms
65ms Document
text/html 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 198942
date: Tue, 28 Dec 2021 14:56:35 GMT
expires: Wed, 28 Dec 2022 14:56:35 GMT
last-modified: Wed, 15 Dec 2021 20:12:41 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 173686
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 bridge3.493.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame DC7E 598 KB
194 KB 88ms
88ms Document
text/html 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 198942
date: Tue, 28 Dec 2021 14:56:35 GMT
expires: Wed, 28 Dec 2022 14:56:35 GMT
last-modified: Wed, 15 Dec 2021 20:12:41 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 173686
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 bridge3.493.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame B4FF 598 KB
194 KB 93ms
93ms Document
text/html 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 198942
date: Tue, 28 Dec 2021 14:56:35 GMT
expires: Wed, 28 Dec 2022 14:56:35 GMT
last-modified: Wed, 15 Dec 2021 20:12:41 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 173686
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 log
c21lg-d.media.net/ Frame F28D 35 B
194 B 215ms
200ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c21lg-d.media.net/log?logid=kfk&evtid=cs&del=1&vsid=2838786800635787000V10&origin=1&flt=0&pvgid[]=data-p&pvgid[]=data-b&pvgid[]=data-t&pvgid[]=data-sov&pvgid[]=data-r1&pvgid[]=data-pb&pvgid[]=data-xu&pvgid[]=data-tx&pvgid[]=data-bs&pvgid[]=data-c&pvgid[]=data-ct
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CUX271X2&prvid=99%2C77%2C3018%2C4%2C246%2C10000%2C9%2C2033&purpose1=1&gdprconsent=1&gdpr=1&usp_status=0&usp_consent=1&itype=ADX
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-93.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.35.v20201120) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
server: Jetty(9.4.35.v20201120)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Thu, 30 Dec 2021 15:11:21 GMT

GET
H2

200

cksync
cs.media.net/ Frame F28D
Redirect Chain

https://cm.g.doubleclick.net/pixel?cs=6&google_nid=media&google_cm=1&google_hm=MjgzODc4NjgwMDYzNTc4NzAwMFYxMA%3D%3D&google_sc=1
https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESEJ0m6FVL6FsU-nhFTTtghEY&google_cver=1

45 B
445 B

74ms
66ms

Image
image/gif

2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESEJ0m6FVL6FsU-nhFTTtghEY&google_cver=1
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CUX271X2&prvid=99%2C77%2C3018%2C4%2C246%2C10000%2C9%2C2033&purpose1=1&gdprconsent=1&gdpr=1&usp_status=0&usp_consent=1&itype=ADX
Protocol: H2
Server: 2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-93.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 45
x-mnet-hl2: E
expires: Thu, 30 Dec 2021 15:11:21 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESEJ0m6FVL6FsU-nhFTTtghEY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cksync
cs.media.net/ Frame F28D
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=c6d710a3-e93d-4331-be42-5db246c85db2

45 B
450 B

78ms
68ms

Image
image/gif

2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync?cs=1&type=ttd&ovsid=c6d710a3-e93d-4331-be42-5db246c85db2
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CUX271X2&prvid=99%2C77%2C3018%2C4%2C246%2C10000%2C9%2C2033&purpose1=1&gdprconsent=1&gdpr=1&usp_status=0&usp_consent=1&itype=ADX
Protocol: H2
Server: 2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-93.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 45
x-mnet-hl2: E
expires: Thu, 30 Dec 2021 15:11:21 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cs.media.net/cksync?cs=1&type=ttd&ovsid=c6d710a3-e93d-4331-be42-5db246c85db2
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 199

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8299
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEP5BziN_Y1MR3srEcIH6ohs&google_cver=1&google_push=AYg5qPJqDwGlC7cQh3tU--Zaz6l0oOmrx53__76Vkp93dnf-f9dYK5kqyT...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJqDwGlC7cQh3tU--Zaz6l0oOmrx53__76Vkp93dnf-f9dYK5kqyTdnlgIonAQeGe0gPwDeJCx8UhKn7TAjRM79hBSUyG2-7g&google_hm=KF4E...

170 B
188 B

53ms
51ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJqDwGlC7cQh3tU--Zaz6l0oOmrx53__76Vkp93dnf-f9dYK5kqyTdnlgIonAQeGe0gPwDeJCx8UhKn7TAjRM79hBSUyG2-7g&google_hm=KF4EeRqd5v3_yEoCkkaOZQ

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJqDwGlC7cQh3tU--Zaz6l0oOmrx53__76Vkp93dnf-f9dYK5kqyTdnlgIonAQeGe0gPwDeJCx8UhKn7TAjRM79hBSUyG2-7g&google_hm=KF4EeRqd5v3_yEoCkkaOZQ
pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8299
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEA2xsJh0ZFncK-Knhu1zt7o&google_cver=1&google_push=AYg5qPITbuTH_xRLRaBcH5Ga3pHtvWoxZ2YolpfCH_9r40ZkrM7XRRkFrLTizygZzY_k-PO6m1foOu8-S2LjEAIk...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=DgMzkGIpSo-We58Pv-AxAw2&google_push=AYg5qPITbuTH_xRLRaBcH5Ga3pHtvWoxZ2YolpfCH_9r40ZkrM7XRRkFrLTizygZzY_k-PO6m1foOu8-S2LjEAIkI4oyKdqGGMXv7w

170 B
188 B

51ms
51ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=DgMzkGIpSo-We58Pv-AxAw2&google_push=AYg5qPITbuTH_xRLRaBcH5Ga3pHtvWoxZ2YolpfCH_9r40ZkrM7XRRkFrLTizygZzY_k-PO6m1foOu8-S2LjEAIkI4oyKdqGGMXv7w

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 30 Dec 2021 15:11:21 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.15.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=DgMzkGIpSo-We58Pv-AxAw2&google_push=AYg5qPITbuTH_xRLRaBcH5Ga3pHtvWoxZ2YolpfCH_9r40ZkrM7XRRkFrLTizygZzY_k-PO6m1foOu8-S2LjEAIkI4oyKdqGGMXv7w
x-host: tde-deliveryengine-production-584bdf445-kw6hq
alt-svc: clear
content-length: 0

GET
H3 200 dds
rtb.openx.net/sync/ Frame 8299 43 B
64 B 64ms
33ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEBGFBsS81y7u0-enUssRGt8&google_cver=1&google_push=AYg5qPKUawTT6B981hYBNNGuXPZb3jwtHh4A_NKK7qE3dSZ_xar_Z1inBrIQszlLbsGoW1YNq2wc65dWBY8yM9a_awwEIbr-DfxMbQ
Requested by: Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:20 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 7c7cptr59tutc8v5gi7obtmf2v1impu3

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8299
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEHLkN42lDKJfSxdzmi0EnFI&google_cver=1&google_push=AYg5qPIX0TffwEO1J5-88R5p9U31i392yF2ruYHKhDcucKnrSsEGWbgqaq0subS5iqDt9RPayzfzTMR7kNP4TM4ay...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPIX0TffwEO1J5-88R5p9U31i392yF2ruYHKhDcucKnrSsEGWbgqaq0subS5iqDt9RPayzfzTMR7kNP4TM4ayNBixI0DBpYBmg&google_hm=72520c5b6a85ba298733...

170 B
188 B

53ms
52ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPIX0TffwEO1J5-88R5p9U31i392yF2ruYHKhDcucKnrSsEGWbgqaq0subS5iqDt9RPayzfzTMR7kNP4TM4ayNBixI0DBpYBmg&google_hm=72520c5b6a85ba298733ec15

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 30 Dec 2021 15:11:21 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPIX0TffwEO1J5-88R5p9U31i392yF2ruYHKhDcucKnrSsEGWbgqaq0subS5iqDt9RPayzfzTMR7kNP4TM4ayNBixI0DBpYBmg&google_hm=72520c5b6a85ba298733ec15
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET

pixel
cm.g.doubleclick.net/ Frame 8299
Redirect Chain

https://onetag-sys.com/sync/i,19/?google_gid=CAESEGVBorlxqgpKIRrGAdeoBvk&google_cver=1&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxb...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8299
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEHDlHbRaGbLYkRfdTmZWKJw&google_cver=1&google_push=AYg5qPKDMFbf9Umls4JHm_8ZHFbMh8niSHv2kK9ipfkL8p8E6tmNpHTH1iP5wU7EBolJPpwLrf4vxVR6vPHs9yR5yFrC3DaGfeP6
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AYg5qPKDMFbf9Umls4JHm_8ZHFbMh8niSHv2kK9ipfkL8p8E6tmNpHTH1iP5wU7EBolJPpwLrf4vxVR6vPHs9yR5yFrC3DaGfeP6&goog...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTQ1Nzc5MTMyMjQzNjg0MjAzOA%3D%3D&google_push=AYg5qPKDMFbf9Umls4JHm_8ZHFbMh8niSHv2kK9ipfkL8p8E6tmNpHTH1iP5...

170 B
188 B

51ms
51ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTQ1Nzc5MTMyMjQzNjg0MjAzOA%3D%3D&google_push=AYg5qPKDMFbf9Umls4JHm_8ZHFbMh8niSHv2kK9ipfkL8p8E6tmNpHTH1iP5wU7EBolJPpwLrf4vxVR6vPHs9yR5yFrC3DaGfeP6

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTQ1Nzc5MTMyMjQzNjg0MjAzOA%3D%3D&google_push=AYg5qPKDMFbf9Umls4JHm_8ZHFbMh8niSHv2kK9ipfkL8p8E6tmNpHTH1iP5wU7EBolJPpwLrf4vxVR6vPHs9yR5yFrC3DaGfeP6
date: Thu, 30 Dec 2021 15:11:21 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8299
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEHpFp6IM2oOP9S0V9OiJFJ4&google_cver=1&google_push=AYg5qPK0EejUFfEHAOGodti292why4Q9anepYMwkYasxWhP6fgMCK6Zq6W7XddbZvmrD64vgn-...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1laTc1Vl9oRTJ1RUJ3MTBraXgyRmlUZGc1Nm1RTjlmcX5B&google_push=AYg5qPK0EejUFfEHAOGodti292why4Q9anepYMwkYasxWhP6fgMCK6Zq6...

170 B
188 B

53ms
51ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1laTc1Vl9oRTJ1RUJ3MTBraXgyRmlUZGc1Nm1RTjlmcX5B&google_push=AYg5qPK0EejUFfEHAOGodti292why4Q9anepYMwkYasxWhP6fgMCK6Zq6W7XddbZvmrD64vgn-6dcaBuh5JGThF1Tfwzyb1dR7oosew

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1laTc1Vl9oRTJ1RUJ3MTBraXgyRmlUZGc1Nm1RTjlmcX5B&google_push=AYg5qPK0EejUFfEHAOGodti292why4Q9anepYMwkYasxWhP6fgMCK6Zq6W7XddbZvmrD64vgn-6dcaBuh5JGThF1Tfwzyb1dR7oosew
date: Thu, 30 Dec 2021 15:11:21 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 8299 0
12 B 49ms
49ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KlUNHKauYQijJkp7L2QQp57aHIipCdd2g49YMGFNYKyzNPzzPk8dMHyNSS28EFglp-xjLPJA

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:21 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2629 43 B
215 B 179ms
179ms Image
image/gif 54.218.141.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=829650&asId=7f758203-ffa9-0c64-25fb-f0ff712c7c9e&tv=%7Bc:yieelH,time:523,type:e,im:%7Bimprf:%7Bttecl:436,ecd:41,tsecr:42%7D%7D,env:%7Bccd:%7Bversion:1,uspString:1---%7D%7D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:523,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:31,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B516~0%5D,as:%5B516~320.50%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sT5D0M6+11%7C12%7C13%7C14%7C15%7C16%7C171%7C181%7C19%7C1a1%7C1b1%7C1b21%7C1b3%7C1c%7C1d1%7C1e%7C1f1%7C1f2%7C1f3%7C1f4%7C1f5%7C1f6%7C1g11%7C1h1%7C1h2%7C1i%7C1j1%7C1j2%7C1k1*.829650-57301876%7C1k11%7C1k12%7C1l%7C1m%7C1n%7C1o%7C1p,idMap:1k1*,rmeas:1,rend:0,renddet:IMG.us%7D&br=c
Requested by: Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.141.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-141-220.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
x-server-name: dt10.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame 9D83 0
0 117ms
116ms Document
text/plain 67.202.105.22
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=cFJaFg4dmr64KsaKjGFx_2&gdpr_consent=undefined&us_privacy=1---
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.22 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip22.67-202-105.static.steadfastdns.net
Software: 33XP001 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

x-33x-status: 2000208
server: 33XP001
date: Thu, 30 Dec 2021 15:11:21 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 2629 106 KB
37 KB 90ms
41ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
Origin: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 14:56:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 875
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 31 Dec 2021 14:56:46 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame 2629 8 KB
3 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N8714.4053162MIQ_PUBLICIS_UK/B26459005.313936549;dc_ver=81.236;dc_eid=40004001;sz=320x50;u_sd=1;dc_adk=388007327;ord=pl3ezv;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdS2hF8zNYcTsK-Wj7_UP1beegAy_8tbyZtHqxbWdDvAuEAEg_NfkfGC7hoCA0AqgAZPfos4ByAEJqQIvYHY5k5S2PqgDAaoE6gFP0DedAqAheeB3TXj0n00h89Pdk9ZrmjtAnxm6ASNYAivKqNmOJFmU-62hx8kOxoqnCmCnlXR2IKmjF5kzJ6K8zY3h9F-rXw5h2q5CXH8fi_lQvlNbNApHoPxqbIZb5Oipx3ujOsrNYFjzH_TPLdUU5J28tZK1b1yiFaFrRS6OefMHLoxuEXxHUB_5r9vpOvwXogqmwAobx7LOS0_Uvq66uDjqSE726vVFV7ecJIxOJUXbWB2wPqjomp0eV2c6QM7-NAnb5jmlwAlIGQF4AcIU9efd-Bp-5zbHRj9bpN3Ufz5_CqetBvqFWDzABIzJ2s3ZA-AEA5AGAaAGTYAH1aDdsQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIgOGAEBABGB2ACgGYCwHICwGADAGwE838xg3QEwDYEw3YFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASEuRo14ejpJQF4sZENfKyl-O5YA%26sig%3DAOD64_3-XvPI2E6bYp3G_hD4rSxZLufgUg%26client%3Dca-pub-7130522558251201%26dbm_c%3DAKAmf-ATMVzVx7Xn4O8DLa0ldSCteINxr8t30c2TbCREb-7RqayZJW8VtX0G8JfH3HIJ83iYInky8KY6VpXFk95nJl6ry5CHu8vDRXYmYDOJSE3bn_mY33t_IB9_eXbxCmtW04K5A7UM0rXXZLQ_rQ62lvb5v_F33A%26cry%3D1%26dbm_d%3DAKAmf-DSJUKibXoFOvsQb0UEDd_VxL_h9iV5y1BueR2s7lE5kkNI7vwzmtxBBHPSRB1jrqjddlRzfFRuAP4IfZ_-r_X7IieRRZUkXrqIE3tWez1Sth_9OmCSPDLbB3v7HugdS6h4JExHtS4pmdfxdWCeIBqE6TwDuxKILc6vWDNPI8n_Ss-4BegBPWdI01RlkDwdWjs-Eq-SUvAGY5-LK5E190amhs8N10rqRC90NV0J5DA_X3gEut9eQZ20--fT_hedecq2J0QGkQ3E54bldZH9vX98fNQaqhkRViXGHdbArIxiw4m2wRslCfnIo5CvKhaoq2lUyI1yZMRQdkxPE-KpUwj5FbLIJpo2SNQjMeK3g4X-RTNUhfKhER2xjDim__goGOfAlSlStXdHzqCG5UAJpK-YwozGUls3So5TSQwhLO8duSzC6UESJwvpNqu512C6fZv91dA_8F2WJ_ysOZaDeDtbQoWzQQ%26adurl%3D;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=2,https%3A%2F%2Fleviatanscans.com%2F$0;xdt=1;crlt=OyjsGnejM0;sttr=92;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:08:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 173
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jan 2022 15:08:28 GMT

GET
H2 200 main.gr.19.8.273.js Show response
static.adsafeprotected.com/ Frame 2629 187 KB
60 KB 47ms
46ms Script
application/javascript 2600:9000:223f:600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.273.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=10933&advId=18517273&campId=47474512&pubId=1&chanId=705080160901&placementId=381113010&dealId=&adsafe_par&impId=ABAjH0gqnq5-HIm6J1pA9mw4fltd&bidurl=https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 00b3b0b438a1a3e7f01112f487ffb01e64db47935eb0e1e2927bdb4811ee935f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 17:46:22 GMT
content-encoding: gzip
age: 1718700
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 10 Dec 2021 17:31:00 GMT
server: AmazonS3
etag: W/"dbbed9b42f871ade260381ef78b0cd71"
vary: Accept-Encoding
x-amz-version-id: RbTKyuj_rScIKJ79M7NB4z2hCQfzt2bN
via: 1.1 d4744f6f4cb683596fb4a26e59b2aba8.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA56-P5
content-type: application/javascript
x-amz-cf-id: ycTQ-p5htMo-FZ3etVq3BRKYFEqL1dUugVzm22kZk7ZKyN9rbvoYZw==

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 7701 1 KB
752 B 41ms
41ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 30 Dec 2021 05:53:44 GMT
expires: Fri, 31 Dec 2021 05:53:44 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 33457
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 2629 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b3e65cecf7849a54918a1028fbf26e660d74c075ce5e9a769e74c8af72b3121c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame FCFC 107 B
122 B 51ms
51ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 15:11:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame FE0F 37 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 14:56:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 886
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:56:35 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 14F7 37 KB
13 KB 43ms
40ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 14:56:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 886
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:56:35 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame BC46 37 KB
13 KB 43ms
41ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 14:56:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 886
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:56:35 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 9B0D 37 KB
13 KB 46ms
44ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 14:56:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 886
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:56:35 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame DFF4 37 KB
13 KB 45ms
43ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 14:56:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 886
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:56:35 GMT

GET
H3 200 bg2.jpg
s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/images/ Frame 9992 30 KB
30 KB 43ms
41ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/images/bg2.jpg

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26ac3f6f49fa9327310ea37c924bd47b9efd7a599fc7bf74bb644c25daca6581

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 10:28:24 GMT
x-content-type-options: nosniff
age: 103377
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31137
x-xss-protection: 0
last-modified: Wed, 16 Sep 2020 19:29:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Dec 2022 10:28:24 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame EADB 0
23 B 128ms
78ms Ping
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss8sqMTUKBvQnL1i097bI9CQKpE9u0F6Bc7Qhpbtmc7Wuz1Thh_Tcoxw5fRyhQsn3P4pgr7BBE7girQ-Si9suOaPNK8D8VCCcg1BMveP7ohyK571Nm-TyUkctxzpfwBJj3v-HBMtw1f-JuwNom625Zxg_6j4BDQXw6rJglYinBi_FXBlFJZZHSkvJfpvL4056UHiN9aH-XK6yhXm-EZ7a6Ex-_ZQjWywFqkN51sD164LmT6X4hQ8wKeqf2I-Qc5cCBRg41fXG_1TOFrdxJFNSbhcrdRQxECzCkTYQPYMfVcZSJxoH8YTYTQVFRtliy_jmVwQl824kMBy-0Xt9_MX-3W9-37x5UNwpjB7DIh0050TRm-rd2rwZHwEdqRUxNk21iqQxHQFqSnJ2vyZoIyA0CsPJ4U6zzVnQG4K0lVovGvpE_sQ4Ov0sDa00XvA2uzuTArGALX8blSlqBzvHYkemHTyTaJaq9uE5Rab3xEY5lHTsVJPUmpQfwNX_GUR3y-W2cQERy9_sVqG3TrF-M7MTV3kbnqFQGkWov3IsBHWWhkdWrTdNyVc26QC0zGPUSuPFh9MxQzAJIIn5MusPRDWR-joUqTX1abk1gkCVGJYvSA3Hoc-h-JgzVwFZYolOjw9LtZmAYgnmKhaUQ2FKJK_wVfbPG7W6vgLy1JOMgX1CucmOkeX_VU6_N6_BQGczRhkTi0QIBXa7QkxDfurXjc4V4-dYzAa9H50flCPoLHLFBHZvmEnnC6JWGy089gSz-7S4oqNNJhO_QWAc7amEncCSgE0dz6L-smlS63T8vGbiM9vnk7hwSgWRzAK7_n-12nkVKstLXNFrKiR4Npsb52RPaUpb_MViIQtIE6g-gQzljKEClcs69MmJwh0iJ-2z4ynyOZMLyghaO5sirUcsjkemXpJjEYbBy6wHhHBe740d2Sf2uVjn4DvyArSncW6x3Pfk1zT1ij0bp3MC_sdm_uXq2g3l1EJKIUJYeUKi-lq5xjV8G8dnhG7wP8Xp8L3M5hC0hQaVufji4B4RW5b2aawqYSe08jCdlrLFzjavMFV1Sc5UJeg_PD8EAJRABdCe_woy31r-3_ygNQn7HCSMAQGa-7vKk-K1nQCu6WlBKcCYf112uPw7Ah6ZZoBf2FotPxZ3xjhirx5IDHFwxscZrjXB_JenwZA9fFjg&sai=AMfl-YT7TEnYTUqKVyShKyhv_Gx3u9GECc1vz2VJYmjfXvqsTlBmVmuZ6KTbtIw0m-uY5qJWbqE1E7wBGMbfdzHUzTXY4UlzC-AP6JHsi07XdOZ8GjuoeCWFpFvtRcyZN7FJAZec2fTt44xO-Yh7Hn2pPwLLGd3NHA&sig=Cg0ArKJSzIvxtRs28zs5EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=813&vt=11&dtpt=542&dett=3&cstd=267&cisv=r20211207.55484&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 15:11:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame B03D 22 KB
8 KB 43ms
42ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Tue, 28 Dec 2021 14:56:46 GMT
expires: Wed, 28 Dec 2022 14:56:46 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 173675
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 83 KB
26 KB 170ms
57ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.113.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

3d1ed1affc8bef9859778b9821375af240dff09e4aa8411456d3168206ed6fe7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:21 GMT
content-encoding: gzip
last-modified: Thu, 11 Nov 2021 06:35:11 GMT
server: nginx
etag: W/"618cb99f-14b33"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 31 Dec 2021 15:11:21 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2629 43 B
215 B 180ms
180ms Image
image/gif 54.218.141.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=829650&asId=7f758203-ffa9-0c64-25fb-f0ff712c7c9e&tv=%7Bc:yieeq0,pingTime:-10,time:790,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Ni4wLjQ2NjQuOTMgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1640877082356%7C%7C397bd3b9dc2726017b65608aaa6fceba%7C%7Ca2fdad25d911a8a4b39828759d282361%7C%7C663cf4f5a2f9006aa1539c556d758e0a%7C%7Cc936eac2960b5d8e758f3b662391142d%7C%7C39b41cf7d64f71e8924f60ea1b398b7a%7C%7Cf94506f9ef87c3452171bef6d784210d%7C%7Cf3f0fe647adc54f1104a4159cb712995%7C%7C1629390669,im:%7Bpci:%7Btdr:618%7D%7D%7D
Requested by: Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.141.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-141-220.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
x-server-name: dt18.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 BTN.png
s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/images/ Frame 9992 2 KB
2 KB 40ms
40ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/images/BTN.png

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4cb2f23b4dd842f61c29d2b2a945b40de099e624ac079bb8be2ccdc05cb96554

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 26 Dec 2021 08:43:58 GMT
x-content-type-options: nosniff
age: 368843
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2043
x-xss-protection: 0
last-modified: Wed, 16 Sep 2020 19:29:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 26 Dec 2022 08:43:58 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/16247695484408105535/html/ Frame 3313 6 KB
2 KB 41ms
40ms Document
text/html 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16247695484408105535/html/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

99cbf4cb51f4a6dce8e3b366c6d8dc2a63a18ace5e379c75c72d0b97e9c0ba04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 2320
date: Wed, 29 Dec 2021 11:20:45 GMT
expires: Thu, 29 Dec 2022 11:20:45 GMT
last-modified: Thu, 16 Sep 2021 11:43:42 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
age: 100236
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2629 0
23 B 77ms
77ms Ping
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstHpHeuxFdl4OcI4emZxyzvPqUf0J5nlHI7vB6xm204FMNGzQonK4HoShbOb7EB8nyD3pReh0aKa_xM3t2gugXmCbXckVyT0w71RMsx6A7lZl2xDCWjy3TJZtPbz4tYn0vX6opwAd5E8WOPMMj1EPa1KuYhS7CAoZe_uj8HPqnq7qG0IJHA9ebr95GL&sai=AMfl-YQOkisXIMfUAZf686WT_RrD4U22MZWyf0C3nuqLUg-KskGH-A&sig=Cg0ArKJSzCcVFUni77RkEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=326&cbvp=1&cstd=324&cisv=r20211207.86817&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 15:11:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
DATA 200
OK truncated
/ Frame EE6B 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame EE6B 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame EE6B 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bql.php Show response
lg3.media.net/ Frame EE6B 15 B
216 B 46ms
46ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&&vgd_l2type=sca&v=1&gdpr=1&geo=53.51%7C-2.18&dlper=20&lper=100&lpid=&tsid=2511&q=&prv=&type=&ps=&hint=&td=SrcTagSwitchMarketplace%257C%2540%257C&cc=GB&wsip=170785125&bca=0&ugd=4&vgd_chost=&vgd_fcic=0&vgde_setid=Nff&ksu=224&fdkt=240&kwd[]=Cost+Of+Self+Publishing+A+Book&kwt[]=240&kbc[]=35ffc2eee90c38c6a97e8feb86e63417.d2s&kwp[]=1&kid[]=214692801&kbc2[]=101%7C%7Crps%3D0.28%7C%7Cps%3D0.520%7C%7Crpc%3D0.49%7C%7Clvl%3D2.21&ktd[]=274895077632&ktrkt[]=Cost+Of+Self+Publishing+A+Book&kwd[]=Fettverbrennung+mit+Zitronensaft&kwt[]=240&kbc[]=35ffc2eee90c38c6a97e8feb86e63417.d2s&kwp[]=2&kid[]=326737318&kbc2[]=101%7C%7Crps%3D0.52%7C%7Cps%3D0.520%7C%7Crpc%3D0.15%7C%7Clvl%3D1.00&ktd[]=274895077632&ktrkt[]=Fettverbrennung+mit+Zitronensaft&kwd[]=Online+Ebooks+Library&kwt[]=240&kbc[]=35ffc2eee90c38c6a97e8feb86e63417.d2s&kwp[]=3&kid[]=133462187&kbc2[]=101%7C%7Crps%3D0.74%7C%7Cps%3D0.520%7C%7Crpc%3D0.10%7C%7Clvl%3D1.00&ktd[]=274911854848&ktrkt[]=Online+Ebooks+Library&kwd[]=So+regt+man+den+Stoffwechsel+an&kwt[]=240&kbc[]=35ffc2eee90c38c6a97e8feb86e63417.d2s&kwp[]=4&kid[]=329496854&kbc2[]=101%7C%7Crps%3D0.68%7C%7Cps%3D0.520%7C%7Crpc%3D0.22%7C%7Clvl%3D1.00&ktd[]=274895077632&ktrkt[]=So+regt+man+den+Stoffwechsel+an&kwd[]=Best+Audiobooks+of+2021&kwt[]=240&kbc[]=35ffc2eee90c38c6a97e8feb86e63417.d2s&kwp[]=5&kid[]=330155930&kbc2[]=101%7C%7Crps%3D0.15%7C%7Cps%3D0.520%7C%7Crpc%3D1.05%7C%7Clvl%3D1.00&ktd[]=274895077632&ktrkt[]=Best+Audiobooks+of+2021&kwd[]=Comic+Book+Previews&kwt[]=240&kbc[]=35ffc2eee90c38c6a97e8feb86e63417.d2s&kwp[]=6&kid[]=63746456&kbc2[]=101%7C%7Crps%3D0.93%7C%7Cps%3D0.520%7C%7Crpc%3D0.13%7C%7Clvl%3D1.00&ktd[]=274911854848&ktrkt[]=Comic+Book+Previews&cid=8CUV8TI79&vwid=1640877080224232221&vi=1640877080224232221&tdAdd[]=ib%3D0&vsid=2838786810635732000V10&kbbq=asn%3D9009%26&tdAdd[]=asnum%3D9009&vgd_l3_sc=man&vgd_hb_audit_1=8CUX271X2&vgd_hb_audit_2=684782597&vgd_katbid=-103&vgd_pdtid=1&vgd_implt=3&vgd_l2wsip=170785125&vgd_nrrv=25277&vgd_nrrmf=1c80a&vgd_nrrsf=scrr&vgd_cty=manchester&&tdAdd[]=%7C%40%7Cfsap%3D0&vgd_ifrmode=11&vgd_l1rakh=1640877080174397589&sttm=1640877081705&upk=1640877082.6049&hvsid=00001640877081705015088061444495&verid=3111299&vgd_matchstr=bcat%3D11%2Ca%2C35%2C16%2C14h%2Cg%2C2y%2Ch%2Cgo%2Ci2%2Ci5%2C3c%2Cyj%2Cod%2C7%2Chb%2Cy5%2Cmk%7Ccsh%3D1&sbdrId=99&vgd_ecrid=1700080787652500930018000000500&vgd_isiolc=1&vgd_fcm_enc_mis=1&pid=8PO82R333&&abpl=2&&vgd_vstrid=DefVid&vgde_bdata=ONvyNEoJxoBJQ7uoG~NUMkjv9~GwEv9~~Q7Ovz1~875EJvKrt~e8Q8G8j875vf~LJkMNz7v9~LM8EvWi.fAW.uHf.9~LMQNv4IZTKIr~LGmvXMA~G-M1uv9~OYYMOuv9~OYYMOfv_~OYYMOAv9~OYYMOHvu9~OYYMOXv9~OYYMOFv9~OYYMOhv9~OYYMOWv9~OYYMOiv9~OYYMOu9v9~OYYMOuAv9~OYYMOuHv9~OYYMOuXvu~OYYMOuFv9~OYYMOuhv9~OYYMOuWvX9~OYYMOuiv9~OYYMOfuvou~OYYMOffv9.99~OYYMOfAv9~OYYMOfHvX~OYYMOfXv9~OYYMOfFv999~OYYMOfhv9~OYYMOfWvf~OYYMOfiv9.F9~OYYMOA9vH~OYYMOAAv9~OYYMOAFvIK~OYYMOAhvP_%3D~OYYMOH9v9~OYYMOHfv9~OYYMOHAv9~OYYMOHHvELmO~OYYMOHXv9~OYYMOHFvD~wNv9~OYYMOXuv9~OYYMOXfv9~OYYMOXAv999~OYYMOXXv_~OYYMOXFvk1jQJ~G-MQyY7vJYE75~QyY7vJYE75~G-MLENv99u99u~G-M8z7YOv9~G-My8zQxv9~G-Mdv9~G-MLQEv9~OYYMjv9.99A~OYYMLv9.AAh~JMLEYv9.9u9~OYYMYuv9.9u9~OYYMYfv9.99H~OYYMYAvu.999~OYYMYhv9.hXu~OYYMYu9vu.999~OYYMYuuv9.WfH~OYYMYufv9.hXu~OYYMYuHvu.999~OYYMYuFv9.AAh~OYYMYfuvu.999~OYYMYfWvu.999~OYYMYA9vu.999~OYYMYAfv9.9u9~OYYMYAAvu.999~OYYMYAXvA.999~OYYMYAFvA.999~OYYMYAivfHWXu.999~OYYMYH9vfHWXu.999~OYYMYHAv9.9uW~OYYMYHHvX.999~JLEYv9.9u9~eGLvA~~G8Ov9.9u~OYYMOAivof~OYYMOXXvzxjj~G-M5GzJzevELmO~QxEEj5M71yM8Ov~e8JB1G8j875v9.FA~1YEvu~NGOEv9.9u9~OYYvw1LYmz5~QOvu~O7NvJxMGJ~-8OvKrtoExGoHXhAfAuXX9AXXffu~O1jyvOJk1xj7~Gkj1yv9~w7Yjvu~QmGEv~N7LvW.FAiWFWFu9hhuAhA4oX~GOEN1EOv9~OYYMJLEYv7LxJ~GkjLv9.9u9~myG8Ov9.9u9~1NM75EJvu~QJjjJLM71yM8Ov~1OMGjUMUJ5vfAXHfAHXXA~OJ7JN7JOM71yM8Ov~ONx7vu~OmyGv9ou~8GNvu~&vgd_optout=0&vgd_cfud=210316&vgd_scsver=113&vgd_l2ch=0&vgd_rensize=930_180&vgd_scr_h=1200&vgd_scr_w=1600&vgd_ect=4g&vgd_dtc=eu_be&vgd_mbr=1&vgd_l1rpth=%2Fnmedianet.js&vgd_pgids=1&&tdAdd[]=uiparams%3D%3Brend_w%3A930%3Brend_h%3A180&&vgd_uspa=0&vgd_sc=EN&vgd_l1rhst=contextual.media.net&hvsid=00001640877081705015088061444495&subBdr=99&bdrid=9&fp=6MgEqwVVXwgCKGLDB7HWpR1NpVlOBSENr4CDpA4gvQ948Y0jNqvx1Y2Q5FKn2Ow1yRAiyOjAU0QW6qhK13ywsGD98Dd_SLF2Ge8NiND6kwQK16V4jreaUTiRkXxF_nKAevbEoCHqMyk%3D&cme=YXNNZjM88gX99ETiWMKe-id-kvCQILQai_k4_tBVezF64WR5QgwtIiWMlHI2EaWrs09HTAQu-BTfavYTWSWpiTHUEt_xRiczzxHgz55tnU4_SvUmooZuxDysUuKieFfvypnJKCu5mYf5Orc1N3hiczkFAFcdNmMEBUkSlDaRqAMD1wBYt-4QCZM42tTCe0LT631MVi3J5XM5xooCZ6vsByui8j84QuN0%7C%7CECZQquDAdXO219s_zvdUcg%3D%3D%7CdsA6EMpZ47R6ljdz__nQtthZoUpm2bb5%7Cu8A6SM53vAeUioXYaN8gcaZw6ehJoMjP%7C5bh_8NJlDH0fEf9q3hKwQtermTd_TPyV%7CgNTUc7MBYV04UVzmztpDDQ%3D%3D%7Ca0AmFUYXmD6oTnY93fiEKmsZ-TvNN_Q28VYTzq1zq5xBD4Vt81H3nw%3D%3D%7CMhSffBRfuCOyCp4u_bjS9Q%3D%3D%7CsA9IVbGB0Eev5PZj_E8A2YHN6kc-RjGiz7h-vMxsqkY0PCCCFEcOjSBn7hm8IOCu2mMf6OvdmqmKa-qge6BW2xipmTFHxw1ba7EC9id9opaMPTUnDuZGBcnhlc1AtDbjskb2nwMhQY-z3WxGboQU0cm0RTGl--Uz2lf5Zd6AV4JM0-TQVpZY_jB34GIyOnBOf5RITERxOG-SlA85hf0_XXCGuCdFnnthRWzcL8OFl_k%3D%7C&rc=0&rand=1640877082468&acid=Yc3MFwAL6foH_YLf7gXoTQ_1&matm=1640877082468&requrl=https%3A%2F%2Fleviatanscans.com%2Fmx&vgd_ltime=1239&vgd_ltimesrc=1&vgd_l1hcsd=N6%7C8718&vgd_l1ch=1&vgd_lhl=3486&vgd_pgid=p02029186064t202112301511&vgd_csip=rtb-common-58f94576b-w2cnn.BE&vgd_sbSup=1&vgd_nrrs=25277&vgd_cntrdt=SF%7Ca50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com&oRurl=adomain%3Dhttps%253A%252F%252Ftopics.businessfocus.online%26adt1%3D8CUX271X2%26adt2%3D684782597%26bdrId%3D9%26cb%3Dwindow._mNDetails.initAd%26cc%3DGB%26chnm%3DHARMONY%26cid%3D8CUV8TI79%26cpcd%3DPo-xjRPGeMP9VYFKgTzMZA%253D%253D%26crid%3D955327425%26gdpr%3D1%26https%3D1%26katbid%3D-103%26katpre%3D1%26lw%3D1%26matchstring%3Dbcat%253D11%252Ca%252C35%252C16%252C14h%252Cg%252C2y%252Ch%252Cgo%252Ci2%252Ci5%252C3c%252Cyj%252Cod%252C7%252Chb%252Cy5%252Cmk%257Ccsh%253D1%26nb%3D1%26nse%3D5%26ntv%3D0%26pid%3D8PO82R333%26requrl%3Dhttps%253A%252F%252Fleviatanscans.com%252Fmx%26size%3D930x180%26tpid%3DTIT364X%26ugd%3D4%26vif%3D2&vgd_end=1

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Thu, 30 Dec 2021 15:11:21 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Thu, 30 Dec 2021 15:11:21 GMT

GET
H3 200 BTN_txt.png
s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/images/ Frame 9992 5 KB
5 KB 41ms
40ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/images/BTN_txt.png

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a2c297ff10d5f0f0be5781b6c8a6f0ad80a8b1f13766e5c53a710a77cc64775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 10:28:24 GMT
x-content-type-options: nosniff
age: 103377
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4775
x-xss-protection: 0
last-modified: Wed, 16 Sep 2020 19:29:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Dec 2022 10:28:24 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7701
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEP5BziN_Y1MR3srEcIH6ohs&google_cver=1&google_push=AYg5qPIpu7yq59bZwkOH1YYkFnJAYz0oV5QOTGqJ2MCXXJKsJJxge0Dtu6...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPIpu7yq59bZwkOH1YYkFnJAYz0oV5QOTGqJ2MCXXJKsJJxge0Dtu6D_HXo9ZAkM6XpGaAByl8cnUXuFgKRJhxzHXYsxiKVvZw&google_hm=KF4E...

170 B
188 B

52ms
51ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPIpu7yq59bZwkOH1YYkFnJAYz0oV5QOTGqJ2MCXXJKsJJxge0Dtu6D_HXo9ZAkM6XpGaAByl8cnUXuFgKRJhxzHXYsxiKVvZw&google_hm=KF4EeRqd5v3_yEoCkkaOZQ

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPIpu7yq59bZwkOH1YYkFnJAYz0oV5QOTGqJ2MCXXJKsJJxge0Dtu6D_HXo9ZAkM6XpGaAByl8cnUXuFgKRJhxzHXYsxiKVvZw&google_hm=KF4EeRqd5v3_yEoCkkaOZQ
pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7701
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEMp2zgTJFlyexCnJi_ec7yc&google_cver=1&google_push=AYg5qPJuGEG0T2Z9dkhETc4HMdAaAAubGGnyHvjcgh0pWbhUyCW6MrBjH2g0ao8fj6Gcit4kXOX2-S1LLRZk0nfDUsJupCeRtjSK
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPJuGEG0T2Z9dkhETc4HMdAaAAubGGnyHvjcgh0pWbhUyCW6MrBjH2g0ao8fj6Gcit4kXOX2-S1LLRZk0nfDUsJupCeRtjSK&google_hm=Q0FFU0VNcDJ6Z1RKRmx5Z...

170 B
188 B

52ms
52ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPJuGEG0T2Z9dkhETc4HMdAaAAubGGnyHvjcgh0pWbhUyCW6MrBjH2g0ao8fj6Gcit4kXOX2-S1LLRZk0nfDUsJupCeRtjSK&google_hm=Q0FFU0VNcDJ6Z1RKRmx5ZXhDbkppX2VjN3lj

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:21 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPJuGEG0T2Z9dkhETc4HMdAaAAubGGnyHvjcgh0pWbhUyCW6MrBjH2g0ao8fj6Gcit4kXOX2-S1LLRZk0nfDUsJupCeRtjSK&google_hm=Q0FFU0VNcDJ6Z1RKRmx5ZXhDbkppX2VjN3lj
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7701
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPJEayHj...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPJEayHj...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMzAxNTExMjIwMDAxNTk2OTQyMjY1Mg%3D%3D&google_push=AYg5qPJEayHjLWet8S1eYGsoeBhxccliHTT_M4qbABHaMu5Sg2ugNRYVcz23qU7_V7Nhxt...

170 B
188 B

52ms
52ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMzAxNTExMjIwMDAxNTk2OTQyMjY1Mg%3D%3D&google_push=AYg5qPJEayHjLWet8S1eYGsoeBhxccliHTT_M4qbABHaMu5Sg2ugNRYVcz23qU7_V7NhxtFiL31QOQHExWGOZEdN7mlAwmyWh6xGBQ

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMzAxNTExMjIwMDAxNTk2OTQyMjY1Mg%3D%3D&google_push=AYg5qPJEayHjLWet8S1eYGsoeBhxccliHTT_M4qbABHaMu5Sg2ugNRYVcz23qU7_V7NhxtFiL31QOQHExWGOZEdN7mlAwmyWh6xGBQ
pragma: no-cache
date: Thu, 30 Dec 2021 15:11:22 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Thu, 30 Dec 2021 15:11:22 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7701
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Z7kxJU9zTOe4iZ1Nd4AZqw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

53ms
53ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Z7kxJU9zTOe4iZ1Nd4AZqw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJnp6AlweZrrINIjGEHrWitAh-YWyDfQAwpMlBw9YHKykuegfGgdnn8oIy_5f0XKVKeVFWQM-8T5-1EhA7RqNy-eRpg0epnXQ

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Z7kxJU9zTOe4iZ1Nd4AZqw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJnp6AlweZrrINIjGEHrWitAh-YWyDfQAwpMlBw9YHKykuegfGgdnn8oIy_5f0XKVKeVFWQM-8T5-1EhA7RqNy-eRpg0epnXQ
date: Thu, 30 Dec 2021 15:11:20 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7701
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG6AX9KyDXVewxM4Bri6F4U&google_cver=1&google_push=AYg5qPJbKzkyy0iHAefE9lFXY_HAWWbtYIh6LcWrtR3gAsvOjl7jmS7-ND9IlQ-jY5Oycv6B_oy...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hUM1VKRkgtNi01OU1I&google_push=AYg5qPJbKzkyy0iHAefE9lFXY_HAWWbtYIh6LcWrtR3gAsvOjl7jmS7-ND9IlQ-jY5Oycv6B_oyajJX2ugybXg1v_NoKylx_K98v

170 B
188 B

51ms
51ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hUM1VKRkgtNi01OU1I&google_push=AYg5qPJbKzkyy0iHAefE9lFXY_HAWWbtYIh6LcWrtR3gAsvOjl7jmS7-ND9IlQ-jY5Oycv6B_oyajJX2ugybXg1v_NoKylx_K98v

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hUM1VKRkgtNi01OU1I&google_push=AYg5qPJbKzkyy0iHAefE9lFXY_HAWWbtYIh6LcWrtR3gAsvOjl7jmS7-ND9IlQ-jY5Oycv6B_oyajJX2ugybXg1v_NoKylx_K98v
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 7701
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx...

0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 7701 0
12 B 50ms
49ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JWCoBb2Bdusbk7XsOFC3lMHgl01gogodk8EkorNzx9PMpnbTm0pyID8NGukPRe7w

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:21 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame B8D7 80 KB
21 KB 44ms
43ms Script
application/javascript 2600:9000:223f:600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 18:55:08 GMT
content-encoding: gzip
age: 11477774
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 d4744f6f4cb683596fb4a26e59b2aba8.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA56-P5
content-type: application/javascript
x-amz-cf-id: xXFXz5Cp8R66CAIh7h5lNDFRSdYMP0QuLvyvhVVftLaG1BQYtpD9SA==

GET
H2 200 mon
pixel.adsafeprotected.com/ Frame 2629 43 B
216 B 40ms
40ms Image
image/gif 63.32.41.216
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=10933&advId=18517273&campId=47474512&pubId=1&chanId=705080160901&placementId=381113010&dealId=&adsafe_par&impId=ABAjH0gqnq5-HIm6J1pA9mw4fltd&bidurl=https://leviatanscans.com/mx&adsafe_url=https%3A%2F%2Fleviatanscans.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fleviatanscans.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fa50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fa50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=bd&adsafe_jsinfo=,id:34f1bb75-3292-8a15-5d4d-4102fdc42c5f,c:yieeuE,sl:na,em:true,fr:false,thd:1,mn:app28ie,rg:ie,pt:1-5-15,br:c,abv:na,an:n,oam:0,scm:publ1.grpm1,nbld:0,mtim:502,fm:sT5D0V0+11%7C12%7C13%7C14%7C15%7C16%7C171%7C181%7C19%7C1a1%7C1b1%7C1b21%7C1b3%7C1c%7C1d1%7C1e%7C1f1%7C1f2%7C1f3%7C1f4%7C1f5%7C1f6%7C1f7%7C1g11%7C1h1%7C1h2%7C1i1%7C1i2%7C1i3%7C1i4%7C1j1%7C1j2%7C1j31%7C1j4%7C1k1*.10933%7C1k11%7C1k12%7C1k13%7C1k14%7C1k15%7C1k16%7C1l%7C1m%7C1n%7C1o%7C1p%7C1q%7C1r1%7C1s%7C1t1%7C1u%7C1v1%7C1w%7C1x1%7C1y%7C1z1,idMap:1k1*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:527,oid:be9ba94c-6982-11ec-a06d-0667767c2fb7,v:19.8.273,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Requested by: Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.41.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-41-216.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
x-server-name: app19.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame 3313 236 KB
63 KB 78ms
78ms Script
text/javascript 2a02:26f0:6c00::210:ba1a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16247695484408105535/html/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:21 GMT
content-encoding: gzip
server: Apache
cache-control: max-age=900
vary: Accept-Encoding
content-type: text/javascript
x-n: S
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:26:21 GMT

GET
H3 200 index.js Show response
s0.2mdn.net/sadbundle/16247695484408105535/html/ Frame 3313 71 KB
12 KB 41ms
41ms Script
application/x-javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16247695484408105535/html/index.js?1631019968336

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16247695484408105535/html/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6115155cc5d175a4c02ce2ac6afa143245f00dc02bfb2a0d48049d424bdd1c40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16247695484408105535/html/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 11:40:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12666
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12767
x-xss-protection: 0
last-modified: Thu, 16 Sep 2021 11:43:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Dec 2022 11:40:15 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2629 43 B
215 B 179ms
179ms Image
image/gif 54.218.141.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=829650&asId=7f758203-ffa9-0c64-25fb-f0ff712c7c9e&tv=%7Bc:yieevn,pingTime:-2.1,time:1123,type:a,clog:%5B%7Bpiv:0,vs:o,r:r,w:320,h:50,t:31%7D,%7Bpiv:100,vs:i,r:,t:746%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:377,o:746,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:31,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B739~0%5D,as:%5B739~320.50%5D%7D%7D,%7Bsl:i,t:746,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B377~100%5D,as:%5B377~320.50%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:307,fm:sT5D0M6+11%7C12%7C13%7C14%7C15%7C16%7C171%7C181%7C19%7C1a1%7C1b1%7C1b21%7C1b3%7C1c%7C1d1%7C1e%7C1f1%7C1f2%7C1f3%7C1f4%7C1f5%7C1f6%7C1g11%7C1h1%7C1h2%7C1i%7C1j1%7C1j2%7C1k1*.829650-57301876%7C1k11%7C1k12%7C1l%7C1m%7C1n%7C1o%7C1p,idMap:1k1.34f1bb75-3292-8a15-5d4d-4102fdc42c5f.54_10933%7C1k1*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:1,renddet:DIV.qs.sn,sinceFw:69,readyFired:false%7D&br=c
Requested by: Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.141.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-141-220.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
x-server-name: dt04.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2629 43 B
215 B 180ms
179ms Image
image/gif 54.218.141.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=34f1bb75-3292-8a15-5d4d-4102fdc42c5f&tv=%7Bc:yieevA,pingTime:-3,time:584,type:v,clog:%5B%7Bpiv:-1,vs:n,r:,w:320,h:50,t:526%7D,%7Bpiv:0,vs:o,r:l,t:582%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:584,n:582,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:526,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B78~1,0~0%5D,as:%5B78~320.50%5D%7D%7D,%7Bsl:o,t:582,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1~0%5D,as:%5B1~320.50%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:sT5D0V0+11%7C12%7C13%7C14%7C15%7C16%7C171%7C181%7C19%7C1a1%7C1b1%7C1b21%7C1b3%7C1c%7C1d1%7C1e%7C1f1%7C1f2%7C1f3%7C1f4%7C1f5%7C1f6%7C1f7%7C1g11%7C1h1%7C1h2%7C1i1%7C1i2%7C1i3%7C1i4%7C1j1%7C1j2%7C1j31%7C1j4%7C1k1*.10933%7C1k11%7C1k12%7C1k13%7C1k14%7C1k15%7C1k16%7C1l%7C1m%7C1n%7C1o%7C1p%7C1q%7C1r1%7C1s%7C1t1%7C1u%7C1v1%7C1w%7C1x1%7C1y%7C1z1,idMap:1k1*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.141.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-141-220.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
x-server-name: dt08.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2629 43 B
215 B 180ms
180ms Image
image/gif 54.218.141.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=34f1bb75-3292-8a15-5d4d-4102fdc42c5f&tv=%7Bc:yieevB,pingTime:-6,time:585,type:i,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:585,n:582,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:526,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B78~1,0~0%5D,as:%5B78~320.50%5D%7D%7D,%7Bsl:o,t:582,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B3~0%5D,as:%5B3~320.50%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:sT5D0V0+11%7C12%7C13%7C14%7C15%7C16%7C171%7C181%7C19%7C1a1%7C1b1%7C1b21%7C1b3%7C1c%7C1d1%7C1e%7C1f1%7C1f2%7C1f3%7C1f4%7C1f5%7C1f6%7C1f7%7C1g11%7C1h1%7C1h2%7C1i1%7C1i2%7C1i3%7C1i4%7C1j1%7C1j2%7C1j31%7C1j4%7C1k1*.10933%7C1k11%7C1k12%7C1k13%7C1k14%7C1k15%7C1k16%7C1l%7C1m%7C1n%7C1o%7C1p%7C1q%7C1r1%7C1s%7C1t1%7C1u%7C1v1%7C1w%7C1x1%7C1y%7C1z1,idMap:1k1*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&tpiLookup=ao:leviatanscans.com*%2Ca50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com*&br=c
Requested by: Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.141.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-141-220.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:21 GMT
x-server-name: dt11.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 card.png
s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/images/ Frame 9992 10 KB
10 KB 40ms
40ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/images/card.png

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e23686b9b7141b46d74c4423b7ecc93551cf211e5aa816a1f39be7ac86377a2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 22:39:17 GMT
x-content-type-options: nosniff
age: 145924
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9789
x-xss-protection: 0
last-modified: Wed, 16 Sep 2020 19:29:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Dec 2022 22:39:17 GMT

GET
H3 200 f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js Show response
pagead2.googlesyndication.com/bg/ Frame B03D 35 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 14:41:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 88203
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13559
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 29 Dec 2022 14:41:18 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2629 43 B
215 B 181ms
180ms Image
image/gif 54.218.141.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=34f1bb75-3292-8a15-5d4d-4102fdc42c5f&tv=%7Bc:yieewc,pingTime:-2,time:623,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:820,beZ:822,mfA:1322,cmA:1324,inA:1324,inZ:1328,prA:1328,prZ:1339,si:1347,poA:1348,poZ:1365,cmZ:1365,mfZ:1365,loA:1405,loZ:1409,ltA:1442,ltZ:1442,idA:1365,idZ:1406%7D%7D,sca:%7Bdfp:%7Bdf:3,sz:320.50,dom:div%7D%7D,env:%7Bgca:false,cca:true,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:320,h:50,t:526%7D,%7Bpiv:0,vs:o,r:l,t:582%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:623,n:582,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:526,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B78~1,0~0%5D,as:%5B78~320.50%5D%7D%7D,%7Bsl:o,t:582,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B40~0%5D,as:%5B40~320.50%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:sT5D0M6+11%7C12%7C13%7C14%7C15%7C16%7C171%7C181%7C19%7C1a1%7C1b1%7C1b21%7C1b3%7C1c%7C1d1%7C1e%7C1f1%7C1f2%7C1f3%7C1f4%7C1f5%7C1f6%7C1f7%7C1g11%7C1h1%7C1h2%7C1i1%7C1i2%7C1i3%7C1i4%7C1j1%7C1j2%7C1j31%7C1j4%7C1k1*.10933%7C1k11%7C1k12%7C1k13%7C1k14%7C1k15%7C1k16%7C1l%7C1m%7C1n%7C1o%7C1p%7C1q%7C1r1%7C1s%7C1t1%7C1u%7C1v1%7C1w%7C1x1%7C1y%7C1z1,idMap:1k1.7f758203-ffa9-0c64-25fb-f0ff712c7c9e.33_829650-57301876%7C1k1*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:1,renddet:DIV.qs.sn,sinceFw:94,readyFired:true%7D&br=c
Requested by: Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.141.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-141-220.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:22 GMT
x-server-name: dt20.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2629 43 B
215 B 180ms
180ms Image
image/gif 54.218.141.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=34f1bb75-3292-8a15-5d4d-4102fdc42c5f&tv=%7Bc:yieewl,pingTime:0,time:631,type:pf,clog:%5B%7Bpiv:-1,vs:n,r:,w:320,h:50,t:526%7D,%7Bpiv:0,vs:o,r:l,t:582%7D,%7Bpiv:100,vs:i,r:,t:631%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:631,n:582,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:526,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B78~1,0~0%5D,as:%5B78~320.50%5D%7D%7D,%7Bsl:o,t:582,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B48~0%5D,as:%5B48~320.50%5D%7D%7D,%7Bsl:i,t:631,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B0~100%5D,as:%5B0~320.50%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:0,fm:sT5D0M6+11%7C12%7C13%7C14%7C15%7C16%7C171%7C181%7C19%7C1a1%7C1b1%7C1b21%7C1b3%7C1c%7C1d1%7C1e%7C1f1%7C1f2%7C1f3%7C1f4%7C1f5%7C1f6%7C1f7%7C1g11%7C1h1%7C1h2%7C1i1%7C1i2%7C1i3%7C1i4%7C1j1%7C1j2%7C1j31%7C1j4%7C1k1*.10933%7C1k11%7C1k12%7C1k13%7C1k14%7C1k15%7C1k16%7C1l%7C1m%7C1n%7C1o%7C1p%7C1q%7C1r1%7C1s%7C1t1%7C1u%7C1v1%7C1w%7C1x1%7C1y%7C1z1,idMap:1k1.7f758203-ffa9-0c64-25fb-f0ff712c7c9e.33_829650-57301876%7C1k1*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.141.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-141-220.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:22 GMT
x-server-name: dt07.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9370 0
25 B 75ms
75ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BLZFgGMzNYdLSIOmF7_UPuua96AIAAAAAOAHgBAI&bg=!KimlKW3NAAZKWFskSlg7ACkAdvg8WkOwwCmYyZ1XNwvsCNDs47lRfrEkdtvGEfiviwpn-1dpmlGBFAIAAAMKUgAAAE5oAQeZA19lYcdswGiaRPmTxsB-EbIJIAVSkGRNS64HmI_iZcqYq_7KEXzOrARyAl-P642EHW7neZXydbDAv6sovTz0_JS-yOgsOTlNv1RkBaKaDfG59TC_nbThk7xNjSYpVtTE9PXh8ybSPwxt5ZlrnQVg5bKOmQ2IAmag6wA7XEMWVTOTbfzYt7SHnH6j3QC-zhkB7nyDola3MeWSiLVuC9lij-3Fo65uYbOaLLmzku1w8C9VEdAIP-EGVByipqEfluz9MCLXm8bkotfHY-fr2K1mPYMTjBcPk29VdX1VURWSyPRl_Ill8nP4qpC0zKeDNDyL2nYs2sJC1e55H4tBFyvQ8QDdJZeKs7HePOIikOdBDyPdzKPMadQQiMHBn7yYuWDBiPcwTOqzHvyMOMysjwBIUUz5QO9bch6sHewqfYOyz2qhtEKvHb2Ixg2dm89bIkXJ1318St4d_pK7aprkAbTTyJzYD0epb8p9nMxh3Wlv0qzmqdNtmyCeN72tEG8VTBePE_UuJjKVXgc-Tp5eKfphGG-lECmakQWT1McEOoczBS92iuVIbcoq9Uy2PwOEOU1SAlk6e20oojK8I6Z6VrnzXclDN3JmZcfwie6QdvWkT8563zeCtCPwkZ_dvU2fu3xSElTpG8IVRWlne_qTZScxna7Nf5lao6oYdIQOrti-w9vOunlbJG_TGYZ3j19KmmIFvd9yxRhWS4vXi93SOoBJre9C8wjYuNM-6GQGS22oTR1L9xd0Bj1IleUveL7BbopZNYhJxvwVFQ5GqYB3df8YUAHGzPLMtsJx8bc3xfqVMbc3QGtrr5LZkAZsxrX9gClySg8S6JpMDo3f4iZvlIGKUbi_9QQk21_Th7zwm0Ms6_JL9fZJcCo8FqTk2QUwdOLFqPoPuQ8PKidq5Shcc2N7pLcmgt_kb27rCmxmA5pfk4bvn8-xBdZEw6xNzaucdcaZsjCEPc-EQwG2wZnQJyuAwoXMkLCM7n2vVpQXFG_0T3Aa4WlACku41FIJeLxN_EGYKh0pt-TflH7_mNa8J7hz1bzfuwSvjUN2CL4D7LJMxq_nurNj_R8CvmmjYBFCqUTSn6Ez5qGXHl3X-1Ng4JYIVIkHWHE-m4wjfjyQArIXkAzLFT45B2KaSE4T173NNpE-Bw

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 bande_Orange.png
s0.2mdn.net/sadbundle/16247695484408105535/html/ Frame 3313 1 KB
1 KB 40ms
40ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16247695484408105535/html/bande_Orange.png?1631019968287

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b2d20e05ab9c873e8b3df7c80ca5d82cf0c5d0e3f6f3af744010967f3d4a52d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16247695484408105535/html/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 09:40:42 GMT
x-content-type-options: nosniff
age: 192640
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1191
x-xss-protection: 0
last-modified: Thu, 16 Sep 2021 11:43:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Dec 2022 09:40:42 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2629 0
23 B 76ms
76ms Ping
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstHpHeuxFdl4OcI4emZxyzvPqUf0J5nlHI7vB6xm204FMNGzQonK4HoShbOb7EB8nyD3pReh0aKa_xM3t2gugXmCbXckVyT0w71RMsx6A7lZl2xDCWjy3TJZtPbz4tYn0vX6opwAd5E8WOPMMj1EPa1KuYhS7CAoZe_uj8HPqnq7qG0IJHA9ebr95GL&sai=AMfl-YQOkisXIMfUAZf686WT_RrD4U22MZWyf0C3nuqLUg-KskGH-A&sig=Cg0ArKJSzCcVFUni77RkEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=732&vt=11&dtpt=406&dett=3&cstd=324&cisv=r20211207.86817&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 15:11:22 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 footer.png
s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/images/ Frame 9992 2 KB
2 KB 41ms
41ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/images/footer.png

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae058fc90cb1e6c5d92156d35d04a3b113efde3e8d7d851287968c33271d123b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 19:24:16 GMT
x-content-type-options: nosniff
age: 157626
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1912
x-xss-protection: 0
last-modified: Wed, 16 Sep 2020 19:29:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Dec 2022 19:24:16 GMT

GET
H3 200 Bg1.jpg
s0.2mdn.net/sadbundle/16247695484408105535/html/ Frame 3313 5 KB
5 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16247695484408105535/html/Bg1.jpg?1631019968287

Requested by

Host: a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
URL: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2160563b906e020e4eaa4d66362de20fab097fecac3b399cde52fdfec052e72a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16247695484408105535/html/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 16:50:43 GMT
x-content-type-options: nosniff
age: 512439
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5074
x-xss-protection: 0
last-modified: Thu, 16 Sep 2021 11:43:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 24 Dec 2022 16:50:43 GMT

GET
H3 200 jaina.png
s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/images/ Frame 9992 62 KB
62 KB 41ms
41ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/images/jaina.png

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3adf8de3981a42b01865bc7c8ac3fee4313ca430ae3995af67a951ada8ad971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 26 Dec 2021 08:43:58 GMT
x-content-type-options: nosniff
age: 368844
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 63284
x-xss-protection: 0
last-modified: Wed, 16 Sep 2020 19:29:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 26 Dec 2022 08:43:58 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9C3C 0
25 B 76ms
76ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BpZFLGMzNYfeaIdO8lQeDkojICwAAAAA4AeAEAg&bg=!q6ilqOzNAAZKWFskSlg7ACkAdvg8Wi23J7xApDN3-ALq-HRmBa1pvQpI9mhZ_nb2R8Bm9SIm5GIecQIAAANeUgAAAVVoAQcKAFh43elxsRszuMxOVCcFicdu_Gz0yxy2G5hNp8IFUWCk9ZG0OKaf5joiall2K_ovJGJMmVsU6V6qJD70GYQNAUlTQJ2RiSvKjama-UkfSzih55BudWDDif5nmQMcuO7j7YbkB1L3P6iG1uwJjGL00l8wsiqIS16dekxjrqGTRIyvViBrsmbS_AolAQnS6gYlV6fkWkFmxpNVJOJjlE3w8OnnHpXw8v-xA_kIvA6NBlDcj42dLm34HebwgfE9V1-R7oCLg3O4TlU0IPmKym8cpkK_gIfvqQltd_jU3y3tvkhJZmQvEoZX8OXUU0izP_x52nK1WzluCse8_PeiiDHNoxPt5uB2VcXxG_IW9mhb1X8XVWhzCVxHT2lies9tht2dqsQU23F0bkR2ZexeKlz4Y0kYpB8neM2XBkXJoOKf5jQK1k-Hy8InZtjPyJrfap9Y9jfqFZesWVB0cLD3wF4Uu7FhxtYXgPUFut72zhTQWEst1gUoB_s8H_OmXtUW63fXafPX32fpJb5HgqwDDz6k0kv4P1Zs3pX4wr3jx0HpSm5OIG0gC8jvp8v-eHyweNGcAOTsUufVsJheUZ3lZ-NeFU7B7L9VIYnXHekzOL3j0Y4KucmtoAfPhtdniEkHBMKseYA0eA20FTrxyY8SeLyTLhxxJ2SHsEctRnVFF-ETmCd0cvhg1fkYR-JeDjHxc3NFeITfLsIfP56siqWGXss_UQXvfluvu9BcdYnckAnG7KK704g-2dn7n327fqdOANgWSpt3UkfFRjQXwTduoilSk3qQTEEBDYjSKgIkINyGxB5SHoERZd4JeGAnJskuphpgriXw3q-0NXT9z-uzgpQdgeFNngyxOBUz8j1DmuJsBx5MKRxgi7l9ZD5kMvoPfq7sZxKk6VnW8RbGGjQFlstz2vzGx62Ux_u-p_GQIH0MJsEP0JpWc7kTZM8XOKVks2OPxW00kQx0ibP28BTQWZWEEq7SVFvMrxxOt-40y4kzne4NyNEM8H6ME-oab97QEgx6NnEcOFqXBNkvG47KH0WOdesUhEAlOkdRnvyudMr8uwVFlVLVx-gCzyr0BaRxnD_sFBLWAXH6B_hT7S6K1_4Novvc5y8YPofKPlX-3tzmkHs6SCzGYTIjYvT51jUKIJN5nqc8bKsgfoWL0LXS6A5u_s3QRRJUKPY6dQ

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2629 43 B
215 B 180ms
179ms Image
image/gif 54.218.141.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=34f1bb75-3292-8a15-5d4d-4102fdc42c5f&tv=%7Bc:yieeE5,pingTime:-10,time:1111,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Ni4wLjQ2NjQuOTMgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1640877083229%7C%7C6a4db8c733424602e1609b291c004756%7C%7Ca2fdad25d911a8a4b39828759d282361%7C%7C88b2761e656f49b11b15db25b81507cc%7C%7C9ab74110c4ae289e6ab5962a93cad3d0%7C%7C5d54b1c79a1681ddbd69a1e50f673d9d%7C%7C4648aeee206d7813b7e0f84cee3155f0%7C%7C85b4d44efc1c1c7a0fed94c0ddc865a3%7C%7C1629390669,env:%7Bccd:%7Bversion:1,uspString:1---%7D%7D%7D
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.141.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-141-220.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:22 GMT
x-server-name: dt19.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 7814 27 KB
7 KB 340ms
325ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21735472908%2Faplvideoandrea%2Faniplay_150&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3276137461281484&sdkv=h.3.493.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&adk=90930543&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=8EEA2BF3-3440-4C3B-A8F1-12A34BB6827A&nel=1&eid=44750604%2C44750824&url=https%3A%2F%2Fleviatanscans.com%2Fmx&dt=1640877083240&cookie=ID%3Dc64806832bcc985c%3AT%3D1640877078%3AS%3DALNI_MZZFj4-s4jS19hlZIjfy_lD2iPPxA&scor=3134888244985408&ged=ve4_td3_tt1_pd3_la3000_er870.1190.1026.1490_vi0.0.1200.1600_vp100_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

90b7cbfb57ddecb443fed08c1516d4af8424e91e739f823e8db6bb914292cbae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6769
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2629 42 B
64 B 79ms
79ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuAW-Ve18cOBhmewTPzf6EeDnZySJl46DiyXJQqcjiX0wLI8Ojr6j5VjBSTDn_uz7cxnbVnzBDdVBXIDA8A5Z9I6_v8LflKHPmMRQQ8Er5aeug4tI83OQ&sai=AMfl-YS51qZcucMei2pGyjWMXu3u9P-xxjBcMXYZ4Iqz-eVG1W5nq_lHuIxS9vWSW6Gzdwa9BRMaY7FaouHjweqMZ8Q03ike3Zik5_PAAZ1sovUVEDfgtmOWqBzlt9ab&sig=Cg0ArKJSzIyQ51-NKgpNEAE&cid=CAASEuRo14ejpJQF4sZENfKyl-O5YA&id=lidar2&mcvt=1048&p=1100,640,1150,960&mtos=746,1048,1048,1048,1048&tos=746,302,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2691573345&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1640877081299&rpt=837&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 4621 27 KB
7 KB 329ms
322ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21735472908%2Faplvideoandrea%2Faniplay_075&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3295327524886412&sdkv=h.3.493.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&adk=4274859614&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=8EEA2BF3-3440-4C3B-A8F1-12A34BB6827A&nel=1&eid=44750604%2C44750824&url=https%3A%2F%2Fleviatanscans.com%2Fmx&dt=1640877083248&cookie=ID%3Dc64806832bcc985c%3AT%3D1640877078%3AS%3DALNI_MZZFj4-s4jS19hlZIjfy_lD2iPPxA&scor=4356590608291078&ged=ve4_td3_tt1_pd3_la3000_er870.1190.1026.1490_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

9046bf71adf64d44931bd84e86c313417548845d7c1ed53b93ea01549612466b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6765
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 63C2 27 KB
7 KB 290ms
289ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21735472908%2Faplvideoandrea%2Faniplay_050&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=986957063119412&sdkv=h.3.493.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&adk=80615113&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=8EEA2BF3-3440-4C3B-A8F1-12A34BB6827A&nel=1&eid=44750604%2C44750824&url=https%3A%2F%2Fleviatanscans.com%2Fmx&dt=1640877083255&cookie=ID%3Dc64806832bcc985c%3AT%3D1640877078%3AS%3DALNI_MZZFj4-s4jS19hlZIjfy_lD2iPPxA&scor=2080996910081204&ged=ve4_td3_tt1_pd3_la3000_er870.1190.1026.1490_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

cf796b5dd480c6cf942cc053c0cdf04d3ef463461760d7a7d7541545f40a2f08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6764
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame DC7E 27 KB
7 KB 307ms
307ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21735472908%2Faplvideoandrea%2Faniplay_100&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3708651422830409&sdkv=h.3.493.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&adk=780360704&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=8EEA2BF3-3440-4C3B-A8F1-12A34BB6827A&nel=1&eid=44750604%2C44750824&url=https%3A%2F%2Fleviatanscans.com%2Fmx&dt=1640877083266&cookie=ID%3Dc64806832bcc985c%3AT%3D1640877078%3AS%3DALNI_MZZFj4-s4jS19hlZIjfy_lD2iPPxA&scor=3957387831811532&ged=ve4_td3_tt1_pd3_la3000_er870.1190.1026.1490_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e5964a20f910f2fefc6a59d8111ea8335fe00df2a0959eb5cb8240116f25328f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6739
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame B4FF 156 B
236 B 286ms
285ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21735472908%2Faplvideoandrea%2Faniplay_130&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3138452905605756&sdkv=h.3.493.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&adk=1374902212&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=8EEA2BF3-3440-4C3B-A8F1-12A34BB6827A&nel=1&eid=44750604%2C44750824&url=https%3A%2F%2Fleviatanscans.com%2Fmx&dt=1640877083275&cookie=ID%3Dc64806832bcc985c%3AT%3D1640877078%3AS%3DALNI_MZZFj4-s4jS19hlZIjfy_lD2iPPxA&scor=1103047011432893&ged=ve4_td3_tt1_pd3_la3000_er870.1190.1026.1490_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:22 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Image1.png
s0.2mdn.net/sadbundle/16247695484408105535/html/ Frame 3313 3 KB
3 KB 40ms
40ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16247695484408105535/html/Image1.png?1631019968287

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12247ef1042523a1d64768be7b7aebdb3938b5d2a8342a6d94fa2eb1d4acbbc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16247695484408105535/html/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 09:40:42 GMT
x-content-type-options: nosniff
age: 192640
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2795
x-xss-protection: 0
last-modified: Thu, 16 Sep 2021 11:43:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Dec 2022 09:40:42 GMT

GET
H3 200 logo.png
s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/images/ Frame 9992 10 KB
10 KB 41ms
41ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/images/logo.png

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26ddf54ed28a5a8527cd6349c747145b0b229115476ea2d113995c05c8580216

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 26 Dec 2021 08:43:58 GMT
x-content-type-options: nosniff
age: 368844
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10193
x-xss-protection: 0
last-modified: Wed, 16 Sep 2020 19:29:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 26 Dec 2022 08:43:58 GMT

GET
H3 200 Image2.jpg
s0.2mdn.net/sadbundle/16247695484408105535/html/ Frame 3313 5 KB
5 KB 41ms
40ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16247695484408105535/html/Image2.jpg?1631019968287

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f34ac5b7825c44b1b412bd88a5f8c0eefc44c20f58fe68b8cd5255289a57aca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16247695484408105535/html/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 11:20:46 GMT
x-content-type-options: nosniff
age: 100236
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5244
x-xss-protection: 0
last-modified: Thu, 16 Sep 2021 11:43:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Dec 2022 11:20:46 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2629 43 B
215 B 183ms
182ms Image
image/gif 54.218.141.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=829650&asId=7f758203-ffa9-0c64-25fb-f0ff712c7c9e&tv=%7Bc:yieeG3,pingTime:1,time:1785,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:320,h:50,t:31%7D,%7Bpiv:100,vs:i,r:,t:746%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1039,o:746,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:31,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B739~0%5D,as:%5B739~320.50%5D%7D%7D,%7Bsl:i,t:746,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1039~100%5D,as:%5B1039~320.50%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:502,fm:sT5D0M6+11%7C12%7C13%7C14%7C15%7C16%7C171%7C181%7C19%7C1a1%7C1b1%7C1b21%7C1b3%7C1c%7C1d1%7C1e%7C1f1%7C1f2%7C1f3%7C1f4%7C1f5%7C1f6%7C1g11%7C1h1%7C1h2%7C1i%7C1j1%7C1j2%7C1k1*.829650-57301876%7C1k11%7C1k12%7C1l%7C1m%7C1n%7C1o%7C1p,idMap:1k1.34f1bb75-3292-8a15-5d4d-4102fdc42c5f.54_10933%7C1k1*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.141.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-141-220.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:22 GMT
x-server-name: dt10.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2629 43 B
215 B 182ms
182ms Image
image/gif 54.218.141.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=829650&asId=7f758203-ffa9-0c64-25fb-f0ff712c7c9e&tv=%7Bc:yieeG3,pingTime:1,time:1785,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:320,h:50,t:31%7D,%7Bpiv:100,vs:i,r:,t:746%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1039,o:746,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:31,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B739~0%5D,as:%5B739~320.50%5D%7D%7D,%7Bsl:i,t:746,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1040~100%5D,as:%5B1040~320.50%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:502,fm:sT5D0M6+11%7C12%7C13%7C14%7C15%7C16%7C171%7C181%7C19%7C1a1%7C1b1%7C1b21%7C1b3%7C1c%7C1d1%7C1e%7C1f1%7C1f2%7C1f3%7C1f4%7C1f5%7C1f6%7C1g11%7C1h1%7C1h2%7C1i%7C1j1%7C1j2%7C1k1*.829650-57301876%7C1k11%7C1k12%7C1l%7C1m%7C1n%7C1o%7C1p,idMap:1k1.34f1bb75-3292-8a15-5d4d-4102fdc42c5f.54_10933%7C1k1*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.141.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-141-220.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:22 GMT
x-server-name: dt04.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 particle.png
s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/images/ Frame 9992 230 B
257 B 40ms
40ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/images/particle.png

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e310680af72d7e7b621a632e487dc61eb280a245446e8ef815187a2952e828d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 26 Dec 2021 08:43:58 GMT
x-content-type-options: nosniff
age: 368844
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 230
x-xss-protection: 0
last-modified: Wed, 16 Sep 2020 19:29:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 26 Dec 2022 08:43:58 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B03D 0
25 B 75ms
75ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B5W9fGczNYfHmA--V7_UP7vStoAoAAAAAOAHgBAI&bg=!aWqlai7NAAZKWFskSlg7ACkAdvg8Wm9eRYlM6DD4WJ6uuMhuYai6xloEBO3jaMYM576GZFmy_Es2QgIAAADeUgAAAAloAQeZA1-mivUZ59gCHkBWpPZhPftceP7x3gUv3C1yDxc7J9SUJa9VogBKCdnCdZSXPJC9gh3bl8tks-n0sDWIaDFQy4PkkNy78zXdzO4sCbp6mCh5j8bEURyZSmo5GRnwbOEV2RuVAqp3_iBXfeyyPxGRxYIR9b86G-nrwXyZuanXnmdR7P8-T20w3QDB51kq3AJz2KWCvcR9mQJroc65_ciMmuHD98MN18pzR0c_A9rLu1B3F-NNVNFAQm4puEIWiuiYzBNoX8-SCyc27dxweus55rJhDbJmrURpwXlYmoXazFi3UWUsrC_CEesmbrHppZnAvcKq1olk-0TMWOGyhRGNkN0w1-LA05WQomK1BapnzfFUHpW-zGeuCZ70N9x2jQEwBvddR77vmrymU3zkFplGWrQVojxJOvhdyFGZrdM0EysKntfLZpqbeYAA5owRgt9JmdkTR8dxFdhlAyUSY7FsSXR1TG7WW54akKyf6KJS3P5-HYh3nXJYubzXZh77ynAe6YzBae_Pkh88UUqOoSdZjWvV0tGNjPAThZ2fs9o5LpyBYGB4fxfDQVupFA4eOufdQvfZmYPOJiUuMjTczY3bYOaV55p1dUZAH29JjAliLDYrmwImrp5fYmLvBfBrJnreY27gGORKScukZrAJsRlN2nd-HZPuCJJ0jIgyGYKb7dK1bIpNyhfCQPZAv8f6CbCNhrhcmVEy0Qr0LqiCAgf0v9Zlu4hxHTnpYZSeHhScNyyI5VpaairrftRADQC-sThdBMztYM0kMLyNrZOVYCSv6dCvjLp-lpMfJ7IofthjSGYUBKiHOxMyrAJMJog4Ky10Re0Oz5xPcSikYxZLEbDOGwaVf2g_L4yxofOYnBm7xFmNEuVRF3pdO3LeXSAlvSZIhxzDfCUhS8s0O7d5tWh71QXUyV-wlejsz9nRY4Cst8viAZ4-mLJTk9x-L5-veBQ0viic0onVEpgs3fod6Lr94-Bb4EqqC5f3-t2U4MyXaNwSV4bLQHFLUYws2OUIKbs5lr7Uja-CZwdb1RbRk8D38gNaxzdYXcbaLCt2qStHoSf4dvbKKX7CQivQGA_lIDXsCufMiHeabF9ym4tK8PZ7KxKX2WfzFbGdK0MtaBsdLlN9-dIpTFtN0iGxJSrz2c1Upw

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 image3.png
s0.2mdn.net/sadbundle/16247695484408105535/html/ Frame 3313 3 KB
3 KB 40ms
40ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16247695484408105535/html/image3.png?1631019968287

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a739a22d434b6cdfb9d0909c547114cd34975b38ed0cef24a20940517f624fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16247695484408105535/html/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 07:52:21 GMT
x-content-type-options: nosniff
age: 199141
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2950
x-xss-protection: 0
last-modified: Thu, 16 Sep 2021 11:43:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Dec 2022 07:52:21 GMT

GET
H3 200 txt1.png
s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/images/ Frame 9992 4 KB
4 KB 41ms
40ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/images/txt1.png

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d5ef519b6fbcee933f3ef02d2e8357b9875a9bd43d61f69fd8b1ab6ee277a23a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 26 Dec 2021 08:43:58 GMT
x-content-type-options: nosniff
age: 368844
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3651
x-xss-protection: 0
last-modified: Wed, 16 Sep 2020 19:29:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 26 Dec 2022 08:43:58 GMT

GET
H3 200 image_tv_4.png
s0.2mdn.net/sadbundle/16247695484408105535/html/ Frame 3313 3 KB
3 KB 40ms
40ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16247695484408105535/html/image_tv_4.png?1631019968287

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a98dfaad4d425c099473a666b3f633ddf5e22d68d3850a9fa5d8111aac563a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16247695484408105535/html/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 11:20:46 GMT
x-content-type-options: nosniff
age: 100236
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3355
x-xss-protection: 0
last-modified: Thu, 16 Sep 2021 11:43:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Dec 2022 11:20:46 GMT

GET
H3 200 txt2.png
s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/images/ Frame 9992 4 KB
4 KB 41ms
40ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/images/txt2.png

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e55e7d86f39ea5a73a5762be97a78bd26fad40b5e1d9318816d646109a9f71ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8778443432040713762/HEARTHSTONE_Q2_DISPLAY_EN_THRALL_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 26 Dec 2021 08:43:58 GMT
x-content-type-options: nosniff
age: 368844
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3963
x-xss-protection: 0
last-modified: Wed, 16 Sep 2020 19:29:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 26 Dec 2022 08:43:58 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 418ms
55ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fleviatanscans.com%2F&domain=leviatanscans.com&cw=1&pbt=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://leviatanscans.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: https://leviatanscans.com
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1471
date: Thu, 30 Dec 2021 15:11:22 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fleviatanscans.com%2F&domain=leviatanscans.com&cw=1&pbt=1&lsw=1
https://mug.criteo.com/sid?cpp=4HRXsHxqY3BRTjJyWVd1Ti9jaExBM2N4WTBFUTg0cnhDQWdmdVJVN0pPRURvWC8wajZKZmdOZGg1b2VOdE9UcHB6NmtOaU4yZm14SEFLM1huTlF0NFVuMGlQazV3MG1JS3U3U1VscWJna2tLdytVQzRnSkY4dzQrSUxKUk...

344 B
614 B

117ms
40ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=4HRXsHxqY3BRTjJyWVd1Ti9jaExBM2N4WTBFUTg0cnhDQWdmdVJVN0pPRURvWC8wajZKZmdOZGg1b2VOdE9UcHB6NmtOaU4yZm14SEFLM1huTlF0NFVuMGlQazV3MG1JS3U3U1VscWJna2tLdytVQzRnSkY4dzQrSUxKUkUvN2ZxbHNmQXhsZ1BNUXNjamxubWV6bnRJaUpLd0VFVnArd3VkdjlQVzVwYjVYMFZHN0pTT2VKSUxkbUUrbEVZa1hHemZIdmdvemx0Z1V1QWFHTHhvamw2MUVtb1lMcVczM0tpRDl6QU9rTUJXcFRjbHR3PXw&cppv=2

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

5309992180d2462e7a6cf662f5fb330483f2adbffa27d1fba682ea97b56357d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:22 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2098
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:22 GMT
location: https://mug.criteo.com/sid?cpp=4HRXsHxqY3BRTjJyWVd1Ti9jaExBM2N4WTBFUTg0cnhDQWdmdVJVN0pPRURvWC8wajZKZmdOZGg1b2VOdE9UcHB6NmtOaU4yZm14SEFLM1huTlF0NFVuMGlQazV3MG1JS3U3U1VscWJna2tLdytVQzRnSkY4dzQrSUxKUkUvN2ZxbHNmQXhsZ1BNUXNjamxubWV6bnRJaUpLd0VFVnArd3VkdjlQVzVwYjVYMFZHN0pTT2VKSUxkbUUrbEVZa1hHemZIdmdvemx0Z1V1QWFHTHhvamw2MUVtb1lMcVczM0tpRDl6QU9rTUJXcFRjbHR3PXw&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://leviatanscans.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1754
content-length: 482
expires: 0

POST
H/1.1 200 692.json Show response
id5-sync.com/g/v2/ 213 B
535 B 181ms
45ms XHR
application/json 51.89.21.30
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/692.json

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/455799/hb_313926_10240.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.21.30 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

p25.id5-sync.com

Software

Resource Hash

94bd084a74a70d450f4de9d54813a586e05797456b2dc21f60fe6e89960132e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://leviatanscans.com
Date: Thu, 30 Dec 2021 15:11:22 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H3 200 PRIX_50.png
s0.2mdn.net/sadbundle/16247695484408105535/html/ Frame 3313 3 KB
3 KB 42ms
42ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16247695484408105535/html/PRIX_50.png?1631019968287

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cb523f61842a97dcebd2366b0efb68d206fcd4d530879c45dded29790decfdd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16247695484408105535/html/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 11:20:46 GMT
x-content-type-options: nosniff
age: 100236
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2867
x-xss-protection: 0
last-modified: Thu, 16 Sep 2021 11:43:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Dec 2022 11:20:46 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2629 43 B
215 B 181ms
180ms Image
image/gif 54.218.141.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=34f1bb75-3292-8a15-5d4d-4102fdc42c5f&tv=%7Bc:yieeOn,pingTime:1,time:1749,type:p,clog:%5B%7Bpiv:-1,vs:n,r:,w:320,h:50,t:526%7D,%7Bpiv:0,vs:o,r:l,t:582%7D,%7Bpiv:100,vs:i,r:,t:631%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1118,o:631,n:582,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:526,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B78~1,0~0%5D,as:%5B78~320.50%5D%7D%7D,%7Bsl:o,t:582,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B48~0%5D,as:%5B48~320.50%5D%7D%7D,%7Bsl:i,t:631,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1118~100%5D,as:%5B1118~320.50%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:186,fm:sT5D0M6+11%7C12%7C13%7C14%7C15%7C16%7C171%7C181%7C19%7C1a1%7C1b1%7C1b21%7C1b3%7C1c%7C1d1%7C1e%7C1f1%7C1f2%7C1f3%7C1f4%7C1f5%7C1f6%7C1f7%7C1g11%7C1h1%7C1h2%7C1i1%7C1i2%7C1i3%7C1i4%7C1j1%7C1j2%7C1j31%7C1j4%7C1k1*.10933%7C1k11%7C1k12%7C1k13%7C1k14%7C1k15%7C1k16%7C1l%7C1m%7C1n%7C1o%7C1p%7C1q%7C1r1%7C1s%7C1t1%7C1u%7C1v1%7C1w%7C1x1%7C1y%7C1z1,idMap:1k1.7f758203-ffa9-0c64-25fb-f0ff712c7c9e.33_829650-57301876%7C1k1*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.141.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-141-220.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:23 GMT
x-server-name: dt15.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2629 43 B
215 B 183ms
183ms Image
image/gif 54.218.141.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=34f1bb75-3292-8a15-5d4d-4102fdc42c5f&tv=%7Bc:yieeOn,pingTime:1,time:1749,type:c,clog:%5B%7Bpiv:-1,vs:n,r:,w:320,h:50,t:526%7D,%7Bpiv:0,vs:o,r:l,t:582%7D,%7Bpiv:100,vs:i,r:,t:631%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1118,o:631,n:582,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:526,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B78~1,0~0%5D,as:%5B78~320.50%5D%7D%7D,%7Bsl:o,t:582,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B48~0%5D,as:%5B48~320.50%5D%7D%7D,%7Bsl:i,t:631,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1119~100%5D,as:%5B1119~320.50%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:186,fm:sT5D0M6+11%7C12%7C13%7C14%7C15%7C16%7C171%7C181%7C19%7C1a1%7C1b1%7C1b21%7C1b3%7C1c%7C1d1%7C1e%7C1f1%7C1f2%7C1f3%7C1f4%7C1f5%7C1f6%7C1f7%7C1g11%7C1h1%7C1h2%7C1i1%7C1i2%7C1i3%7C1i4%7C1j1%7C1j2%7C1j31%7C1j4%7C1k1*.10933%7C1k11%7C1k12%7C1k13%7C1k14%7C1k15%7C1k16%7C1l%7C1m%7C1n%7C1o%7C1p%7C1q%7C1r1%7C1s%7C1t1%7C1u%7C1v1%7C1w%7C1x1%7C1y%7C1z1,idMap:1k1.7f758203-ffa9-0c64-25fb-f0ff712c7c9e.33_829650-57301876%7C1k1*,rmeas:1,rend:1,renddet:DIV.qs.sn,metricId:publ1,cmr:t%7D&br=c
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.141.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-141-220.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:23 GMT
x-server-name: dt16.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2629 43 B
215 B 184ms
184ms Image
image/gif 54.218.141.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=34f1bb75-3292-8a15-5d4d-4102fdc42c5f&tv=%7Bc:yieeOo,pingTime:1,time:1750,type:c,clog:%5B%7Bpiv:-1,vs:n,r:,w:320,h:50,t:526%7D,%7Bpiv:0,vs:o,r:l,t:582%7D,%7Bpiv:100,vs:i,r:,t:631%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1119,o:631,n:582,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:526,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B78~1,0~0%5D,as:%5B78~320.50%5D%7D%7D,%7Bsl:o,t:582,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B48~0%5D,as:%5B48~320.50%5D%7D%7D,%7Bsl:i,t:631,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1119~100%5D,as:%5B1119~320.50%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:186,fm:sT5D0M6+11%7C12%7C13%7C14%7C15%7C16%7C171%7C181%7C19%7C1a1%7C1b1%7C1b21%7C1b3%7C1c%7C1d1%7C1e%7C1f1%7C1f2%7C1f3%7C1f4%7C1f5%7C1f6%7C1f7%7C1g11%7C1h1%7C1h2%7C1i1%7C1i2%7C1i3%7C1i4%7C1j1%7C1j2%7C1j31%7C1j4%7C1k1*.10933%7C1k11%7C1k12%7C1k13%7C1k14%7C1k15%7C1k16%7C1l%7C1m%7C1n%7C1o%7C1p%7C1q%7C1r1%7C1s%7C1t1%7C1u%7C1v1%7C1w%7C1x1%7C1y%7C1z1,idMap:1k1.7f758203-ffa9-0c64-25fb-f0ff712c7c9e.33_829650-57301876%7C1k1*,rmeas:1,rend:1,renddet:DIV.qs.sn,metricId:grpm1,cmr:t%7D&br=c
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.141.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-141-220.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:23 GMT
x-server-name: dt17.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 SHINE.png
s0.2mdn.net/sadbundle/16247695484408105535/html/ Frame 3313 6 KB
6 KB 41ms
40ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16247695484408105535/html/SHINE.png?1631019968287

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd8088042323328c0ab329a44288949cd7be0b5fdecc97a4aae92cbd7e0b26f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16247695484408105535/html/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 10:28:10 GMT
x-content-type-options: nosniff
age: 535393
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6510
x-xss-protection: 0
last-modified: Thu, 16 Sep 2021 11:43:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 24 Dec 2022 10:28:10 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2629 42 B
64 B 74ms
74ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvaNVGpbbxT9e4MrRCK3ei9yn2Y3GO9DfD6b_J4D5LKq41Gjef6Mk5qaqWfxz1-ooZxBugg8ZRCDvx_XrFVEYqwCBX-AebYSQY&sig=Cg0ArKJSzOnA2xltDnA7EAE&id=lidar2&mcvt=1294&p=0,0,50,320&mtos=1294,1294,1294,1294,1294&tos=1294,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=34&adk=388007327&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1640877081299&rpt=1247&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bqi.php
lg3.media.net/ Frame 3A7F 15 B
15 B 45ms
44ms Image
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?lf=3&&vgd_hb_audit_1=8CUX271X2&vgd_hb_audit_2=684782597&vgd_l2type=sca&katbid=-103&cme=YXNNZjM88gX99ETiWMKe-id-kvCQILQai_k4_tBVezF64WR5QgwtIiWMlHI2EaWrs09HTAQu-BTfavYTWSWpiTHUEt_xRiczzxHgz55tnU4_SvUmooZuxDysUuKieFfvypnJKCu5mYf5Orc1N3hiczkFAFcdNmMEBUkSlDaRqAMD1wBYt-4QCZM42tTCe0LT631MVi3J5XM5xooCZ6vsByui8j84QuN0||ECZQquDAdXO219s_zvdUcg==|dsA6EMpZ47R6ljdz__nQtthZoUpm2bb5|u8A6SM53vAeUioXYaN8gcaZw6ehJoMjP|5bh_8NJlDH0fEf9q3hKwQtermTd_TPyV|gNTUc7MBYV04UVzmztpDDQ==|a0AmFUYXmD6oTnY93fiEKmsZ-TvNN_Q28VYTzq1zq5xBD4Vt81H3nw==|MhSffBRfuCOyCp4u_bjS9Q==|sA9IVbGB0Eev5PZj_E8A2YHN6kc-RjGiz7h-vMxsqkY0PCCCFEcOjSBn7hm8IOCu2mMf6OvdmqmKa-qge6BW2xipmTFHxw1ba7EC9id9opaMPTUnDuZGBcnhlc1AtDbjskb2nwMhQY-z3WxGboQU0cm0RTGl--Uz2lf5Zd6AV4JM0-TQVpZY_jB34GIyOnBOf5RITERxOG-SlA85hf0_XXCGuCdFnnthRWzcL8OFl_k=|&gdpr=1&prid=8PRVCXX19&cid=8CUV8TI79&crid=955327425&requrl=https%3A%2F%2Fleviatanscans.com%2Fmx&vi=1640877080224232221&ugd=4&cc=GB&sc=EN&bdrid=9&subBdr=99&startTime=1640877081697&l2type=sca&vgd_l1rakh=1640877080174397589&l1ch=1&sttm=1640877081705&upk=1640877082.6049&hvsid=00001640877081705015088061444495&acid=Yc3MFwAL6foH_YLf7gXoTQ_1&verid=3111299&vgd_bdata=dc%3Dgcp-eu-west1-b~ck_fl%3D0~bhp%3D0~~std%3Dna~itype%3DADX~visibility%3D2~ref_cnt%3D0~r_ip%3D89.238.142.0~r_sc%3DENGLAND~rbo%3D5_3~bx_a1%3D0~dmm_d1%3D0~dmm_d2%3DT~dmm_d3%3D0~dmm_d4%3D10~dmm_d5%3D0~dmm_d6%3D0~dmm_d7%3D0~dmm_d8%3D0~dmm_d9%3D0~dmm_d10%3D0~dmm_d13%3D0~dmm_d14%3D0~dmm_d15%3D1~dmm_d16%3D0~dmm_d17%3D0~dmm_d18%3D50~dmm_d19%3D0~dmm_d21%3D-1~dmm_d22%3D0.00~dmm_d23%3D0~dmm_d24%3D5~dmm_d25%3D0~dmm_d26%3D000~dmm_d27%3D0~dmm_d28%3D2~dmm_d29%3D0.60~dmm_d30%3D4~dmm_d33%3D0~dmm_d36%3DNA~dmm_d37%3DUTC~dmm_d40%3D0~dmm_d42%3D0~dmm_d43%3D0~dmm_d44%3Dprod~dmm_d45%3D0~dmm_d46%3DR~hc%3D0~dmm_d51%3D0~dmm_d52%3D0~dmm_d53%3D000~dmm_d55%3DT~dmm_d56%3Dfalse~bx_sgmt%3Dempty~sgmt%3Dempty~bx_rpc%3D001001~bx_intmd%3D0~bx_ginsu%3D0~bx_j%3D0~bx_rsp%3D0~dmm_l%3D0.003~dmm_r%3D0.337~e_rpm%3D0.010~dmm_m1%3D0.010~dmm_m2%3D0.004~dmm_m3%3D1.000~dmm_m7%3D0.751~dmm_m10%3D1.000~dmm_m11%3D0.824~dmm_m12%3D0.751~dmm_m14%3D1.000~dmm_m16%3D0.337~dmm_m21%3D1.000~dmm_m28%3D1.000~dmm_m30%3D1.000~dmm_m32%3D0.010~dmm_m33%3D1.000~dmm_m35%3D3.000~dmm_m36%3D3.000~dmm_m39%3D24851.000~dmm_m40%3D24851.000~dmm_m43%3D0.018~dmm_m44%3D5.000~erpm%3D0.010~vbr%3D3~~bid%3D0.01~dmm_d39%3D-2~dmm_d55%3Dnull~bx_ybnenv%3Dprod~supply_tag_id%3D%7Eviewability%3D0.63%7Eamp%3D1%7Ecbdp%3D0.010%7Edmm%3Dharmony%7Esd%3D1%7Edtc%3Deu_be%7Exid%3DADX-pub-4573231550355221%7Edalg%3Ddefault%7Ebflag%3D0%7Ehtml%3D1%7Esobp%3D%7Ectr%3D8.639868610771373E-5%7Ebdpcapd%3D0%7Edmm_erpm%3Dtrue%7Ebflr%3D0.010%7Eogbid%3D0.010%7Eac_type%3D1%7Eseller_tag_id%3D%7Ead_blk_key%3D2354234553%7Edetected_tag_id%3D%7Edcut%3D1%7Edogb%3D0-1~ibc%3D1~&matchstring=bcat%3D11%2Ca%2C35%2C16%2C14h%2Cg%2C2y%2Ch%2Cgo%2Ci2%2Ci5%2C3c%2Cyj%2Cod%2C7%2Chb%2Cy5%2Cmk%7Ccsh%3D1&vgd_matchstr=bcat%3D11%2Ca%2C35%2C16%2C14h%2Cg%2C2y%2Ch%2Cgo%2Ci2%2Ci5%2C3c%2Cyj%2Cod%2C7%2Chb%2Cy5%2Cmk%7Ccsh%3D1&vgd_sc=EN&infr=1&twna=1&stime=1640877081318&vgd_ecrid=1700080787652500930018000000500&l1hcsd=l1!N6|8718&vgd_l1rhst=contextual.media.net&vgd_uspa=0&tdAdd[]=%7C%40%7Cfsap%3D0&vgd_isiolc=1&clp=%7B%7D&cl=%7B%7D&vgd_fcm_enc_mis=1&l2ch=0&pid=8PO82R333&vgd_pgid=p02029186064t202112301511&vgd_pgids=1

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Thu, 30 Dec 2021 15:11:23 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Thu, 30 Dec 2021 15:11:23 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3A7F 42 B
64 B 74ms
73ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvWTsFc0iKRjZTg4K8sSUPU13QlZ7Vbk_SnasMTsiykbICjOvNKf0OaaRzqDdxESzQeh9k80MT4_bw4z18gj2E_lA&sig=Cg0ArKJSzAsF8iVm7KxJEAE&cid=CAASF-Ro6my3IlRIeH3_PWnR9L4u7G6KjfyR&id=lidar2&mcvt=1301&p=592,335,776,1265&mtos=0,1301,1301,1301,1301&tos=0,1301,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&app=0&itpl=20&adk=2354234553&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1640877081114&rpt=1445&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 63C2 31 KB
14 KB 160ms
71ms XHR
text/xml 66.102.1.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-AYTbHkrkKRQHq78rNq8PFi-U2M3fKDawqcZmhc1sLbzhB5rTbUnnIaM4JvGzpuwN5gFU6SYafqNp2TUrU2ETyDHHC6ew&dbm_d=AKAmf-A1mI-IWbOzEjXc1B80gLnJ3Xm656sqWlzRIpWG_Ph9ZOUU3p-12B4R6QPDERIeZr5B0KeW29h789Rn90FaLHycAt3oHR53H526fi8d68iWAJ95lOjgeshBzQa8f7EXZm_3ptVjbaMTuHh_AUuG9yNgbj35W13rQcQAryZs6zpefw4YpFu3RITWICL0elYUOsxPX4KM_jn3DJO4vLYfmrME_PbfudMWk9C6yKLV8R_1zw_2V34PPXmr5G0698XEBJFpOUq8hkKTOBVBtV6kDi4ucdC1qzPwaC6P250-1NG7gEz90dj9aUQ92OhB1qtMop5wSSbkzkhjZknVwN0OnfEPiuDILBjuh-ehr9mAWUipDII-HuSTXtQZuoDOIfecr78ihGMQE6PmfZ1KEIiPlHbq1VICjBryYDGE-Z4jv_2N2_gVCZNdp3QGuXGXJpLG-Jwzj8fz6fTZ8BMNYqf_YQy_y65-Ud3FSGtKARa3dkN3stD3TRcs_2GMEvofymaT-jMEH6wv86WZnLgV2Mfa8cmHdQLkLyO6EeJ3NFd_PNrvOcEEShoMb45gsbcE_r9YgRmfTO9TAL3QDVZLNWTj7BaKy0GgDnl6AikwiSOPhSfM6s1anIBHC6dfvhpIFtkXAVbsk8vR74E_PKArGcrHCOOLMOicuWDjjanxcA9s207yNXlOyt_ph8FAg8rMJvRW7iPpm5NnMut_GeLR6yzxcCCEShrd0lIOGx6Gq70a9Z05O511KOawxjX8riTcZUvTBZ-4QdToE0xFZBy6_h_3M_jGGNTXOuNw2h_HBJkMoD-zG7oQsoYWplGYKdHBuT_t-zadijUycCjkUkcLDyKKV-8NzsB-iLkF7NReml11kxIyS0wICWQPhqrVoTJMRelXzg7zfyHywF0FG1wIuBie7veavTADVP7V9ZGkh02Lt3MGYXiAI6C284oWN-QrGfozDFsSE8KKT_MUYeVBomI-keWQ91a8Sa2u_6n2wMfKmteH1GAHkSZxG2O6QHEizstQHHhlD2z1hoKlgp93PcLD5zKHA2w_ehVAuadcbEnf5RrMfx8fOX7R_s8GVhpgSoRjMKZB14eLwIK7ooqZZ2ZtjfoNWfYC5QyGMQZOrKm42ZX2kjUOKMl4tQaUTQS1DJCiJ5MC5NqsuKt3ycV_zJcqsJtQPkWEX3nH4eGk4QfFQG2Uw7Na-6P2l57GUEiKWD9gIbvmCg26VnGwIUdN655BbOHIjo23JRcRAuH_hMMnr55PbR559EHOXnNJJfo9NCTlq07hU09EYEezjge-yoyWugrGpKKrhe8e1ZA3pS719u79oYoPHNSW-b-mdRkfx5-132Gb4McmkHo2q0CQJuyAAqF-tnL8T3S22Bz6h8jaJWxUssv05T8B7xOyJAWZO1M_UvQSgJ9eWYk0tAYW1cdePEQ1QoxXXQrx5FtBpY6wMpn6EBw-P_waZTFZvirQPntxHxV6XMIhdJKgqqz-n8qqvIvhUwLbDWVeDlyAz5KfnqKnhPW5aLJChLIVjRh3nGuHP5t-L27-k0K909NGSCGFucGZFFyUTbZp7_2R6yrB5uX2P9sRTzIIHVNLgFfRh2Br78nmS8644i4gHQA_ppUjQ4FYuO32Tlnm0QPzcq9iPNG4LH9b7-y4Vvj0Mete544yaoEMcl3gijecdoD8bi3hFDrV5mZ458BHkdv6E0Ll0J3qmwh0IJssxlCH63Y6zQdkzKzT7aLK7UXO5V8-_JorYgBzkah2lUglLPZfBJ-N1h681caE2F528-bYLxINeNU9bgZmpHAqt5VvSWI6hIHfTUSYOIeX8BKUNQ5EG3C71epzIx3Cyevo4KlvAZpxN_UJ9zHDO6q63s17SL3Iu7ewH_Lrq4bNZj98EEHjy2NjDTBiMHBwL8m7JlIFqsYr_FiiKGNXhrnrqbKPg1fuMz1XkOj6XZOFAVOhOaFBvbY8mA-2MawkAhEq5rI1HaRMgVgaa1fvLQgMqYbXEoboI-nQEZvphUNZ2TvIT67Hy1r1lnozE19uqZRVibOrzaVjcX3vaWsFtfIn9XFpLs_IXt7fWmr6ndumJJdtnp9SbRT89F9yExHL-R9TV5MNgjQY7BWOAvZQWcsgBkP48bXhBM31pfRVxsfHcyIARC2rrHJXVpM2-hpAUqR5Me4DLNnugY4LjVHf5LIgmtDUzaoIQKfmpOT_jka8a-IEtjrKjmOGej76Uvzi3ERuwHirF3-k0Yg6-0y8f8pUYqbSAE-JhFzAguFcGMWeJSqc67ks9o-Vr5v445I-dJIh3hx9v5sBQ5zQ4X4RpqEWiKu7U8x96kXgiWL02qHLTugI4_DTdanuQ-TGd2QMVkaau4-1dHw5fQnonTM_X19uPkKktMiy7t3vcDLbKkzXjGGNjEAgaYZXXsBfIkMeTeoOhXkHgBiJ1_hskebTpjizIjXDSVjDeo3g-CeSGd8a7VXTx7I5seWt0OEf17dtC50ubAyWgtxF6lp01X0nsuM1UFEYcRMBfPiIsJ7HA4s-ELAVdr7T3L9vyGgu_jRhhaiBGr01PNcsj8LYZ3YOQ5abskqYaaZCm5rc5zEYxGxjBnF0TZiuwN9QwXcIszO7f8LUrprLhvFDwg77cSBTL_McdTqNb4ujfuDmbzhJ2wm663CT2GBAYbFqrEiEm2pZWSbfmf4KM4NFn4BHxjQVAO5DJMaAbh-aAGPIvhzRjZbILlmL3zj6lxxhzfTjjg3qICD8sEAVeNCKY2IF3MXIkSBvO_98_lE9dqQCA4pd976AxrlLpusQHMXv0jXbnt7Ki5bnx9UzP-iJOnCGVdUCqkjCgrhVRbVdUbkZgR8HVf-7diggviroLOmIe4_qATnAeCOX_Wi78saQTc_Mmo_EbWZmksiEpQB6RKMDTaAYsBI_IhjKkC1nV6tK0LGUj1eFnKaQCykjzJhj92IT1jg09FSzzQhA1jfAk4RraGb1FCN1yp7aEo-tsRhhjEGl4NkX4kpcC9p3yTXiT0aFMVP_mRkvuodLNNJbvmUQE6uBrxEgnToAWjNWfBzmY9TInmlcepN1n70Y_t8Dh7DKLXhuy8bXA4VVn2ulCEg-QCHBhl1KDSNLtlKo6VqNEPhE2WJ4qYUQtcPnF-U2Wu1rzqvCNBRefjz0IKqTViCqfvu12-IcqEs20fgIsENGdtqhIPHZPpcI5JY_ndFJoWxIvAQtpsJA9mVAXEcR3YrqKtmK1O0TJ1O6kzNYQCsf4qvp-lAZ5qe8i1LJFZl-0BBS1gZ_8OA3l-pZi20d7M7XNeLJYxPjWzTIdUAqY2wyGcOoVqZvpFY&cid=CAASEuRowgGUNoO6wgep6DGztUKmkg&sdkv=h.3.493.0&osd=2&frm=0&vis=1&sdr=1&is_amp=0&hl=en&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&adk=80615113&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=8EEA2BF3-3440-4C3B-A8F1-12A34BB6827A&nel=1&eid=44750604%2C44750824&url=https%3A%2F%2Fleviatanscans.com%2Fmx&dt=1640877083908&ged=ve4_td4_tt2_pd4_la4000_er870.1190.1026.1490_vi0.0.1200.1600_vp100_ts1_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.102.1.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wb-in-f154.1e100.net

Software

cafe /

Resource Hash

efc8ec85cc31993a904cbc64f3a2d69986ff3defb68d2512fdc0553273c0d361

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14420
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame DC7E 31 KB
15 KB 150ms
63ms XHR
text/xml 66.102.1.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-AP5ZF27Oy8mxIAExTgBDRgsJIsRUpScgr1mt5_biAiwm9l1KTrHL-NqADJm5DiLYXLIRzGdBxeIjPTMuPStRn2aheW6Q&dbm_d=AKAmf-BfhwydpwA3FactY9nfrTfQdKvChgKXI4-xZ4TEvSJHUlI3dqVvvFfUISNJkB1gDD2vSlftwxBkB5kbyB2NK9PqyPvXpw2bV9uqIMiDx9LFMdymTNApB8uNm2cBB5s47LFx9ohBWcc5L2DvkLeuSOehgWEMIR95ndXfUoX6yXcaDZMslJett2k0uuMB5Zjj8mClkKDGLFQ9ybgX98QYe5d86OxS95JK1Ezg-pct6TuXv6BzMlS-7fdMIBaD0-NMNx5q38dUH4I9B0Ce9aoB4ltnCFPLa-qsaL8c0R0pXT8QOLuLn_YImypW-CZtothk_-748RTXd928-Y8LxFDCh63V0DXzWtTWGKufLicGkt27OPwmotOo6QdvVVT2NvzBU9tHHEFmGLNu7_q1LirP20lCwRqzXEQwvAFxWcNwTvhBu9yS4tIDQJmiFQ2p8jmfid94jjl8QGtNunudqlqGKH4MVrzlQROji9N8PRwZpnz_3lQZoBj7IcTCrjJ-qIfUdaQKkqJzU42RDO_lZMk3jKR1A4d-TOAD-oRpal_UHqyptx_Z9m2447fiYEjYe2jotxsCCCnUx7GNJffI4Hrnla_4auCxCtdsRku_GSfGp8yuTTL_-n28tD32_s21UzDc8NRczSX6OPmBBlfPFuSlJVc2rQylUFiotSeAqWzJ7pGDSfnziNfqII9iTk_UaFGrGHOKK0daS40Bcw9Pjj9gwheWxgIId7zc_53WF73Va6YHdVYauUQ8P_VgjpJYKP3hQBI1JHMr2oOp1d_DLWxvB7Quib9_xIZxaDr2nZ8EdKOd-vJj6dcRBjIQI0kFLAdRrTK7Bjy7E6kJEG3Pghk_oicB30Cw4nfj_YlqDBRiL__EkPx9KhHgZztO2E4roodo2Pzyidveh1D26eFNawf6t6VghiRpEMX_1dSTvVWAMtMx0Qqu1v8cS6Ml1X0a_fQJTW700tmRhFpVs1Po87GC_KxD6SEVSnVnQi1po93pOe567Sj4HyvpK8GfCELCzO1lu-iqSY3UccAzhSevMBWYu8SFRRd5oRASJQvQ-MHaE7z0Uhd2lX4errwwZ-KtwCFHxr9Lty_hvg4SRtvZu-PNtuwnJAv4HzWUhWqhKYJnVLNOIdAcRz69mJVUcPcclot_qjoqSLvLorFrSf8WnmOxsHYAPybgjx-KLqrXoEHJRoe-URDn5iuk0uEOrEYlOjBhxZWgUT0XZGQP0LgohbreQxZy8TYCXfm51WWYhPqo5lZIq2PB9XVqKxUKH-_BNlof3FliKPDSGUQg9a6Oaofgw5Md9XolallE1x-LFlw_SCx9qu6wulg4sTEAUxUrnJIiALdIDcQoDDKjCebhkNnWfqRpWX-Mq-tEhOE4qIjy3N9jDGFaQCX88l_xiX8V5IjiS6-WYT6q3OHEpKrr03P-cRAjeFJ0E_ZVIGt9Fd-Zqfg61GBrhp60XG5AyvCDDPpqLLnZrX1tpJwuuFGoAHXEDYcwWwU_5FFkkL1HkvjdKa_gKH-dnpFWBDa-wEjaN5uy8zqB2iRHvI-YcAia-EtXluCqeOYuzZ4ooDWoJ0cWnSgja2WZG4s3rnpfEUbsG-eoG_Nr0ehu8Vpefsm_HH1cNYDO6TRW2hq0FeX0Wmrlj6KVmlNsQLphmynWp2W-UwMC8B4OTZPhO0AyMDQ2dHNICD2n_kWllbmInzT_PlM3JqbE7tt6C--iH03PJeZpzZpVCfD1G8Hq2yhvNwYxZzmsJLQzdswuTduuauzdOUay_fjSEMxM5UbimdYrHLWUiOyjM7siLaxLBGc2qKIqS4z-zbWV2skwusPWciwHRUQcS6hyANqWYJ5xoQz8FeFATzkLmSwSN4_1i1E_av2i-k7YkogRpQCruNlERsq9xK3q_Ut5kQCWAoH5l71kXr4jz7jAqC08iqxRO2nSNExGC84cH88tMtVUjhcKnuxM-WjlF529ZUHzX3pQaHVkgXCG2u4Dw_MmCpd27r5J-glagDZxBhL9-oHHzyHltUf-mibpb1-4kZdoX_IhDqmNmnK1BhwOLz7xm2RH2jkitve7NhIXZLwWuYOOgJ6Euygp1kTOQs_25jC745Dv6DSe4ck4quiT3nWHlXhL9HP6W8bmvL2DwOHq8OQBLL8AN7lY5jgSL6kAxWr6Isr8TNP_4-Cf3o_ksgnV7NjwHsUiVnqrJyWzrS3Ijw2fqiVrIoDus8mlDNV5LsZ7-Q1zDfGjRO9Rc7c_FTLXVexRAezYbh86_pK5mkKlHMpEEjAvgal_-q7sO54Ej09L3PA-UyqP3cNOn3tsdQ13BXEb8ClbdIQak2D0Cx3JvUH6-NZIOzcf-CSnzLKXUjdirCwQnMfRQdqs1nGxhlsyJ0B0dEobQELreJv_cUBoGsm7xTqMuYyUvFG78Jj6_cy5xFbozhxaSKYg_FbOQ5AVCSCriN9eLeclKCvw7c6ns5x5XZy7ZKdOmnL7RZLwbdGmNms9IcW45gQjXMZ8fL6cug9ufigglYiz6g5rc_dGXIdQMo33cEUXEwO_PYFtUt8y0CunolipNswKkSi0raNxMp4ZsWJ_dr81C7JGaWXLSJ00hy988hDUnNJIkcSHHU9A2gQmQcOFiTT79eLNu8FClzUjgMsOtJPogdDmvgiFMVGKjzI0DurPVtgymlQqylI-hhbhDvQYi20pe8SdSue62Q7h64qsl4rbCHP_cjx-WK5sqA6LB6PFXV1-vOoNJI0WpmMFPq-mi2BexEjtsVJQqSIM88cf-molhNXF00-eOg5kqjvjt_zR--8xDM62IveEDJjboMUcywZv7hI4wzbf5AZuDC9yD5b3RprFNPgnOohiC4hy-cdEwjWEtkuo3oEfengdy5TaEjDam60dkiXfztrFvwyPsb4VnwLaFbqBS1wt-3k_Nh7dJzJ1nbRboY2-Xy16JVPzLiS7hW8ky_FulLSUt9hkWAM0EB5e3f3swnLIY_PE8HfULEPCVpZ_V6fw_kFw3Gu9lwimV8O85Z0zT5LQeIIJqkrZiKLf96mLH9qyvDbCilj7aZ749hYU04LrfHs_sziXeXmX_0NqYosNWJlItppuNtoikmEQAJW70VsZTB-gTVoaGWEnpM_0lz3FEArT79V5LsQ-02iKBUc8s1JYAqAwUSe4ayZYgnZ9XjsnQaLhjwwPCYQKFIoeGHHSoOS6whCjl9M4IlGYExWapZW9lWX5nSG_GAOwtDtXfjy0qjBiEtt_11MaGxJr3uWwIgcWouOf1rrhkIDrPKGa3fcSqH64eqo2rz5Owi0m9WL3hm8SvcLnBWRwWsYtTd6Uq_M&cid=CAASEuRo9iC0qSZ9WHYNVbbC0xeeDw&sdkv=h.3.493.0&osd=2&frm=0&vis=1&sdr=1&is_amp=0&hl=en&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&adk=780360704&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=8EEA2BF3-3440-4C3B-A8F1-12A34BB6827A&nel=1&eid=44750604%2C44750824&url=https%3A%2F%2Fleviatanscans.com%2Fmx&dt=1640877083911&ged=ve4_td4_tt2_pd4_la4000_er870.1190.1026.1490_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.102.1.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wb-in-f154.1e100.net

Software

cafe /

Resource Hash

0a546896f620e65a6db5b922746b9a609f6eb849ef91969682b9979ec9d779f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14408
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 4621 30 KB
14 KB 176ms
92ms XHR
text/xml 66.102.1.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-BpXuvlhaOGnr6otyUXzIOXPeM60LZKsou5_bvBHE7bqmUtc2sZi5uxUQkNXVWckLhJ9sVwxZez4-tmQ8KzVobF_20dTQ&dbm_d=AKAmf-BCfRPiNHSVgrSCkl-uNbKa-jFYk4yEhBJJlyYOcCnwZMCHGMwhOXZp7uKdbkgfcO75eSpboC3v3ZpDqPJ3KCAzboO3lGsPr_jMFTL4JLilFj4Cvx3pg09cqLwHka1Lc1i96h9AO8xmi-l66FaKWsZTdDJA5kz_7qa86Chk7w5-DEd2tiVX6bzkd8QQoA_hyH7UKux7EbdovH1nDUws1982PxiaMgmfthKTb5Sv-YNUfsS0B8aFtye82TKHSjGs_GBmywvWItoceFPLS4I0Ej8FnIsgvsciI9-jt606avYsj7oo4AWm-ZjIKLFanPtzYxLmC8ZJ_7rRXCeLk1zZxUt5jRCnXQya9U-8F96bO2N-T_cQBEl-fA4A-G2_suepEHuWC0ablII8AEp_VQEDbvx1b_-9Aef4Yq9C1HkKalZ86J1oiK-ZBwBgitTB1CN1mnAe8OfB4ClcUzGqCWDuYaKpo4bZHYdNwBdTInupzvBSGHd-eEMfkBJvOKUTO5UqsUUFWC0D0L7tTvtCr-J_FFDOse5SVZcPSG2aSWvSGhCAcXFlMwCce0JDRpMSKp7n8HcbDu7LNYFIhb4Eo7mbt5YZTjExhIYYXjk8bWXGYwJXnKDwEFpjSP_LcMJJm-BWtz96iqch6NnbaXkne0UDhYx154gGyr_FUb8uo3RYArXD1kDbuGCtc04o8-tean3B5oX8lwq_UVBZk1Y9twK-lT7kSieElln292ul2U7mKZugq1pVJySKWp27DLZls-P911HvXnPehXIxdL7tcz7JaIk2s6UP1ueRvia3-xnYkMdUTZ7XJdHwOWTgq8dhKd61nTwYxLQk1exjFBxCeoI1c-HtBESniNkoQs4bShcuhtd-wyjL_WkBXNSL0976GWD_bsz6fA_4IXUKiT_UcgDQ0B251ypV3Ubfkd3849a_T5Les2mexiIIzlqEvvfozJSq7P_tA4kGw2bleoX3wZwW8WNfgMHiQTsv0OPNAq_bPZr-Ngvh38jRSvC1oVXUpvmcc6KTNdDObZ-HqhYzHmZ4C6PyTJ-3uU8q4NbVMFpsyVaRmZSqQ15_KIxb7TPHFJN__3wn5S9dJhCOd4AZLJT6iFSArRYdaxoWa6mwKB4dXM8pVsNyKn_xNEcuaFb3sIRMegXsYNz0QySmPB8CzbP5VZPXWsfr0YWUxg7UA1NiABnDWhVpiByyKsKKGPjdhhOlFNe0Bb-uWmubh2Brf9ONdmbATjG76xry_6YY25YLg_pO5DoFja6ur7pyH9Rrj51NX1ka_7bzNu7a611UjnnYlH_RhPMpTNgGbL2C2hedc7Uf4EnzvBUK4nnF3uGa7HtuFIq3GVJnfcMeWY-oMOZscy80i8GjY3zRegaySLx1Wf7mIY8pWCqScqBXwNSlZavN5nDkRqBam2CUrx3U30nL3-vlAHrF_dJTK75vEoxhSCCsdXCM3Quf8Bdw4VNr49r2-a1Vi3SMyYM_ebs5G0fPLxqnXVUrQyyZQxn4Cif5tnTkFjQgPy1jl8ZIAVlHi-vJLJcjw2KAhnyLVwRGFlBfIt3i8w7Put1--zjROv6FS4Oy_ax47CBXcxwHMN4Rds90NbDvs-c3hRzK5p0zwkLi2pATqpwFnoTEyVv2_UpwBfFVU6h2jz1z2AbNdKLKEWVXsr8js8DdOQxYfT_fS_aZm-FwqSWrruvzdbmUlzvoMedMgDnHzarQjDApvYYQO5gA2xivRB71zR9k96aPYpUt1IVX6byB5uaV876gmFzPP6wi7MM5Xl9U8S-8KdWtNdO8e5xIaqSkLUmE9bnIacuYCPVWWvznjNS4zYXtoqJXBCYLNJSDZqwMa5LXrcO-lgbikPfq_v8laAaavFkc9zOSmPAlLmXjL-b_2Dzykmfq3zqIODL1pol0_jMesMEn9YX-kGMWtjBG5pmS2CkL3n1HtwuqpLNAYUd6S3qDPy6Mhu6ilbgkUPaQlxz6nzZGIilgTYs1pUr9w6r2WsEme8Qepmq9zc8kCpsULI8c-ZZ2Cec4WfRZdo5Ic7VbX7-98xxbpPto8BzLKSHBLMDow3sUuu3JthjC0p52DDntTLu5tRmb84opV9HztFrDRykfiVcI6svmg9L0Q3jWvhL0vLTs83nTuJzQCHRZRtvWQD_skn4gGoMI3OXdQ4CL39vhuH9ho3vmREpkfnMzZF4IMyK0nNKllZkVDrcoukTMug2sdP98rPUNi-RgN9_yXvb7lbfTJYuUErqGfOW3f00_kGGfT7ok4r0rPe69rdlywIWLG0dJwibGNCm14WJ_hPxd7YpRhL7S25YgE4o9U40jUMqAiN99kb_aFf73s7INo_G7T4p5q3yqHEmCPAlMIhFfC1ydw433N9mjP_JkK9EJ3SDUDLSsf8s2SF88G4ZLH3lx-4EbnBbTkVhClnrlXtgWzVmTB0P22mHnR2CeX1KDm6wK79x0sM-S7zIUPDpvRyfYGHLsfcpizfFxjaCG1yEi2TiDNK4aByiCEBQ36XCtdFEPdU78hNUCwsQ3d8LWCti3gVpGbCWmKezb_8GgtTDWNG_S1XL6QGE3i2gJbBHqvmO06qFoUw15nLqLEnDqbphBFbLEJR3EGLib8gn5Yu201QODTav1Fc5I62yIJQyH2nOCk8gnfXYMIYiaLm9_9Ikx2GUKrm80YSUKbES11LIfPG5kjHEYSoWmXH56jHk7Jv0yO6OkGLgvyzWEZH-lPv_Kph6r-LHk60A43u5mhvexNdS2jaiafcaCwbCBGMXnG-nwT2TrH43He8J6TtJ4hziprjP5y6dKKwwhlSTR1qYX4gnGip_u97SnyYoselw6QnYChMEZMobBG1mxUuQRCRyZ8QPEeEdYlWu27hu2c-nbQFfKu4AWfpLbKxz1WdvP-m_LrZIpAdTW5FMltuhRaL1ou_5DcG_uK9qZh4WXFW0uEXm9HCyg_9dSmNeLd9EN9Gh0x-vp9_GV-eVZljHN7bGQ1lo_IiIe3VbR3pZ3_7-m_W18mJ6Zt0SkEC_YIJ-XuWRcdExqjagS8AQUIN6qdQuUUIZnZzjOaiawTRRe0hywUYiKNer0IeEjohpxHC4t4Ac41S_PMs2_13sPZNFuJgjQ3g4DwoAuchnsR2EQscHIRnXOxUS6x6hyRZhiiFYjgyMRTqyxhNKE9JP8-oruWVdc4o1wcTx2p-Zq1DCLnMnGBAEPNgIljSChdxSZPqIOom6bHyFhN6xFx8n0uFRSzcezG_Axlfh9ifDH6n5yFC620GQvYHi4eAWXQ-5XBCbaGBgpEEaOTLPAroRi5sfpyz19Fqo8Kb3NrXk&cid=CAASEuRo4mRnhZJlSe5PFrA_a85pcg&sdkv=h.3.493.0&osd=2&frm=0&vis=1&sdr=1&is_amp=0&hl=en&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&adk=4274859614&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=8EEA2BF3-3440-4C3B-A8F1-12A34BB6827A&nel=1&eid=44750604%2C44750824&url=https%3A%2F%2Fleviatanscans.com%2Fmx&dt=1640877083913&ged=ve4_td4_tt2_pd4_la4000_er870.1190.1026.1490_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.102.1.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wb-in-f154.1e100.net

Software

cafe /

Resource Hash

24ff3ff811639dbd0cf8c784eb31af79ce69276c440d62a5181ac92e482cb807

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14310
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 7814 30 KB
14 KB 182ms
99ms XHR
text/xml 66.102.1.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-B4iCw2jYouKAEUOjcSUBRd5y0y7H9hk3yyBNPvH9qrTy_Rn2b4soWluEscVObKemwXnk12wkq7p7dnv7oMFfqSzL1-mQ&dbm_d=AKAmf-DQzLNPLYcJQDD-Lt2z0aI15Gd4SQq49LfU_mKrFX01msktqUZuWjA0Yt4PlxG7L0be52E7a_2wVafYYUgV84vv_lt2MYzfqFHU59YQwzOs6Sv8Gf2bIxYvHpiD6uxk8WhyFF763fqzy3PO6amKoNmV5cBCWoJWHl9gnkMaitF4HlG2pIIhxr0U_CH37CBwBL4izqufvtGtSop45Lr12ngvIV1VJqrTE7HOw8rzhYwqraF10c-HQppkXzhfAyINGE2kEXyxmBdLTp2Uzq6LFdFtIJ25miHWlRqiImvqNnOuFEvQzUHjP_eHIsZ0qX4Yey7E2l-x6lB0plH6qijImfWnJ7PHQjx7_4hfMIQS4-Cl1xWXB_entrFdFiWpO4beBOqUCNcOx1RSMKPmoXy5SCNH3rm4j3YmXFTY6gANfQBJLHV-N6jXASLo8Tdv_NyoH3xrSTuuCAHlJGRguCR0B5D5P7EiFnAuNmPt8f6XyKC1PgiEcnFL18btrKwdRpIq20lhPZiTKnyDUSUE_s5scuqERMj-et3sg03QQwbnha0-7d2_FnAXDuoMWQrtSs-QkiLzBaeAOI0DRJANBGX-93nfwvs-qGvSggg7AB_ZJHrNE_6JEsfhG6ZHuDCE6NxkWVQ62NPAn_yZ8gWYesLnJRaAFnQNbP0U6BCToysRauH0Vk75Xzngi_0UAn8nYpX-5Oi8bJtwbkDbAe-d947Xpwe9FBszIsDL4Vg11SDtJhIu5fNm-mPWAAney--POWKWh4rc_LFGmoASMYC8W4HvkzpS0LEWabX-q5qH-Wessw4ximYrBTOe8K-2drK5QX7gRRcE5K2bvtprpKYU4hPktfjRoP-TdCufS55J2monaFNMXrfOmV8CyWk9m6-_SngFyepFXr6zma8TLnRIoxLzMuvC1_UNLHVAsT-2s8E_KTlOG-YkSOGQz1ZJyXoJ53epennZ-e_rMKhWJbewcdqbMd0ydevgKFv76tTxoeavw3wNmOThFew1i6mQj01zYhXSknRBj76DkmHqUdRRCAMt56tpw-f-mo-zHP5LIqDGAglIJO84qtTVZJbJmHYEU49S09EEvFv6hy7qffZcOa0TzzfvGg7fLI_c00jQ7NyHdk2OHzwUD1gnD1QH8zpZ52obPWC95m4EaEwURf9E1jNF7i-YceHTA5jJZrdIWQHIiEzOeOmM-wzzyrW1oFvv2BLjbFYuR-ftm9oW-eRg_i7x3rwt6_x4kq6AaOETteO7ifMEGW8vhz5-n54zMY3bC2T4Rz7K38hoasNh8JVNFPXfuIQev5bn9ZJUyl5CIKPf-amwrPpct0ikKxkHHkmNia3cFedIs_BRz0klJkyyYnWI1oppLtG1XioOPlzXRDXwvEB7iSZnNHIvIJznvfNvGSrkOcFcEpX62FvkqkseMHbRxwXLQZcZhF8mF4ledzbJAtq6TLxIinOX3YYRVT5xAtPNWRJ0Ft6VYBYAnit6X3URaX4LVIbT5JfWkqI3rebK_Vu-1IHLHW2iDZkLEXO7jWS1I1vl8GC3PWXtHk4h5bbQoKvOPXHucx9Z8T7jPkQFBbTMUXTqLq_tl9zycVnD0cn-s50edtRX4-s7Nckb1wkxxoKgiCIH4F5oxYUoxNlajf0fOG-V099YyMJc71CNne-slaZAb7APTejlmOSqzZne5kehvA9vdrI9kOFr1VsBkvh_OtDXdUJ5Pzxw9Blr5c1KixRAwCf5VaWb6vjBG-ZEZLtvQOdrMMhcImDhlOPXaJO2Z3weQyDNDApePuk3LYXN4AazupftOKUCF66EtwraAaQtXFYguXvPtIcwN0WMvHHY7UkLk0qMLYAMh5c3ptKCbmD5G9vP-nEblBn2InmxigXJqkFodfJjLZzSvKxB3ZvFJE9xRlMR4IDkfV7pXg8mcuL26pnwtkFhjdynqz5Zwfzik3LEZ7_3P5TxfN_toBraVZG47EMjtLurq7PZ01DETUpR51qEpZlHi4V_VfmO3WYsHDctAENJXLzQdk1g6ww-8-n-4gRghC1vTCtS8zYfL5zrIG0B9FhZfAzdLExVFvwd1Dm-96AkK8YrmkhAzrQttvNW-SjFNAXw9erLNzgNTgOp04cgARuUE3EHo0LYkMPFwEMGzO8AphDsOYaAGusHq-MlmGz9U9jfHoV9yJ6ZgCZMk3I3D6QHYcYmNy5xgNmp0GP0LcIP2H_KfsLAXJBJxByNqNccwO1wST6414ptmYRxSN0_lJs-sSjW1dEdYDq6qHW_x0XyxIanMrnuxVBG-LXrktPG_VniVw_xKMQnMqk8srThPji8QMj0fHB6QhGTTUJhUk9LHBIKdcweRN0wH0tqv3iEQq4Ni5BgurFYNVyCFNs3EWHtTeQP9t5mPxSJ2A51S0x6hVoXXRdGCI6Ej7f4N5IgYDwbZWBLIcsNRoNS86CYjyUC3zz7XzzeKSyNPtDi9A0nCi4ymTp5Rvs-3DjIoJlAPdjrmc8fPqmD_zQRTwxgD62Dc190xXyeUkQ_zRjcBOqkf7fB6gGXPO5yiR5lp-0g6Ezc_LLrajyhCINTU6SN9NJLHn2bMD-bZ_yykmu85l1D-8xoE2Ekvg3qthllFeeI39Bn9imUXwetMqRsRfwfXopLiAZuRuyRWqDJNTKyIG60aWmBIFB93feQfJA9UdRoVJPhuGcvRfMmJu8os_bkECu3_FwFmuuR4Gi-k-K0aI2KJTdKO8dV1AwnUBvVkq9f3I7frVb1wxtMF5HV00KXYWMjW-jdvmyZUCIEnURDhVTsn8K4_Q-VmGdxEr1YG90wjgXN-RXj2VhJJVOFVaz-DxKew6InhUe054dbiaT-UWV3lqyEj-ONF0MF0fbb3dbc97eDa6OPuqWpq6cR951FABrVAomQZvu5jxLuA7cC5qjjQHO0k0L420Bu19FEZT_olHhaugMR8qiqH_q5eKRey-5oiDrYt47NLAtyWDOA7-u1ToqHbZqecPyGa-n3SCXKv8TI7w-hTC0phILitwxDbgXAkjFtXSAurG1X7jauansXfCIqJbHPh6BL2GgCuARawcjU1ZxFikBPBHmLM8gF7NyX5P_dDENKYMOJ2MfFoh3lC3C3y39f9bu0lJWbG41q7_p5D5HKC0dTUTcmQgNWtK21n14gIgCesSbBSxB6Wur7-rBuWzPd99j29jTiSIT0ocyIwX3WhxBUymV3xjIduBP73F4m3chkCHP3smaj1UVNFe9zSN4OprZqG8XGHeC_bqvDweAV8oMW5D2anqU3bz75iREjm19W7oeN9frj3LDMd1F7Ga18tPYhx8nTH98&cid=CAASEuRosHn1ZeW7ZQOb0Ca3LbAu3g&sdkv=h.3.493.0&osd=2&frm=0&vis=1&sdr=1&is_amp=0&hl=en&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&adk=90930543&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=8EEA2BF3-3440-4C3B-A8F1-12A34BB6827A&nel=1&eid=44750604%2C44750824&url=https%3A%2F%2Fleviatanscans.com%2Fmx&dt=1640877083915&ged=ve4_td4_tt2_pd4_la4000_er870.1190.1026.1490_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.102.1.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wb-in-f154.1e100.net

Software

cafe /

Resource Hash

6b038e3b15c6182fb4b5328d358a49c514ad1d47cf2a2853031b75a77952c5e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14241
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 bridge3.493.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame F1ED 598 KB
194 KB 41ms
41ms Document
text/html 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 198942
date: Tue, 28 Dec 2021 14:56:35 GMT
expires: Wed, 28 Dec 2022 14:56:35 GMT
last-modified: Wed, 15 Dec 2021 20:12:41 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 173688
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 1251 37 KB
13 KB 42ms
39ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 14:56:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 888
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:56:35 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame FCFC 107 B
122 B 53ms
49ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 15:11:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 127ms
40ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1271
date: Thu, 30 Dec 2021 15:11:22 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame F1ED 156 B
142 B 123ms
122ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21735472908%2Faplvideoandrea7047%2Fvast0.75&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3921818895339995&sdkv=h.3.493.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&adk=2273721017&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=8EEA2BF3-3440-4C3B-A8F1-12A34BB6827A&nel=1&eid=44750604%2C44750824&url=https%3A%2F%2Fleviatanscans.com%2Fmx&dt=1640877084125&cookie=ID%3Dc64806832bcc985c%3AT%3D1640877078%3AS%3DALNI_MZZFj4-s4jS19hlZIjfy_lD2iPPxA&scor=1360582006267743&ged=ve4_td4_tt2_pd4_la4000_er870.1190.1026.1490_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 track Show response
servt.modoro360.com/ 0
94 B 368ms
125ms XHR
text/plain 35.171.252.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://servt.modoro360.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=71326&t=1640877080&cip=89.238.142.213&sn=&tgt=0&osv=10&bv=96.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=6194e37dd64d962c3c046ac4&test=&aafaid=&proto=https&uid=1640877080009-991052717804-008490-003-006045&cha=0.7&stagid=6194e42745be0c7521582835&stplid=61992a63ecd4ee6f534beea5&d35=&d36=6.1.2.92&cb=51678316431&d9=1000&d37=realtime&AV_WIDTH=400&AV_HEIGHT=225
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=6194e37dd64d962c3c046ac4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.171.252.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-171-252-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 30 Dec 2021 15:11:23 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

POST
H2 204 csi
csi.gstatic.com/ Frame DC7E 0
327 B 149ms
53ms Ping
image/gif 2a00:1450:4007:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kxt3ukdn&c=242587292157&slotId=121293646078.5&qqid=CImU_rzni_UCFRPSdwod0VIHUw&gqid=GszNYf7OHcSKjuwPydalwAM&fb=ima_html5-lima&sdkv=h.3.493.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&wta=1&ghmsh_eids=44750604%2C44750824&vmfc=18&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4007:819::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://imasdk.googleapis.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:23 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame DC7E 42 B
64 B 52ms
51ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
pubads.g.doubleclick.net/pagead/ Frame DC7E 0
0 79ms
78ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubads.g.doubleclick.net/pagead/adview?ai=Ctwn-GszNYYmfH5Ok3wPRpZ2YBcqaiIpn0euz77oPz8iivcABEAEg3aCKfGC7hoCA0AqgAdjetdYCyAEFqAMBmAQAqgT5AU_Q6BRpP2JLniw3NbIZ1KOR_f4NA_5wUypocwsbmZJasTAj1FT154SYEcowXpicjdRW0T8Req2pkxk9VolkpMeYTYlKHB09pcQI4dcZWFmLmb-eQ6Kh9EAKEnixkugI8W9Q6yHTZrlln33ZK1h4MBmqBS7iA-MEwtSupueOdSkhbNU65CJ8zM4YXl5UfC3nQdzr7zTXZEJvDa4KSUlB4agE_yj1rrjpB6XYcspWdtZ6yio1xscPKWuD7mU-RcQel4dXOoXHgh4peg5nziOFnaJXHtbRuZznevCOdnWwM7I7x9Bv5UtAqhoQZmrYQXlLCg30yip3ODTsM8AEuYTjj-0D4AQDiAWV54foOZIFBggDEAEYAZIFBggbEAMYA5IFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGToAHkKHKqQGoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHCxDu0IgCGLuq8r0B0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xMDI0NzIxODczODg0MTk4gAoDyAsBsBOZ6OQNyBP67PTeA9ATANgTCogUAtgUAdAVAYAXAbIXHgocCAASFHB1Yi0yOTMwODA1MTA0NDE4MjA0GP3cbQ&sigh=Sbf6LSTB4E0&cmd=Ch1jYS12aWRlby1wdWItMjkzMDgwNTEwNDQxODIwNBAAGAI&uach_m=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&cid=CAQSPACNIrLMOCvAjuBMDebYPbEbaaNxVxYzGW-MdNhys9BReW3QxMKSrHCyyWbC5jRR_j1LZyJW4Bg3bAcXKg&vt=10&sdkv=h.3.493.0&vci=CjwIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw1Njk3MjcwMjU2MzdAugQKbggBEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk1MTYwNDY3OTcyCTE2MzM5MDkxNUCuAVIzCJYGEBIlAADwQSgBOgsxNjMzOTA5MTUtMUIER0RDTVAAWhAxVVBQTGk0cmc0cWQta0llGAE.
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

POST
H2 204 csi
csi.gstatic.com/ Frame FCFC 0
54 B 110ms
55ms Ping
image/gif 2a00:1450:4007:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kxt3ujhx&c=242587292157&slotId=121293646078.5&eee=missing-element&bi=missing-id
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4007:819::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:23 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame DC7E 0
54 B 107ms
55ms Ping
image/gif 2a00:1450:4007:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~kxt3ul86&c=242587292157&slotId=121293646078.5&qqid=CImU_rzni_UCFRPSdwod0VIHUw&gqid=GszNYf7OHcSKjuwPydalwAM&fb=ima_html5-lima&sdkv=h.3.493.0&mrd=4&aab=1&itv=1&gpm_i=18&gpm_c=18&gpm_a=15&smb=1000&br=790&mt=video%2Fwebm&vs=854x480&webm=4&vp9=0&vamt=video%2F3gpp%2Cvideo%2F3gpp%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fwebm%2Cvideo%2Fwebm%2Cvideo%2Fwebm%2Cvideo%2Fwebm%2Capplication%2Fx-mpegurl&hvmf=false&vms=1&bit=44&vsrc=doubleclick_dmm
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4007:819::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://imasdk.googleapis.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:23 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

206
Partial Content

48
r4---sn-aigzrner.c.2mdn.net/videoplayback/id/83a870485b12c986/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3784040722/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mi...
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/83a870485b12c986/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3784040722/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/sign...
https://r4---sn-aigzrner.c.2mdn.net/videoplayback/id/83a870485b12c986/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3784040722/sparams/acao,ctier,expire,id,ip,ipbits,it...

288 KB
0

127ms
32ms

Media
video/webm

2a00:1450:4009:1::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r4---sn-aigzrner.c.2mdn.net/videoplayback/id/83a870485b12c986/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3784040722/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/631B273B82F42ABDFC20168D7687443BFC77E610.44D3669AFAA195436533B97761E65F6C8DA02B7E/key/cms1/cms_redirect/yes/mh/Yf/mip/2001:ac8:21:23:2d9::1/mm/42/mn/sn-aigzrner/ms/onc/mt/1640876692/mv/m/mvi/4/pl/48?cpn=1UPPLi4rg4qd-kIe&file=file.webm

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

HTTP/1.1

Server

2a00:1450:4009:1::a London, United Kingdom, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 15:11:23 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 15 Dec 2021 18:25:21 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/webm
Content-Range: bytes 0-3643209/3643210
Cache-Control: private, max-age=86400
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 3643210
Expires: Thu, 30 Dec 2021 15:11:23 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:23 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r4---sn-aigzrner.c.2mdn.net/videoplayback/id/83a870485b12c986/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3784040722/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/631B273B82F42ABDFC20168D7687443BFC77E610.44D3669AFAA195436533B97761E65F6C8DA02B7E/key/cms1/cms_redirect/yes/mh/Yf/mip/2001:ac8:21:23:2d9::1/mm/42/mn/sn-aigzrner/ms/onc/mt/1640876692/mv/m/mvi/4/pl/48?cpn=1UPPLi4rg4qd-kIe&file=file.webm
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 678
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 bridge3.493.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame EDF6 598 KB
194 KB 41ms
40ms Document
text/html 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 198942
date: Tue, 28 Dec 2021 14:56:35 GMT
expires: Wed, 28 Dec 2022 14:56:35 GMT
last-modified: Wed, 15 Dec 2021 20:12:41 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 173688
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 6351 37 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 14:56:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 888
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:56:35 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame FCFC 107 B
122 B 54ms
54ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 15:11:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame EDF6 156 B
142 B 113ms
112ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21735472908%2Faplvideoandrea7047%2Fvast2&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=483951825761234&sdkv=h.3.493.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&adk=3842990655&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=8EEA2BF3-3440-4C3B-A8F1-12A34BB6827A&nel=1&eid=44750604%2C44750824&url=https%3A%2F%2Fleviatanscans.com%2Fmx&dt=1640877084451&cookie=ID%3Dc64806832bcc985c%3AT%3D1640877078%3AS%3DALNI_MZZFj4-s4jS19hlZIjfy_lD2iPPxA&scor=2880187880826147&ged=ve4_td4_tt2_pd4_la4000_er870.1190.1026.1490_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 206 48
r4---sn-aigzrner.c.2mdn.net/videoplayback/id/83a870485b12c986/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3784040722/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mi... 6 KB
6 KB 63ms
30ms Media
video/webm 2a00:1450:4009:1::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4009:1::a London, United Kingdom, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

35ec2a45c678383720cf3dde7bab8a0256752143690c852750438c3b1c2c4b95

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://leviatanscans.com/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Range: bytes=3637248-

Response headers

date: Thu, 30 Dec 2021 15:11:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 15 Dec 2021 18:25:21 GMT
server: gvs 1.0
vary: Origin
content-type: video/webm
Content-Range: bytes 3637248-3643209/3643210
client-protocol: quic
cache-control: private, max-age=86400
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 5962
expires: Thu, 30 Dec 2021 15:11:23 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame DC7E 42 B
64 B 51ms
50ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame DC7E 41 KB
15 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 14:56:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 173682
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Dec 2022 14:56:41 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DC7E 0
25 B 73ms
73ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=video_impression_ping

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame DC7E 0
24 B 86ms
86ms Image
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuRriaDfJK_QyRbGJSXSQXHSXSxOX4wnALN_YkkmgYqMQUIOyaWrTKBT6fHiiya4607jKf5wBMDSLLHcQKi6Sv8vpvLNY2hV3DupzpprASitIpNO7JS4sicA2KZR4Se0TNZsTupfhtjmZSPC7fagDOfJ-T1YTpsvKWh7HWfNDelPLtmHaDljqe4HtFrA-MG1HcQDGoIqjUvTQ-2TBUSCN6dJhM6f8h7nMeTDXbvooCBksJHervS9ECI_gxBNXRZdCN9bT_m-rOu4o9b4EdYSDCPYIxz86NXU9NzCzsRAQckdgy7bkfacQ2oNsyw4PcDGtMcBa4n6wKfnz4O88Ep-JwAnohVRkEApM44zu5wkjGh4rbpCLxHOEWbXQUb6x2tFvJjPl9t2GuAD1kP4cMfZZkg0Aee5gGeZl1Wxwq0dgbTJVS7a_E0UN1co015uuCBmpnEdngLAzZIEtOqkDDAOMv4iahqIE9ujWmKwwZcV44WeQnqGeWVhPVR62p-A-tFhKb0OC5NcGU2JmF8N9FOuwqj00wDy8TjAiIoLhVhEn0pbGgXAJUrKeJ4olqaIOgyKJEg4jK3HdG11DpAm0fwKM8HEqAn56yxum_OmVpTUgosze2FXSHuVm1qE3EMvt8KCRALUmEUbkWsUlAJ9bgAjyE_7ZLFHQ6My2UxkqQe731H58_zfWMg4zYEEBTFTlSoZ1Oiv8IlfwaqyOJzB1mjeAqV-czLUUfsYMC2hVNhFI6eC-mV8RRdL4EdLu30OofpmRc0zTJfx1-0EJppuEKIXHSTIbnYkGwtd0WCS3Xn0Fhpm1M7SJUj4Qafgzz_2Tt0gpMrJYGq7dHwg9TaekCqB6-fZt8tAp_aAW-VS0k97bobARM9FfU1sfAuSIrtsSbuMPek5JpFVZ7q_Gmw9jRDqSRtHsjNwgd97zjRrPivbgMRMr6uES7i3mXJPf_tU5OHa3xFj_shP1Qz9dIr18PqZMqtYX9Z_UPupKyriPHXkUjR2cQWGiTbLVybAToStDgdY8KAav0mdf8Rdlyi7w8efiTfzYyIZZaDXLdGj0L3LcpD8vE4AmWvAivBuhNVPHepIu1FC161l8Tu2ldOtVePQygrnaiVuGXXU7rRxGxL1pCIcIcLBKOH24JbxxOFRUYlMw55Ct5ogsJgWBAsSwqx510f39V1hAYUgUNn33g6YPGVcbCIk6PfcQjCkh7V0xQvrzOEp-pGS1MbvGpY1sV-QAIMAOGI1CU_FU7rOgF9f67pvZeHmUQh7VQNXMVARw&sai=AMfl-YRLgusrxLVA7Mdz7EYQiyVHaE1lPyR1SimHrtXbXATUP71JuNFlSUhL52Olbclp9WXTpee5sXLF4_7QEn-T7qe7S78cuJyASouJ-3j4S3g7O_ilz024LLPN3cF58Cb-Qe3M81-QhFNYoG6qarhsSgMz5FXcIH9_HU-_DNh6TcANfCy1csRaNw&sig=Cg0ArKJSzDOafUhwh8A7EAE&uach_m=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&fbs_aeid=[gw_fbsaeid]&urlfix=1&sdkv=h.3.493.0&adurl=

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Thu, 30 Dec 2021 15:11:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1

200
OK

firstevent
discovery.demdex.net/ Frame DC7E
Redirect Chain

https://discovery.demdex.net/event?d_event=imp&d_src=488828&d_site=9232428&d_creative=163390915&d_placement=323922277&d_campaign=26791043
https://discovery.demdex.net/firstevent?d_event=imp&d_src=488828&d_site=9232428&d_creative=163390915&d_placement=323922277&d_campaign=26791043

42 B
957 B

49ms
48ms

Image
image/gif

63.32.69.142
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://discovery.demdex.net/firstevent?d_event=imp&d_src=488828&d_site=9232428&d_creative=163390915&d_placement=323922277&d_campaign=26791043

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

HTTP/1.1

Server

63.32.69.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-69-142.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v026-07b1f5098.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: gzev4l8nSRk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-2-v026-02ff4ff71.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: EgDnmPcNTbg=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://discovery.demdex.net/firstevent?d_event=imp&d_src=488828&d_site=9232428&d_creative=163390915&d_placement=323922277&d_campaign=26791043
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK /
d.agkn.com/pixel/2387/ Frame DC7E 43 B
665 B 52ms
49ms Image
image/gif 3.122.111.84
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.agkn.com/pixel/2387/?ct=UK&st=&city=0&dma=0&zp=&bw=4&che=708654478&col=26791043,6195970,323922277,516046797,163390915
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.122.111.84 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-111-84.eu-central-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 15:11:23 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 pixel
googleads.g.doubleclick.net/xbbe/ Frame DC7E 0
0 53ms
50ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ-QQRCDya0CGLuq8r0BIAEwAQ&v=APEucNUfopWZnALCPdKK-bfs6o2Q8X-GYcfIdaxBrfehQQoWJ1tgQRBRUxhPyieITRno9Jgt1dPj4DM8-m_WfYsbm54FWuLWJA
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame DC7E 42 B
64 B 53ms
50ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CHymiGszNYYmfH5Ok3wPRpZ2YBcqaiIpn0euz77oPz8iivcABEAEg3aCKfGC7hoCA0AqgAdjetdYCyAEFqAMByAMTmAQAqgT8AU_Q6BRpP2JLniw3NbIZ1KOR_f4NA_5wUypocwsbmZJasTAj1FT154SYEcowXpicjdRW0T8Req2pkxk9VolkpMeYTYlKHB09pcQI4dcZWFmLmb-eQ6Kh9EAKEnixkugI8W9Q6yHTZrlln33ZK1h4MBmqBS7iA-MEwtSupueOdSkhbNU65CJ8zM4YXl5UfC3nQdzr7zTXZEJvDa4KSUlB4agE_yj1rrjpB6XYcspWdtZ6yio1xscPKWuD7mU-RcRGljU9Mq8nsIzJ-fN7bd6GHHhWkAz-FH6z1jqNan80OpsjFGKVseeALQ8-fpdOg3jF8vHg5jKVjtHwkAXjRMAEuYTjj-0D4AQDkAYBoAZOgAeQocqpAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tMTAyNDcyMTg3Mzg4NDE5OIAKA5gLAcgLAYAMAbATmejkDcgT-uz03gPQEwDYEwqIFALYFAHQFQGAFwE&sigh=wnfCAWnOZG8&label=vast_creativeview&ad_mt=0&acvw=sv%3D914%26cb%3Dima%26e%3D19%26nas%3D1%26sdk%3Dh%26p%3D870,1190,1095,1590%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D1600,4603%26scs%3D1600,1200%26bs%3D1600,1200%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D30015%26vmtime%3D-1%26is%3D275%26cs%3D274%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D1144%26femvt%3D0%26emc%3D3%26emuc%3D0%26emb%3D3,0,0,0,0%26avms%3Dexc%26qi%3D399984215%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D2695%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0.04%26t%3D1640877084192&sdkv=h.3.493.0&vci=CjwIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw1Njk3MjcwMjU2MzdAugQKcQgBEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk1MTYwNDY3OTcyCTE2MzM5MDkxNUCuAVI2CJYGEBIlAADwQSgBOgsxNjMzOTA5MTUtMUIER0RDTUi4A1AAWhAxVVBQTGk0cmc0cWQta0llGAE.

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIs5qpveeL9QIVGNvVCh2JjASMEAAYACDDy_RNOhoIpOjoqQEQuYTjj-0DGPrs9N4DINHrs--6D0ITCImU_rzni_UCFRPSdwod0VIHUw;dc_rmcid=CAASEuRo9iC0qSZ9WHYNVbbC0xeeDw;eps=CIDhgBAQARgd;met=1;acvw=sv%3D914%26cb%3D...
ade.googlesyndication.com/ddm/activity/ Frame DC7E 42 B
107 B 187ms
78ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIs5qpveeL9QIVGNvVCh2JjASMEAAYACDDy_RNOhoIpOjoqQEQuYTjj-0DGPrs9N4DINHrs--6D0ITCImU_rzni_UCFRPSdwod0VIHUw;dc_rmcid=CAASEuRo9iC0qSZ9WHYNVbbC0xeeDw;eps=CIDhgBAQARgd;met=1;acvw=sv%3D914%26cb%3Dima%26e%3D15%26nas%3D1%26sdk%3Dh%26p%3D870,1190,1095,1590%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D1600,4603%26scs%3D1600,1200%26bs%3D1600,1200%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D30015%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26ic%3D274%26cs%3D274%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D1144%26femvt%3D0%26emc%3D3%26emuc%3D0%26emb%3D3,0,0,0,0%26avms%3Dexc%26qi%3D399984215%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D2697%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.04%26t%3D1640877084192;ecn1=1;etm1=0;eid1=200101;

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame DC7E 42 B
69 B 79ms
77ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsskergu04BsbQYAOngEaEbh3pN_g_w0KAEC7GdeJaN0hn7e43nWbY2TsfLR9Vax7Lus9wbjRZv07l7in8JDtDCZ4HL70qlr--CIwFXL-idPC_8l1jrQkA&sai=AMfl-YRkmw-DDFLRlXWmkDLEGaVKkOuWpS3fGaxz297GDfkvyoIid_bMqrbd6BARSsTG6K7reJ_GPhai-KL2w0dkJFmxiPNcbzi4Pzo9n4ylAkBSxoLPsQOTxFRGxON7&sig=Cg0ArKJSzKpt1i2eP6RsEAE&cid=CAASEuRo9iC0qSZ9WHYNVbbC0xeeDw&id=lidarv&acvw=sv%3D914%26cb%3Dima%26e%3D15%26nas%3D1%26sdk%3Dh%26p%3D870,1190,1095,1590%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D1600,4603%26scs%3D1600,1200%26bs%3D1600,1200%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D30015%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26ic%3D274%26cs%3D274%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D1144%26femvt%3D0%26emc%3D3%26emuc%3D0%26emb%3D3,0,0,0,0%26avms%3Dexc%26qi%3D399984215%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D2697%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.04%26t%3D1640877084192&avm=1

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIs5qpveeL9QIVGNvVCh2JjASMEAAYACDDy_RNOhoIpOjoqQEQuYTjj-0DGPrs9N4DINHrs--6D0ITCImU_rzni_UCFRPSdwod0VIHUw;dc_rmcid=CAASEuRo9iC0qSZ9WHYNVbbC0xeeDw;eps=CIDhgBAQARgd;met=1;acvw=sv%3D914%26cb%3Dima%26e%3D0%26nas%3D1%26sdk%3Dh%26p%3D870,1190,1095,1590%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D1600,4603%26scs%3D1600,1200%26bs%3D1600,1200%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D30015%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26i0%3D275%26ic%3D0%26cs%3D274%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D1144%26femvt%3D0%26emc%3D3%26emuc%3D0%26emb%3D3,0,0,0,0%26avms%3Dexc%26qi%3D399984215%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D2699%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.04%26t%3D1640877084192;dc_rfl=1,https%253A%252F%252Fleviatanscans.com%252Fmx%240;ecn1=1;etm1=0;eid1=11;

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame DC7E 42 B
64 B 53ms
50ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CHymiGszNYYmfH5Ok3wPRpZ2YBcqaiIpn0euz77oPz8iivcABEAEg3aCKfGC7hoCA0AqgAdjetdYCyAEFqAMByAMTmAQAqgT8AU_Q6BRpP2JLniw3NbIZ1KOR_f4NA_5wUypocwsbmZJasTAj1FT154SYEcowXpicjdRW0T8Req2pkxk9VolkpMeYTYlKHB09pcQI4dcZWFmLmb-eQ6Kh9EAKEnixkugI8W9Q6yHTZrlln33ZK1h4MBmqBS7iA-MEwtSupueOdSkhbNU65CJ8zM4YXl5UfC3nQdzr7zTXZEJvDa4KSUlB4agE_yj1rrjpB6XYcspWdtZ6yio1xscPKWuD7mU-RcRGljU9Mq8nsIzJ-fN7bd6GHHhWkAz-FH6z1jqNan80OpsjFGKVseeALQ8-fpdOg3jF8vHg5jKVjtHwkAXjRMAEuYTjj-0D4AQDkAYBoAZOgAeQocqpAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tMTAyNDcyMTg3Mzg4NDE5OIAKA5gLAcgLAYAMAbATmejkDcgT-uz03gPQEwDYEwqIFALYFAHQFQGAFwE&sigh=wnfCAWnOZG8&label=part2viewed&ad_mt=0&acvw=sv%3D914%26cb%3Dima%26e%3D0%26nas%3D1%26sdk%3Dh%26p%3D870,1190,1095,1590%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D1600,4603%26scs%3D1600,1200%26bs%3D1600,1200%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D30015%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26i0%3D275%26ic%3D0%26cs%3D274%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D1144%26femvt%3D0%26emc%3D3%26emuc%3D0%26emb%3D3,0,0,0,0%26avms%3Dexc%26qi%3D399984215%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D2699%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.04%26t%3D1640877084192&sdkv=h.3.493.0&vci=CjwIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw1Njk3MjcwMjU2MzdAugQKcQgBEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk1MTYwNDY3OTcyCTE2MzM5MDkxNUCuAVI2CJYGEBIlAADwQSgBOgsxNjMzOTA5MTUtMUIER0RDTUi4A1AAWhAxVVBQTGk0cmc0cWQta0llGAE.

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIs5qpveeL9QIVGNvVCh2JjASMEAAYACDDy_RNOhoIpOjoqQEQuYTjj-0DGPrs9N4DINHrs--6D0ITCImU_rzni_UCFRPSdwod0VIHUw;dc_rmcid=CAASEuRo9iC0qSZ9WHYNVbbC0xeeDw;eps=CIDhgBAQARgd;met=1;acvw=sv%3D914%26cb%3D...
ade.googlesyndication.com/ddm/activity/ Frame DC7E 42 B
494 B 185ms
77ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIs5qpveeL9QIVGNvVCh2JjASMEAAYACDDy_RNOhoIpOjoqQEQuYTjj-0DGPrs9N4DINHrs--6D0ITCImU_rzni_UCFRPSdwod0VIHUw;dc_rmcid=CAASEuRo9iC0qSZ9WHYNVbbC0xeeDw;eps=CIDhgBAQARgd;met=1;acvw=sv%3D914%26cb%3Dima%26e%3D10%26nas%3D1%26sdk%3Dh%26p%3D870,1190,1095,1590%26tos%3D14,0,0,0,0%26mtos%3D14,14,14,14,14%26amtos%3D0,0,0,0,0%26mcvt%3D14%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D14%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D14%26pst%3D-1%26dur%3D30015%26vmtime%3D-1%26dvs%3D14%26dfvs%3D14%26dvpt%3D14%26is%3D275%26i0%3D275%26ic%3D4096%26cs%3D4370%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D1144%26femvt%3D0%26emc%3D3%26emuc%3D0%26emb%3D3,0,0,0,0%26avms%3Dexc%26qi%3D399984215%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D2703%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,14;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.04%26t%3D1640877084192;ecn1=1;etm1=0;eid1=16;

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame DC7E 42 B
64 B 53ms
51ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CHymiGszNYYmfH5Ok3wPRpZ2YBcqaiIpn0euz77oPz8iivcABEAEg3aCKfGC7hoCA0AqgAdjetdYCyAEFqAMByAMTmAQAqgT8AU_Q6BRpP2JLniw3NbIZ1KOR_f4NA_5wUypocwsbmZJasTAj1FT154SYEcowXpicjdRW0T8Req2pkxk9VolkpMeYTYlKHB09pcQI4dcZWFmLmb-eQ6Kh9EAKEnixkugI8W9Q6yHTZrlln33ZK1h4MBmqBS7iA-MEwtSupueOdSkhbNU65CJ8zM4YXl5UfC3nQdzr7zTXZEJvDa4KSUlB4agE_yj1rrjpB6XYcspWdtZ6yio1xscPKWuD7mU-RcRGljU9Mq8nsIzJ-fN7bd6GHHhWkAz-FH6z1jqNan80OpsjFGKVseeALQ8-fpdOg3jF8vHg5jKVjtHwkAXjRMAEuYTjj-0D4AQDkAYBoAZOgAeQocqpAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tMTAyNDcyMTg3Mzg4NDE5OIAKA5gLAcgLAYAMAbATmejkDcgT-uz03gPQEwDYEwqIFALYFAHQFQGAFwE&sigh=wnfCAWnOZG8&label=admute&ad_mt=0&acvw=sv%3D914%26cb%3Dima%26e%3D10%26nas%3D1%26sdk%3Dh%26p%3D870,1190,1095,1590%26tos%3D14,0,0,0,0%26mtos%3D14,14,14,14,14%26amtos%3D0,0,0,0,0%26mcvt%3D14%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D14%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D14%26pst%3D-1%26dur%3D30015%26vmtime%3D-1%26dvs%3D14%26dfvs%3D14%26dvpt%3D14%26is%3D275%26i0%3D275%26ic%3D4096%26cs%3D4370%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D1144%26femvt%3D0%26emc%3D3%26emuc%3D0%26emb%3D3,0,0,0,0%26avms%3Dexc%26qi%3D399984215%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D2703%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,14&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.04%26t%3D1640877084192&sdkv=h.3.493.0&vci=CjwIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw1Njk3MjcwMjU2MzdAugQKcQgBEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk1MTYwNDY3OTcyCTE2MzM5MDkxNUCuAVI2CJYGEBIlAADwQSgBOgsxNjMzOTA5MTUtMUIER0RDTUi4A1AAWhAxVVBQTGk0cmc0cWQta0llGAE.

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 track
servt.modoro360.com/ 0
70 B 115ms
115ms Image
text/plain 35.171.252.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://servt.modoro360.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=71326&t=1640877080&cip=89.238.142.213&sn=&tgt=0&osv=10&bv=96.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=6194e37dd64d962c3c046ac4&test=&aafaid=&proto=https&uid=1640877080009-991052717804-008490-003-006045&cha=0.7&stagid=6194e42745be0c7521582835&stplid=61992a63ecd4ee6f534beea5&d35=&d36=6.1.2.92&cb=51678316431&d9=1000&d37=realtime&AV_WIDTH=400&AV_HEIGHT=225&asid=6194e3c51aa41b34db7b01e6%7C6194e7e8c0031b40a05f5ba6&pid=6194e37dd64d962c3c046ac4%7C60095c900c0799791c46d8d4&cid=6194e38884e57b3ffd645344%7C6194e3a994b65d4a2859ae88&h=47d30a0bae14925f451dde118a02189fa5d6cfb9&d9=1000&ad=30&vi=100&ofpr=2.58848&imid=f7a9c0102898a603030d0c388a862092_172314872_974433&e=impression&cb=1640877081019&ad=30&vi=100&d4=1&d5=4&d1=vpaid&fv=1&cb=1640877081038
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.171.252.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-171-252-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:23 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 track
servt.modoro360.com/ 0
70 B 114ms
114ms Image
text/plain 35.171.252.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://servt.modoro360.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=71326&t=1640877080&cip=89.238.142.213&sn=&tgt=0&osv=10&bv=96.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=6194e37dd64d962c3c046ac4&test=&aafaid=&proto=https&uid=1640877080009-991052717804-008490-003-006045&cha=0.7&stagid=6194e42745be0c7521582835&stplid=61992a63ecd4ee6f534beea5&d35=&d36=6.1.2.92&cb=51678316431&d9=1000&d37=realtime&AV_WIDTH=400&AV_HEIGHT=225&asid=6194e3c51aa41b34db7b01e6%7C6194e7e8c0031b40a05f5ba6&pid=6194e37dd64d962c3c046ac4%7C60095c900c0799791c46d8d4&cid=6194e38884e57b3ffd645344%7C6194e3a994b65d4a2859ae88&h=47d30a0bae14925f451dde118a02189fa5d6cfb9&d9=1000&ad=[AV_ADDURATION]&vi=[AV_VIEWABILITY]&ofpr=2.58848&imid=f7a9c0102898a603030d0c388a862092_172314872_974433&e=start&d1=vpaid&fv=1&cb=1640877081038
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.171.252.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-171-252-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:23 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3 200 bridge3.493.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 13EA 598 KB
194 KB 41ms
40ms Document
text/html 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 198942
date: Tue, 28 Dec 2021 14:56:35 GMT
expires: Wed, 28 Dec 2022 14:56:35 GMT
last-modified: Wed, 15 Dec 2021 20:12:41 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 173688
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 461A 37 KB
13 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 14:56:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 888
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:56:35 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame FCFC 107 B
122 B 50ms
50ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 15:11:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame A1BC 23 KB
9 KB 42ms
42ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8727
date: Tue, 28 Dec 2021 14:56:41 GMT
expires: Wed, 28 Dec 2022 14:56:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 173682
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 206 48
r4---sn-aigzrner.c.2mdn.net/videoplayback/id/83a870485b12c986/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3784040722/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mi... 3 MB
3 MB 30ms
30ms Media
video/webm 2a00:1450:4009:1::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4009:1::a London, United Kingdom, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

d215c50a428d95aa3c8c436ed79e4d47799a78dcf48629df76ed33cf86538e13

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://leviatanscans.com/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Range: bytes=229376-

Response headers

date: Thu, 30 Dec 2021 15:11:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 15 Dec 2021 18:25:21 GMT
server: gvs 1.0
vary: Origin
content-type: video/webm
Content-Range: bytes 229376-3643209/3643210
client-protocol: quic
cache-control: private, max-age=86400
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 3413834
expires: Thu, 30 Dec 2021 15:11:23 GMT

GET
H3 200 f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js Show response
pagead2.googlesyndication.com/bg/ Frame A1BC 35 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 14:41:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 88206
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13559
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 29 Dec 2022 14:41:18 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 13EA 156 B
142 B 114ms
114ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21735472908%2Faplvideoandrea7047%2Fvast1&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=912231010910667&sdkv=h.3.493.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&adk=1249304425&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=8EEA2BF3-3440-4C3B-A8F1-12A34BB6827A&nel=1&eid=44750604%2C44750824&url=https%3A%2F%2Fleviatanscans.com%2Fmx&dt=1640877084869&cookie=ID%3Dc64806832bcc985c%3AT%3D1640877078%3AS%3DALNI_MZZFj4-s4jS19hlZIjfy_lD2iPPxA&scor=2092992065428737&ged=ve4_td5_tt3_pd5_la5000_er870.1190.1026.1490_vi0.0.1200.1600_vp100_ts1_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 bridge3.493.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame DFC8 598 KB
194 KB 41ms
41ms Document
text/html 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 198942
date: Tue, 28 Dec 2021 14:56:35 GMT
expires: Wed, 28 Dec 2022 14:56:35 GMT
last-modified: Wed, 15 Dec 2021 20:12:41 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 173689
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 630B 37 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 14:56:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 889
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:56:35 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame FCFC 107 B
122 B 52ms
52ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 15:11:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A1BC 0
28 B 75ms
75ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.3.493.0&bgai=BFhW5G8zNYfOgDZi21waJmZLgCAAAAAA4AeAEAg&bg=!-_il-LzNAAZKWFskSlg7ACkAdvg8WoS4Y3l2zXUjctJT3hp-yJrDQzYVpnAfExN1luc4JMl0RgTshwIAAACuUgAAAAxoAQcKAFtTDeODb349OJPwe1lE8H5KZ5tsh3G0Gw3Nvrs0cBLtydrptdVm5l9OAqh4B1_NawrvbOy6lr5rOtS33JVcXaO6eDWBPkFPzLQhWy1ArsalPxLN1MrBO0xy4gqwmQLaVmIjjS3UuZQ6SS9TQh58fZL0O6CQW8omzao0Rei6ad4tt3rK536f2IE1tWnFYZRy5g4tLuLRAQQ5Yw-6U-4XEl6k2R4d3-3_KMylI-KzpxC_t8czlKWJW03fhMq-1mM82O5MgHG26T_G9nt-YIw2Zy1sSO7kXS1LS3tcikPzi5JHAySiZlJI9cYLZIuH-zmhmtvfbN2Fl-R4GNEo1f0AkiW65YX2oDM6LwUaWYH7WPNwjxC3nYYD1jb3vb4bvXNKRNrh0V2FI9galoabFrFMN4jcC-x0lwHRXarUX7zUwHbEvlMwpg52Q83LjnvR69bkG1rkwC809_1ogMjShcGNP4ntfTfteXgGBODIeZIKifjx4rfY6kVCj2hsGjzNuCIgoEoBjIFdf1pKeel_dH6X6m1E90hQzaJHIK8c5udT_JOyJFOTjHiNhFQt4pqGXY_Revi1_KQo0CnIK7HSG6NFDSokSkqSYNP0mt3DnZjH6NB2ViY_ieOoHuQYEJehnDlxC0T5Sd1M8zIP71ZdLOsGmgvIOo0OjAyop8iyMw01qI0ryjBv6k3PPFTeTrNqfTnvEZhwIdx1UlGeS6jK3QO-0sOJgz1ovlDt4EkaRxCJD-x0shw3MC_TeypRKS0WnInKpx5zG1EpSCjj9569o9vQFcUR0FIPU8ZzRKejII9G2uvpZPv62UFjBN-cVZrwbLmBKSUpjeuVk6rpZ05vAdIDT89TpV7r0WbHMD4kMYdXHRHNThpRApjvPMjHz2D7RfcHLzP-RsowNfI0W5sLVUNd1q_eEnUIuIDC5EEfN_t0odI1dAZpx-Xgiyo8CKXt1G7i2M6D39jiPZDwYGMQGTSyA4l5R3SQYXlEFRmjA5LecUiByZ1UpEDvKS9vDH_my_lXdAM0vTjy2jj7F5alTaherYclOpGL3tf_AxkI_n3jEsULVV4pb9RyVrt4VcFRvjSrDwsChMvhBcojPA

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame DFC8 156 B
142 B 124ms
123ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21735472908%2Faplvideoandrea%2Faniplay_220&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=257525234585939&sdkv=h.3.493.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&adk=3764815198&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=8EEA2BF3-3440-4C3B-A8F1-12A34BB6827A&nel=1&eid=44750604%2C44750824&url=https%3A%2F%2Fleviatanscans.com%2Fmx&dt=1640877085223&cookie=ID%3Dc64806832bcc985c%3AT%3D1640877078%3AS%3DALNI_MZZFj4-s4jS19hlZIjfy_lD2iPPxA&scor=3385289671259036&ged=ve4_td5_tt3_pd5_la5000_er870.1190.1026.1490_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 bridge3.493.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame DDDB 598 KB
194 KB 41ms
41ms Document
text/html 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 198942
date: Tue, 28 Dec 2021 14:56:35 GMT
expires: Wed, 28 Dec 2022 14:56:35 GMT
last-modified: Wed, 15 Dec 2021 20:12:41 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 173689
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 685E 37 KB
13 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 14:56:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 889
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:56:35 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame FCFC 107 B
122 B 50ms
50ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 15:11:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame DDDB 156 B
142 B 123ms
122ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21735472908%2Faplvideoandrea7047%2Fvast1.3&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3767044938697354&sdkv=h.3.493.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&adk=2521620281&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=8EEA2BF3-3440-4C3B-A8F1-12A34BB6827A&nel=1&eid=44750604%2C44750824&url=https%3A%2F%2Fleviatanscans.com%2Fmx&dt=1640877085581&cookie=ID%3Dc64806832bcc985c%3AT%3D1640877078%3AS%3DALNI_MZZFj4-s4jS19hlZIjfy_lD2iPPxA&scor=2597912661598248&ged=ve4_td6_tt4_pd6_la6000_er870.1190.1026.1490_vi0.0.1200.1600_vp100_ts1_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 track Show response
servt.modoro360.com/ 0
93 B 117ms
117ms XHR
text/plain 35.171.252.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://servt.modoro360.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=71326&t=1640877080&cip=89.238.142.213&sn=&tgt=0&osv=10&bv=96.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=6194e37dd64d962c3c046ac4&test=&aafaid=&proto=https&uid=1640877080009-991052717804-008490-003-006045&cha=0.7&stagid=6194e42745be0c7521582835&stplid=61992a63ecd4ee6f534beea5&d35=&d36=6.1.2.92&cb=51678316431&d9=1000&d37=realtime&AV_WIDTH=400&AV_HEIGHT=225
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=6194e37dd64d962c3c046ac4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.171.252.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-171-252-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 30 Dec 2021 15:11:24 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3 200 bridge3.493.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame A75F 598 KB
194 KB 41ms
41ms Document
text/html 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 198942
date: Tue, 28 Dec 2021 14:56:35 GMT
expires: Wed, 28 Dec 2022 14:56:35 GMT
last-modified: Wed, 15 Dec 2021 20:12:41 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 173689
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 9C7F 37 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 14:56:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 889
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:56:35 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame FCFC 107 B
122 B 49ms
49ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 15:11:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame A75F 156 B
142 B 389ms
388ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21735472908%2Faplvideoandrea%2Faniplay_200&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2246971003515592&sdkv=h.3.493.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&adk=148431012&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=8EEA2BF3-3440-4C3B-A8F1-12A34BB6827A&nel=1&eid=44750604%2C44750824&url=https%3A%2F%2Fleviatanscans.com%2Fmx&dt=1640877085914&cookie=ID%3Dc64806832bcc985c%3AT%3D1640877078%3AS%3DALNI_MZZFj4-s4jS19hlZIjfy_lD2iPPxA&scor=1344086574360887&ged=ve4_td6_tt4_pd6_la6000_er870.1190.1026.1490_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 bridge3.493.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 062B 598 KB
194 KB 41ms
40ms Document
text/html 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 198942
date: Tue, 28 Dec 2021 14:56:35 GMT
expires: Wed, 28 Dec 2022 14:56:35 GMT
last-modified: Wed, 15 Dec 2021 20:12:41 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 173690
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 3A09 37 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 14:56:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 890
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:56:35 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame FCFC 107 B
122 B 50ms
49ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 15:11:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 062B 156 B
142 B 192ms
192ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21683059350%2Faplvideovast%2Fvast3.5&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3887403187864351&sdkv=h.3.493.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&adk=2418474105&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=8EEA2BF3-3440-4C3B-A8F1-12A34BB6827A&nel=1&eid=44750604%2C44750824&url=https%3A%2F%2Fleviatanscans.com%2Fmx&dt=1640877086545&cookie=ID%3Dc64806832bcc985c%3AT%3D1640877078%3AS%3DALNI_MZZFj4-s4jS19hlZIjfy_lD2iPPxA&scor=2688903215639050&ged=ve4_td7_tt5_pd7_la7000_er870.1190.1026.1490_vi0.0.1200.1600_vp100_ts1_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dc_oe=ChMIs5qpveeL9QIVGNvVCh2JjASMEAAYACDDy_RNOhoIpOjoqQEQuYTjj-0DGPrs9N4DINHrs--6D0ITCImU_rzni_UCFRPSdwod0VIHUw;dc_rmcid=CAASEuRo9iC0qSZ9WHYNVbbC0xeeDw;eps=CIDhgBAQARgd;met=1;acvw=sv%3D914%26cb%3D...
ade.googlesyndication.com/ddm/activity/ Frame DC7E 42 B
63 B 127ms
78ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIs5qpveeL9QIVGNvVCh2JjASMEAAYACDDy_RNOhoIpOjoqQEQuYTjj-0DGPrs9N4DINHrs--6D0ITCImU_rzni_UCFRPSdwod0VIHUw;dc_rmcid=CAASEuRo9iC0qSZ9WHYNVbbC0xeeDw;eps=CIDhgBAQARgd;met=1;acvw=sv%3D914%26cb%3Dima%26e%3D9%26nas%3D1%26sdk%3Dh%26p%3D870,1190,1095,1590%26tos%3D2143,0,0,0,0%26mtos%3D2143,2143,2143,2143,2143%26amtos%3D0,0,0,0,0%26mcvt%3D2143%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2143%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D760%26pst%3D473%26dur%3D30015%26vmtime%3D1848%26dtos%3D2143%26dtoss%3D1%26dvs%3D2129%26dfvs%3D2129%26dvpt%3D2129%26is%3D275%26i0%3D275%26ic%3D16777217%26cs%3D16781587%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D1144%26femvt%3D0%26emc%3D13%26emuc%3D0%26emb%3D13,0,0,0,0%26avms%3Dexc%26qi%3D399984215%26psm%3D-2147483645%26psv%3D-2147483645%26psfv%3D-2147483645%26psa%3D0%26ptlt%3D4832%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2143;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.04%26t%3D1640877084192;ecn1=1;etm1=0;eid1=200000;

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame DC7E 42 B
72 B 85ms
84ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsskergu04BsbQYAOngEaEbh3pN_g_w0KAEC7GdeJaN0hn7e43nWbY2TsfLR9Vax7Lus9wbjRZv07l7in8JDtDCZ4HL70qlr--CIwFXL-idPC_8l1jrQkA&sai=AMfl-YRkmw-DDFLRlXWmkDLEGaVKkOuWpS3fGaxz297GDfkvyoIid_bMqrbd6BARSsTG6K7reJ_GPhai-KL2w0dkJFmxiPNcbzi4Pzo9n4ylAkBSxoLPsQOTxFRGxON7&sig=Cg0ArKJSzKpt1i2eP6RsEAE&cid=CAASEuRo9iC0qSZ9WHYNVbbC0xeeDw&id=lidarv&acvw=sv%3D914%26cb%3Dima%26e%3D9%26nas%3D1%26sdk%3Dh%26p%3D870,1190,1095,1590%26tos%3D2143,0,0,0,0%26mtos%3D2143,2143,2143,2143,2143%26amtos%3D0,0,0,0,0%26mcvt%3D2143%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2143%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D760%26pst%3D473%26dur%3D30015%26vmtime%3D1848%26dtos%3D2143%26dtoss%3D1%26dvs%3D2129%26dfvs%3D2129%26dvpt%3D2129%26is%3D275%26i0%3D275%26ic%3D16777217%26cs%3D16781587%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D1144%26femvt%3D0%26emc%3D13%26emuc%3D0%26emb%3D13,0,0,0,0%26avms%3Dexc%26qi%3D399984215%26psm%3D-2147483645%26psv%3D-2147483645%26psfv%3D-2147483645%26psa%3D0%26ptlt%3D4832%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2143&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.04%26t%3D1640877084192

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 bridge3.493.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame CD68 598 KB
194 KB 42ms
42ms Document
text/html 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 198942
date: Tue, 28 Dec 2021 14:56:35 GMT
expires: Wed, 28 Dec 2022 14:56:35 GMT
last-modified: Wed, 15 Dec 2021 20:12:41 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 173690
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame B422 37 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 14:56:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 891
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 30 Dec 2021 15:56:35 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame FCFC 107 B
122 B 49ms
49ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 15:11:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 track
servt.modoro360.com/ 0
70 B 121ms
118ms Image
text/plain 35.171.252.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://servt.modoro360.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=71326&t=1640877080&cip=89.238.142.213&sn=&tgt=0&osv=10&bv=96.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=6194e37dd64d962c3c046ac4&test=&aafaid=&proto=https&uid=1640877080009-991052717804-008490-003-006045&cha=0.7&stagid=6194e42745be0c7521582835&stplid=61992a63ecd4ee6f534beea5&d35=&d36=6.1.2.92&cb=51678316431&d9=1000&d37=realtime&AV_WIDTH=400&AV_HEIGHT=225&asid=6194e3c51aa41b34db7b01e6%7C6194e7e8c0031b40a05f5ba6&pid=6194e37dd64d962c3c046ac4%7C60095c900c0799791c46d8d4&cid=6194e38884e57b3ffd645344%7C6194e3a994b65d4a2859ae88&h=47d30a0bae14925f451dde118a02189fa5d6cfb9&d9=1000&ad=30&vi=100&ofpr=2.58848&imid=f7a9c0102898a603030d0c388a862092_172314872_974433&e=adViImpression&vit=2&vi=100&d1=vpaid&fv=1&cb=1640877081038
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.171.252.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-171-252-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:26 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame CD68 156 B
142 B 109ms
109ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21683059350%2Faplvideovast7047%2Fvast10&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=4348065161615043&sdkv=h.3.493.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&adk=1163165585&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.493.0&sid=8EEA2BF3-3440-4C3B-A8F1-12A34BB6827A&nel=1&eid=44750604%2C44750824&url=https%3A%2F%2Fleviatanscans.com%2Fmx&dt=1640877086984&cookie=ID%3Dc64806832bcc985c%3AT%3D1640877078%3AS%3DALNI_MZZFj4-s4jS19hlZIjfy_lD2iPPxA&scor=97859973192010&ged=ve4_td7_tt5_pd7_la7000_er870.1190.1026.1490_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2629 43 B
215 B 180ms
179ms Image
image/gif 54.218.141.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=829650&asId=7f758203-ffa9-0c64-25fb-f0ff712c7c9e&tv=%7Bc:yiefIw,pingTime:5,time:5782,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:320,h:50,t:31%7D,%7Bpiv:100,vs:i,r:,t:746%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:5036,o:746,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:31,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B739~0%5D,as:%5B739~320.50%5D%7D%7D,%7Bsl:i,t:746,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5036~100%5D,as:%5B5036~320.50%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:536,fm:sT5D0M6+11%7C12%7C13%7C14%7C15%7C16%7C171%7C181%7C19%7C1a1%7C1b1%7C1b21%7C1b3%7C1c%7C1d1%7C1e%7C1f1%7C1f2%7C1f3%7C1f4%7C1f5%7C1f6%7C1g11%7C1h1%7C1h2%7C1i%7C1j1%7C1j2%7C1k1*.829650-57301876%7C1k11%7C1k12%7C1l%7C1m%7C1n%7C1o%7C1p,idMap:1k1.34f1bb75-3292-8a15-5d4d-4102fdc42c5f.54_10933%7C1k1*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.141.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-141-220.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:26 GMT
x-server-name: dt10.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2629 43 B
215 B 183ms
183ms Image
image/gif 54.218.141.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=829650&asId=7f758203-ffa9-0c64-25fb-f0ff712c7c9e&tv=%7Bc:yiefIw,pingTime:5,time:5782,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:320,h:50,t:31%7D,%7Bpiv:100,vs:i,r:,t:746%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:5036,o:746,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:31,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B739~0%5D,as:%5B739~320.50%5D%7D%7D,%7Bsl:i,t:746,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5036~100%5D,as:%5B5036~320.50%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:536,fm:sT5D0M6+11%7C12%7C13%7C14%7C15%7C16%7C171%7C181%7C19%7C1a1%7C1b1%7C1b21%7C1b3%7C1c%7C1d1%7C1e%7C1f1%7C1f2%7C1f3%7C1f4%7C1f5%7C1f6%7C1g11%7C1h1%7C1h2%7C1i%7C1j1%7C1j2%7C1k1*.829650-57301876%7C1k11%7C1k12%7C1l%7C1m%7C1n%7C1o%7C1p,idMap:1k1.34f1bb75-3292-8a15-5d4d-4102fdc42c5f.54_10933%7C1k1*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.141.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-141-220.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:26 GMT
x-server-name: dt02.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 track
servt.modoro360.com/ 0
70 B 120ms
119ms Image
text/plain 35.171.252.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://servt.modoro360.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=71326&t=1640877080&cip=89.238.142.213&sn=&tgt=0&osv=10&bv=96.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=6194e37dd64d962c3c046ac4&test=&aafaid=&proto=https&uid=1640877080009-991052717804-008490-003-006045&cha=0.7&stagid=6194e42745be0c7521582835&stplid=61992a63ecd4ee6f534beea5&d35=&d36=6.1.2.92&cb=51678316431&d9=1000&d37=realtime&AV_WIDTH=400&AV_HEIGHT=225&asid=6194e3c51aa41b34db7b01e6%7C6194e7e8c0031b40a05f5ba6&pid=6194e37dd64d962c3c046ac4%7C60095c900c0799791c46d8d4&cid=6194e38884e57b3ffd645344%7C6194e3a994b65d4a2859ae88&h=47d30a0bae14925f451dde118a02189fa5d6cfb9&d9=1000&ad=30&vi=100&ofpr=2.58848&imid=f7a9c0102898a603030d0c388a862092_172314872_974433&e=sec3&vi=100&d1=vpaid&fv=1&cb=1640877081038
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.171.252.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-171-252-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:26 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2629 43 B
215 B 180ms
180ms Image
image/gif 54.218.141.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=34f1bb75-3292-8a15-5d4d-4102fdc42c5f&tv=%7Bc:yiefP1,pingTime:5,time:5633,type:p,clog:%5B%7Bpiv:-1,vs:n,r:,w:320,h:50,t:526%7D,%7Bpiv:0,vs:o,r:l,t:582%7D,%7Bpiv:100,vs:i,r:,t:631%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:5002,o:631,n:582,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:526,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B78~1,0~0%5D,as:%5B78~320.50%5D%7D%7D,%7Bsl:o,t:582,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B48~0%5D,as:%5B48~320.50%5D%7D%7D,%7Bsl:i,t:631,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5002~100%5D,as:%5B5002~320.50%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:228,fm:sT5D0M6+11%7C12%7C13%7C14%7C15%7C16%7C171%7C181%7C19%7C1a1%7C1b1%7C1b21%7C1b3%7C1c%7C1d1%7C1e%7C1f1%7C1f2%7C1f3%7C1f4%7C1f5%7C1f6%7C1f7%7C1g11%7C1h1%7C1h2%7C1i1%7C1i2%7C1i3%7C1i4%7C1j1%7C1j2%7C1j31%7C1j4%7C1k1*.10933%7C1k11%7C1k12%7C1k13%7C1k14%7C1k15%7C1k16%7C1l%7C1m%7C1n%7C1o%7C1p%7C1q%7C1r1%7C1s%7C1t1%7C1u%7C1v1%7C1w%7C1x1%7C1y%7C1z1,idMap:1k1.7f758203-ffa9-0c64-25fb-f0ff712c7c9e.33_829650-57301876%7C1k1*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.141.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-141-220.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:27 GMT
x-server-name: dt14.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

POST
H2 200 track Show response
servt.modoro360.com/ 0
93 B 126ms
125ms XHR
text/plain 35.171.252.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://servt.modoro360.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=71326&t=1640877080&cip=89.238.142.213&sn=&tgt=0&osv=10&bv=96.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=6194e37dd64d962c3c046ac4&test=&aafaid=&proto=https&uid=1640877080009-991052717804-008490-003-006045&cha=0.7&stagid=6194e42745be0c7521582835&stplid=61992a63ecd4ee6f534beea5&d35=&d36=6.1.2.92&cb=51678316431&d9=1000&d37=realtime&AV_WIDTH=400&AV_HEIGHT=225
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=6194e37dd64d962c3c046ac4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.171.252.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-171-252-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 30 Dec 2021 15:11:29 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3 200 dc_oe=ChMI94aGvOeL9QIVU17lCh0DCQK5EAAYACDvk9dBQhMIw9LTu-eL9QIV5dG7CB3VmwfA;met=1;&timestamp=1640877092231;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame EADB 42 B
63 B 76ms
75ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI94aGvOeL9QIVU17lCh0DCQK5EAAYACDvk9dBQhMIw9LTu-eL9QIV5dG7CB3VmwfA;met=1;&timestamp=1640877092231;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIs5qpveeL9QIVGNvVCh2JjASMEAAYACDDy_RNOhoIpOjoqQEQuYTjj-0DGPrs9N4DINHrs--6D0ITCImU_rzni_UCFRPSdwod0VIHUw;dc_rmcid=CAASEuRo9iC0qSZ9WHYNVbbC0xeeDw;eps=CIDhgBAQARgd;met=1;acvw=sv%3D914%26cb%3Dima%26e%3D1%26nas%3D1%26sdk%3Dh%26p%3D870,1190,1095,1590%26tos%3D7741,0,0,0,0%26mtos%3D7741,7741,7741,7741,7741%26amtos%3D0,0,0,0,0%26mcvt%3D7741%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D7741%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D1764%26pst%3D473%26dur%3D30015%26vmtime%3D7601%26dtos%3D5598%26dtoss%3D2%26dvs%3D5598%26dfvs%3D5598%26dvpt%3D5598%26is%3D275%26i0%3D275%26i1%3D275%26ic%3D0%26cs%3D16781587%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D7741,7741,7741,7741,7741%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D1144%26femvt%3D0%26emc%3D40%26emuc%3D0%26emb%3D40,0,0,0,0%26avms%3Dexc%26qi%3D399984215%26psm%3D-2147483393%26psv%3D-2147483393%26psfv%3D-2147483393%26psa%3D0%26ptlt%3D10430%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,7741;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.04%26t%3D1640877084192;ecn1=1;etm1=0;eid1=960584;

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame DC7E 42 B
64 B 52ms
52ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CHymiGszNYYmfH5Ok3wPRpZ2YBcqaiIpn0euz77oPz8iivcABEAEg3aCKfGC7hoCA0AqgAdjetdYCyAEFqAMByAMTmAQAqgT8AU_Q6BRpP2JLniw3NbIZ1KOR_f4NA_5wUypocwsbmZJasTAj1FT154SYEcowXpicjdRW0T8Req2pkxk9VolkpMeYTYlKHB09pcQI4dcZWFmLmb-eQ6Kh9EAKEnixkugI8W9Q6yHTZrlln33ZK1h4MBmqBS7iA-MEwtSupueOdSkhbNU65CJ8zM4YXl5UfC3nQdzr7zTXZEJvDa4KSUlB4agE_yj1rrjpB6XYcspWdtZ6yio1xscPKWuD7mU-RcRGljU9Mq8nsIzJ-fN7bd6GHHhWkAz-FH6z1jqNan80OpsjFGKVseeALQ8-fpdOg3jF8vHg5jKVjtHwkAXjRMAEuYTjj-0D4AQDkAYBoAZOgAeQocqpAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tMTAyNDcyMTg3Mzg4NDE5OIAKA5gLAcgLAYAMAbATmejkDcgT-uz03gPQEwDYEwqIFALYFAHQFQGAFwE&sigh=wnfCAWnOZG8&label=videoplaytime25&ad_mt=7602&acvw=sv%3D914%26cb%3Dima%26e%3D1%26nas%3D1%26sdk%3Dh%26p%3D870,1190,1095,1590%26tos%3D7741,0,0,0,0%26mtos%3D7741,7741,7741,7741,7741%26amtos%3D0,0,0,0,0%26mcvt%3D7741%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D7741%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D1764%26pst%3D473%26dur%3D30015%26vmtime%3D7601%26dtos%3D5598%26dtoss%3D2%26dvs%3D5598%26dfvs%3D5598%26dvpt%3D5598%26is%3D275%26i0%3D275%26i1%3D275%26ic%3D0%26cs%3D16781587%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D7741,7741,7741,7741,7741%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D1144%26femvt%3D0%26emc%3D40%26emuc%3D0%26emb%3D40,0,0,0,0%26avms%3Dexc%26qi%3D399984215%26psm%3D-2147483393%26psv%3D-2147483393%26psfv%3D-2147483393%26psa%3D0%26ptlt%3D10430%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,7741&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.04%26t%3D1640877084192&sdkv=h.3.493.0&vci=CjwIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw1Njk3MjcwMjU2MzdAugQKcQgBEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk1MTYwNDY3OTcyCTE2MzM5MDkxNUCuAVI2CJYGEBIlAADwQSgBOgsxNjMzOTA5MTUtMUIER0RDTUi4A1AAWhAxVVBQTGk0cmc0cWQta0llGAE.

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 track
servt.modoro360.com/ 0
70 B 120ms
119ms Image
text/plain 35.171.252.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://servt.modoro360.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=71326&t=1640877080&cip=89.238.142.213&sn=&tgt=0&osv=10&bv=96.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=6194e37dd64d962c3c046ac4&test=&aafaid=&proto=https&uid=1640877080009-991052717804-008490-003-006045&cha=0.7&stagid=6194e42745be0c7521582835&stplid=61992a63ecd4ee6f534beea5&d35=&d36=6.1.2.92&cb=51678316431&d9=1000&d37=realtime&AV_WIDTH=400&AV_HEIGHT=225&asid=6194e3c51aa41b34db7b01e6%7C6194e7e8c0031b40a05f5ba6&pid=6194e37dd64d962c3c046ac4%7C60095c900c0799791c46d8d4&cid=6194e38884e57b3ffd645344%7C6194e3a994b65d4a2859ae88&h=47d30a0bae14925f451dde118a02189fa5d6cfb9&d9=1000&ad=30&vi=100&ofpr=2.58848&imid=f7a9c0102898a603030d0c388a862092_172314872_974433&e=firstQuartile&ad=30&vi=100&d1=vpaid&fv=1&cb=1640877081038
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.171.252.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-171-252-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:31 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3 200 dc_oe=ChMIsdelvOeL9QIV78q7CB1uegukEAAYACCbnp9L;met=1;&timestamp=1640877093205;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 2629 42 B
63 B 76ms
76ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIsdelvOeL9QIV78q7CB1uegukEAAYACCbnp9L;met=1;&timestamp=1640877093205;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 track
servt.modoro360.com/ 0
70 B 117ms
117ms Image
text/plain 35.171.252.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://servt.modoro360.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=71326&t=1640877080&cip=89.238.142.213&sn=&tgt=0&osv=10&bv=96.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=6194e37dd64d962c3c046ac4&test=&aafaid=&proto=https&uid=1640877080009-991052717804-008490-003-006045&cha=0.7&stagid=6194e42745be0c7521582835&stplid=61992a63ecd4ee6f534beea5&d35=&d36=6.1.2.92&cb=51678316431&d9=1000&d37=realtime&AV_WIDTH=400&AV_HEIGHT=225&asid=6194e3c51aa41b34db7b01e6%7C6194e7e8c0031b40a05f5ba6&pid=6194e37dd64d962c3c046ac4%7C60095c900c0799791c46d8d4&cid=6194e38884e57b3ffd645344%7C6194e3a994b65d4a2859ae88&h=47d30a0bae14925f451dde118a02189fa5d6cfb9&d9=1000&ad=30&vi=100&ofpr=2.58848&imid=f7a9c0102898a603030d0c388a862092_172314872_974433&e=sec10&vi=100&d1=vpaid&fv=1&cb=1640877081038
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.171.252.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-171-252-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:33 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2629 43 B
215 B 180ms
179ms Image
image/gif 54.218.141.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=829650&asId=7f758203-ffa9-0c64-25fb-f0ff712c7c9e&tv=%7Bc:yieijL,pingTime:15,time:15779,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:320,h:50,t:31%7D,%7Bpiv:100,vs:i,r:,t:746%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:15033,o:746,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:31,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B739~0%5D,as:%5B739~320.50%5D%7D%7D,%7Bsl:i,t:746,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B15033~100%5D,as:%5B15033~320.50%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:190,fm:sT5D0M6+11%7C12%7C13%7C14%7C15%7C16%7C171%7C181%7C19%7C1a1%7C1b1%7C1b21%7C1b3%7C1c%7C1d1%7C1e%7C1f1%7C1f2%7C1f3%7C1f4%7C1f5%7C1f6%7C1g11%7C1h1%7C1h2%7C1i%7C1j1%7C1j2%7C1k1*.829650-57301876%7C1k11%7C1k12%7C1l%7C1m%7C1n%7C1o%7C1p,idMap:1k1.34f1bb75-3292-8a15-5d4d-4102fdc42c5f.54_10933%7C1k1*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.141.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-141-220.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:36 GMT
x-server-name: dt16.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2629 43 B
215 B 183ms
183ms Image
image/gif 54.218.141.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=829650&asId=7f758203-ffa9-0c64-25fb-f0ff712c7c9e&tv=%7Bc:yieijL,pingTime:15,time:15779,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:320,h:50,t:31%7D,%7Bpiv:100,vs:i,r:,t:746%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:15033,o:746,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:31,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B739~0%5D,as:%5B739~320.50%5D%7D%7D,%7Bsl:i,t:746,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B15033~100%5D,as:%5B15033~320.50%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:190,fm:sT5D0M6+11%7C12%7C13%7C14%7C15%7C16%7C171%7C181%7C19%7C1a1%7C1b1%7C1b21%7C1b3%7C1c%7C1d1%7C1e%7C1f1%7C1f2%7C1f3%7C1f4%7C1f5%7C1f6%7C1g11%7C1h1%7C1h2%7C1i%7C1j1%7C1j2%7C1k1*.829650-57301876%7C1k11%7C1k12%7C1l%7C1m%7C1n%7C1o%7C1p,idMap:1k1.34f1bb75-3292-8a15-5d4d-4102fdc42c5f.54_10933%7C1k1*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.141.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-141-220.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:36 GMT
x-server-name: dt18.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2629 43 B
215 B 182ms
182ms Image
image/gif 54.218.141.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=34f1bb75-3292-8a15-5d4d-4102fdc42c5f&tv=%7Bc:yieiqj,pingTime:15,time:15633,type:p,clog:%5B%7Bpiv:-1,vs:n,r:,w:320,h:50,t:526%7D,%7Bpiv:0,vs:o,r:l,t:582%7D,%7Bpiv:100,vs:i,r:,t:631%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:15002,o:631,n:582,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:526,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B78~1,0~0%5D,as:%5B78~320.50%5D%7D%7D,%7Bsl:o,t:582,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B48~0%5D,as:%5B48~320.50%5D%7D%7D,%7Bsl:i,t:631,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B15002~100%5D,as:%5B15002~320.50%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:205,fm:sT5D0M6+11%7C12%7C13%7C14%7C15%7C16%7C171%7C181%7C19%7C1a1%7C1b1%7C1b21%7C1b3%7C1c%7C1d1%7C1e%7C1f1%7C1f2%7C1f3%7C1f4%7C1f5%7C1f6%7C1f7%7C1g11%7C1h1%7C1h2%7C1i1%7C1i2%7C1i3%7C1i4%7C1j1%7C1j2%7C1j31%7C1j4%7C1k1*.10933%7C1k11%7C1k12%7C1k13%7C1k14%7C1k15%7C1k16%7C1l%7C1m%7C1n%7C1o%7C1p%7C1q%7C1r1%7C1s%7C1t1%7C1u%7C1v1%7C1w%7C1x1%7C1y%7C1z1,idMap:1k1.7f758203-ffa9-0c64-25fb-f0ff712c7c9e.33_829650-57301876%7C1k1*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.141.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-141-220.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:37 GMT
x-server-name: dt11.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIs5qpveeL9QIVGNvVCh2JjASMEAAYACDDy_RNOhoIpOjoqQEQuYTjj-0DGPrs9N4DINHrs--6D0ITCImU_rzni_UCFRPSdwod0VIHUw;dc_rmcid=CAASEuRo9iC0qSZ9WHYNVbbC0xeeDw;eps=CIDhgBAQARgd;met=1;acvw=sv%3D914%26cb%3Dima%26e%3D2%26nas%3D1%26sdk%3Dh%26p%3D870,1190,1095,1590%26tos%3D15238,0,0,0,0%26mtos%3D15238,15238,15238,15238,15238%26amtos%3D0,0,0,0,0%26mcvt%3D15238%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D15238%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D3186%26pst%3D473%26dur%3D30015%26vmtime%3D15098%26dtos%3D7497%26dtoss%3D3%26dvs%3D7497%26dfvs%3D7497%26dvpt%3D7497%26is%3D275%26i0%3D275%26i1%3D275%26i2%3D275%26ic%3D512%26cs%3D16782099%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D7497,7497,7497,7497,7497%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D1144%26femvt%3D0%26emc%3D77%26emuc%3D0%26emb%3D77,0,0,0,0%26avms%3Dexc%26qi%3D399984215%26psm%3D-2147418113%26psv%3D-2147418113%26psfv%3D-2147418113%26psa%3D0%26ptlt%3D17927%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,15238;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.04%26t%3D1640877084192;ecn1=1;etm1=0;eid1=18;

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame DC7E 42 B
64 B 53ms
52ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CHymiGszNYYmfH5Ok3wPRpZ2YBcqaiIpn0euz77oPz8iivcABEAEg3aCKfGC7hoCA0AqgAdjetdYCyAEFqAMByAMTmAQAqgT8AU_Q6BRpP2JLniw3NbIZ1KOR_f4NA_5wUypocwsbmZJasTAj1FT154SYEcowXpicjdRW0T8Req2pkxk9VolkpMeYTYlKHB09pcQI4dcZWFmLmb-eQ6Kh9EAKEnixkugI8W9Q6yHTZrlln33ZK1h4MBmqBS7iA-MEwtSupueOdSkhbNU65CJ8zM4YXl5UfC3nQdzr7zTXZEJvDa4KSUlB4agE_yj1rrjpB6XYcspWdtZ6yio1xscPKWuD7mU-RcRGljU9Mq8nsIzJ-fN7bd6GHHhWkAz-FH6z1jqNan80OpsjFGKVseeALQ8-fpdOg3jF8vHg5jKVjtHwkAXjRMAEuYTjj-0D4AQDkAYBoAZOgAeQocqpAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tMTAyNDcyMTg3Mzg4NDE5OIAKA5gLAcgLAYAMAbATmejkDcgT-uz03gPQEwDYEwqIFALYFAHQFQGAFwE&sigh=wnfCAWnOZG8&label=videoplaytime50&ad_mt=15099&acvw=sv%3D914%26cb%3Dima%26e%3D2%26nas%3D1%26sdk%3Dh%26p%3D870,1190,1095,1590%26tos%3D15238,0,0,0,0%26mtos%3D15238,15238,15238,15238,15238%26amtos%3D0,0,0,0,0%26mcvt%3D15238%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D15238%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D3186%26pst%3D473%26dur%3D30015%26vmtime%3D15098%26dtos%3D7497%26dtoss%3D3%26dvs%3D7497%26dfvs%3D7497%26dvpt%3D7497%26is%3D275%26i0%3D275%26i1%3D275%26i2%3D275%26ic%3D512%26cs%3D16782099%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D7497,7497,7497,7497,7497%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D1144%26femvt%3D0%26emc%3D77%26emuc%3D0%26emb%3D77,0,0,0,0%26avms%3Dexc%26qi%3D399984215%26psm%3D-2147418113%26psv%3D-2147418113%26psfv%3D-2147418113%26psa%3D0%26ptlt%3D17927%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,15238&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.04%26t%3D1640877084192&sdkv=h.3.493.0&vci=CjwIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw1Njk3MjcwMjU2MzdAugQKcQgBEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk1MTYwNDY3OTcyCTE2MzM5MDkxNUCuAVI2CJYGEBIlAADwQSgBOgsxNjMzOTA5MTUtMUIER0RDTUi4A1AAWhAxVVBQTGk0cmc0cWQta0llGAE.

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/mx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 15:11:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 track
servt.modoro360.com/ 0
70 B 119ms
119ms Image
text/plain 35.171.252.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://servt.modoro360.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=71326&t=1640877080&cip=89.238.142.213&sn=&tgt=0&osv=10&bv=96.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=6194e37dd64d962c3c046ac4&test=&aafaid=&proto=https&uid=1640877080009-991052717804-008490-003-006045&cha=0.7&stagid=6194e42745be0c7521582835&stplid=61992a63ecd4ee6f534beea5&d35=&d36=6.1.2.92&cb=51678316431&d9=1000&d37=realtime&AV_WIDTH=400&AV_HEIGHT=225&asid=6194e3c51aa41b34db7b01e6%7C6194e7e8c0031b40a05f5ba6&pid=6194e37dd64d962c3c046ac4%7C60095c900c0799791c46d8d4&cid=6194e38884e57b3ffd645344%7C6194e3a994b65d4a2859ae88&h=47d30a0bae14925f451dde118a02189fa5d6cfb9&d9=1000&ad=30&vi=100&ofpr=2.58848&imid=f7a9c0102898a603030d0c388a862092_172314872_974433&e=midpoint&ad=30&vi=100&d1=vpaid&fv=1&cb=1640877081038
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/mx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.171.252.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-171-252-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 15:11:39 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: rtb.adxpremium.services
URL: https://rtb.adxpremium.services/openrtb2/auction

Domain: rtb.adxpremium.services
URL: https://rtb.adxpremium.services/openrtb2/auction

Domain: sync.adtelligent.com
URL: https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=41ced089-453f-4567-9a6d-4e1768a7315b

Domain: sync.adtelligent.com
URL: https://sync.adtelligent.com/csync?&redir=https%3A%2F%2Ft.trafmag.com%2Fimages%2Fimages%2F1px-matching-adtelligent.gif%3Fid%3D%7Buid%7D

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid7JqSNQ2FMTBcLUY0RJCYXUGHwpNCarbc8IKlbxb8s_rVWIOGE6qH9HLV4bYHRs

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx_9vUcTI9ytjUIretR2snqV02KSSofhTtO58oz6yEV-PXIFv3yAdHXj2GlRWpg3AyA

Verdicts & Comments Add Verdict or Comment

296 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

98 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.leviatanscans.com/	1970-01-20 17:19:09	Name: __utma Value: 210982024.647145903.1640877079.1640877079.1640877079.1
.leviatanscans.com/	1969-12-31 23:59:59	Name: __utmc Value: 210982024
.leviatanscans.com/	1970-01-20 04:10:45	Name: __utmz Value: 210982024.1640877079.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.leviatanscans.com/	1970-01-19 23:47:57	Name: __utmt Value: 1
.leviatanscans.com/	1970-01-19 23:47:58	Name: __utmb Value: 210982024.1.10.1640877079
.leviatanscans.com/	1970-01-20 17:19:09	Name: _ga_0DPYVF5JK7 Value: GS1.1.1640877078.1.0.1640877078.0
.leviatanscans.com/	1970-01-20 17:19:09	Name: _ga Value: GA1.1.960163704.1640877079
leviatanscans.com/	1969-12-31 23:59:59	Name: logglytrackingsession Value: a04d647f-4ae7-4ae3-ab6f-ebee5c7f3159
.adtelligent.com/	1970-01-20 02:01:52	Name: vmuid Value: ca26e7f4b4cd6ceb
leviatanscans.com/	1970-01-20 00:31:09	Name: _pbjs_userid_consent_data Value: 3524755945110770
leviatanscans.com/	1970-01-20 08:33:33	Name: _pubcid Value: 7c56050b-b76a-4906-a7a0-5266c84e4d6c
.360yield.com/	1970-01-20 01:57:33	Name: tuuid Value: e6c6ded2-b467-4d71-913c-eb56668b8895
.360yield.com/	1970-01-20 01:57:33	Name: tuuid_lu Value: 1640877078
.yahoo.com/	1970-01-20 08:33:54	Name: A3 Value: d=AQABBBbMzWECEJsOZtN7_JFtVgc8yFaaUscFEgEBAQEdz2HXYQAAAAAA_eMAAA&S=AQAAAiF6jY1I3KAO72umxZZDL48
.adnxs.com/	1970-01-20 01:57:33	Name: uuid2 Value: 3796356488368242503
.casalemedia.com/	1970-01-20 08:33:33	Name: CMID Value: Yc3MFuip2E8Nf8xyJABULgAA
.casalemedia.com/	1970-01-20 01:57:33	Name: CMPS Value: 698
.advertising.com/	1970-01-20 08:34:59	Name: APID Value: UPbd9f6ef3-6982-11ec-95c7-028185212c26
.casalemedia.com/	1970-01-20 01:57:33	Name: CMPRO Value: 646
.pubmatic.com/	1970-01-20 01:57:33	Name: SyncRTB3 Value: 1642032000%3A220
.pubmatic.com/	1970-01-20 01:57:33	Name: KADUSERCOOKIE Value: 67B93125-4F73-4CE7-B889-9D4D778019AB
.adsrvr.org/	1970-01-20 08:33:33	Name: TDID Value: c6d710a3-e93d-4331-be42-5db246c85db2
pbjs.e-planning.net/	1969-12-31 23:59:59	Name: CT Value: 1
.yahoo.com/	1970-01-20 00:34:33	Name: APID Value: UPbd9f6ef3-6982-11ec-95c7-028185212c26
.yahoo.com/	1970-01-19 23:49:23	Name: APIDTS Value: 1640877079
.lijit.com/	1970-01-20 08:33:33	Name: ljt_reader Value: 72520c5b6a85ba298733ec15
.adnxs.com/	1970-01-20 01:57:33	Name: icu Value: ChgI4axaEAoYASABKAEwl5i3jgY4AUABSAEQl5i3jgYYAA..
.infolinks.com/	1970-01-19 23:49:23	Name: VRUSERCOOKIE Value: y-Y4_.JvhE2uFuXpeZEnwNUl9mlkPCc8iVUVDowjc-~A
.e-planning.net/	1970-01-22 13:07:09	Name: E Value: ABuLYjtOW29SpvSi
.betweendigital.com/	1970-01-20 08:33:33	Name: dc Value: mow1
.betweendigital.com/	1970-01-20 08:33:33	Name: tuuid Value: 6e60757f-37eb-516c-990c-c6e2f8c10af5
.betweendigital.com/	1970-01-20 08:33:33	Name: ut Value: Yc3MFwADPCAUiUsoSoUsYDPFxJzACVLfeDEq9Q==
.betweendigital.com/	1970-01-20 08:33:33	Name: ss Value: 1
.betweendigital.com/	1970-01-20 08:33:33	Name: unm Value: 1
.quantumdex.io/	1970-01-20 00:31:09	Name: uid Value: 6938404c-afc1-42ae-a101-cb8a768f85c4
.infolinks.com/	1970-01-19 23:49:23	Name: OUTHUSERCOOKIE Value: y-O2ltmGBE2uHg6z08RT91NdbXkRuLhzF2~A~UPbd9f6ef3-6982-11ec-95c7-028185212c26
.doubleclick.net/	1970-01-20 09:09:33	Name: IDE Value: AHWqTUn4SzsICqSqZdc_2_42lkfz1K-pf7fNoEDIArPOF4TUF7NUNypvYjmqSx_oxcs
.cpx.to/	1970-01-20 08:33:33	Name: cpSess Value: 7dbe7179d831aed7
.cpx.to/	1970-01-20 08:33:33	Name: dsp_app_nexus Value: 3796356488368242503#1640877079319
.quantserve.com/	1970-01-20 09:18:11	Name: mc Value: 61cdcc17-4df3e-45918-a92ba
.infolinks.com/	1970-01-19 23:49:23	Name: IXUSERCOOKIE Value: Yc3MFuip2E8Nf8xyJABULgAA&646
.infolinks.com/	1970-01-20 01:57:33	Name: ANUSERCOOKIE Value: e6c6ded2-b467-4d71-913c-eb56668b8895
.owneriq.net/	1970-01-20 17:19:09	Name: si Value: Q6941634792130552180
.owneriq.net/	1970-01-20 00:02:21	Name: p2 Value: cc
.infolinks.com/	1970-01-19 23:49:23	Name: SOVRNUSERCOOKIE Value: 72520c5b6a85ba298733ec15
.targeting.unrulymedia.com/	1970-01-20 08:33:33	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-10eddfa2-253c-4734-be3d-74b87e49d521-003%22%7D
.pubmatic.com/	1970-01-20 01:57:33	Name: PUBMDCID Value: 3
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjU0MTG1sDA1tDSwNLc0MDezNBHiM9QNyYn3DjT1SA7MSE8HAFkbHj8lAAAA
.rfihub.com/	1970-01-20 09:09:33	Name: eud Value: H4sIAAAAAAAAAFslzmtoZmJgYW5uYG5pYmQOAEZROnEQAAAA
.rfihub.com/	1970-01-20 09:09:33	Name: rud Value: H4sIAAAAAAAAAOMSNjU0MTG1sDA1tDSwNLc0MDezNBHiM9QNyYn3DjT1SA7MSE-X4jU0MzGwMDc3MLc0MTIHAJ6wEPA0AAAA
prebid.a-mo.net/	1970-01-20 08:33:33	Name: __amc Value: 1_1640877079_1640877079
.pubmatic.com/	1970-01-19 23:49:23	Name: pi Value: 60809:3
.pubmatic.com/	1970-01-20 01:57:33	Name: chkChromeAb67Sec Value: 2
.eqads.com/	1970-01-20 01:57:33	Name: EQUser Value: UID=90dbe02f-2d5a-4dda-9ec2-99c46e9a5c17
.infolinks.com/	1970-01-19 23:49:23	Name: R1USERCOOKIE Value: RX-10eddfa2-253c-4734-be3d-74b87e49d521-003
.infolinks.com/	1970-01-19 23:49:23	Name: ZTUSERCOOKIE Value: 5144588519097907694
.infolinks.com/	1970-01-19 23:49:23	Name: KADUSERCOOKIE Value: 67B93125-4F73-4CE7-B889-9D4D778019AB~1640877166294
.modoro360.com/	1970-01-20 00:02:21	Name: aniC Value: 1640877080009-991052717804-008490-003-006045
.leviatanscans.com/	1970-01-20 09:09:33	Name: __gads Value: ID=c64806832bcc985c:T=1640877078:S=ALNI_MZZFj4-s4jS19hlZIjfy_lD2iPPxA
.doubleclick.net/	1970-01-19 23:48:00	Name: DSID Value: NO_DATA
.bidswitch.net/	1970-01-20 08:33:33	Name: tuuid Value: fbf77986-0b88-4928-a681-9a4466aae365
.bidswitch.net/	1970-01-20 08:33:33	Name: c Value: 1640877080
.bidswitch.net/	1970-01-20 08:33:33	Name: tuuid_lu Value: 1640877080
.technoratimedia.com/	1970-01-21 19:35:57	Name: tads_uid Value: GDPR
.leviatanscans.com/	1970-01-20 08:33:33	Name: FCNEC Value: [["AKsRol9IzX7NFOzo15hD-MFQdzQvqvbZW3LCADNjCpyslLeuKJ63AOB6pE7DpCj8jguqLWBxwhjPGBJFTAXPdzdASSgWJMLxbqsoBqxEg0w-NbOT1nr-lVe6DL0YDUMssPWUg8g12j9jD-RZw6F0F73baGIuXGv5dw=="],null,[]]
.1rx.io/	1970-01-20 08:33:33	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-10eddfa2-253c-4734-be3d-74b87e49d521-003%22%7D
.modoro360.com/	1970-01-19 23:49:23	Name: 2_C_22 Value: e6c6ded2-b467-4d71-913c-eb56668b8895
servs.modoro360.com/	1970-01-19 23:49:23	Name: 2_C_22 Value: e6c6ded2-b467-4d71-913c-eb56668b8895
.adnxs.com/	1970-01-20 01:57:33	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GTsds1tp!]tbPl1M>e)ZlrFUfJ+tGXxoPD$ikID`)eA<UNnCSHHCuV?<iBb#o:FlabZObpRzqF1`b_gj+CqQ
.modoro360.com/	1970-01-19 23:49:23	Name: 2_C_200 Value: RX-10eddfa2-253c-4734-be3d-74b87e49d521-003
servs.modoro360.com/	1970-01-19 23:49:23	Name: 2_C_200 Value: RX-10eddfa2-253c-4734-be3d-74b87e49d521-003
.casalemedia.com/	1970-01-20 08:33:33	Name: CMRUM3 Value: 5161cdcc1727602b6-eIzs7CvCu7l63OrwKNq27CTC7uQuje7o7dPL&2761cdcc160b40&e661cdcc162760&2d61cdcc182760CAESEMn61Oo_k9KG0sXGVcoPcuo&f161cdcc1605a0&0561cdcc1605a0&1f61cdcc1605a00&2861cdcc17276090dbe02f-2d5a-4dda-9ec2-99c46e9a5c17
.quantserve.com/	1970-01-20 01:57:33	Name: d Value: EDIBEAGKJYEK_fsQ
.rlcdn.com/	1970-01-20 08:33:33	Name: rlas3 Value: Jt4qqqFiNneGxKeRsbn+Q+A0IZuX5x7yf7bIqgwQMT8=
.rlcdn.com/	1970-01-20 01:14:21	Name: pxrc Value: CJmYt44GEgUI6AcQABIGCOndKhAA
.adsrvr.org/	1970-01-20 08:33:33	Name: TDCPM Value: CAEYASABKAIyCwjMwLnkq-ylOhAFOAFaBzhtMzN6azRgAg..
.analytics.yahoo.com/	1970-01-20 08:34:59	Name: IDSYNC Value: "192u~22dr:18xp~22dr:18yx~22dr"
.travelaudience.com/	1970-01-20 09:18:11	Name: _tracker Value: %7B%22UUID%22%3A%220E033390-6229-4A8F-967B-9F0FBFE03103%22%7D
.3lift.com/	1970-01-20 01:57:33	Name: tluid Value: 9457791322436842038
.media.net/	1970-01-20 08:33:33	Name: visitor-id Value: 2838786810635732000V10
.media.net/	1970-01-20 00:08:06	Name: data-g Value: CAESEJ0m6FVL6FsU-nhFTTtghEY~~6
.media.net/	1970-01-20 00:08:06	Name: data-ttd Value: c6d710a3-e93d-4331-be42-5db246c85db2~~1
.casalemedia.com/	1970-01-19 23:49:23	Name: CMST Value: Yc3MFmHNzBkA
.agkn.com/	1970-01-20 08:33:33	Name: ab Value: 0001%3AkjVOwCmfJ5v%2BQqHwJ9bVQ1RHw7wjx5Bl
.e.dlx.addthis.com/	1970-01-20 09:18:11	Name: na_tc Value: Y
.addthis.com/	1970-01-20 09:18:11	Name: na_id Value: 2021123015112200015969422652
.addthis.com/	1970-01-20 09:18:11	Name: na_tc Value: Y
.addthis.com/	1970-01-20 09:18:11	Name: uid Value: 61cdcc1a32601ae6
.addthis.com/	1970-01-20 09:18:11	Name: ouid Value: 61cdcc1a000117b78cb5e5e77679a3df7422bb6b48ff30393501
.dlx.addthis.com/	1970-01-20 00:31:09	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-20 00:31:09	Name: na_sr Value: 20211230
.dlx.addthis.com/	1970-01-19 23:47:57	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-20 00:31:09	Name: na_sc_e Value: 0
leviatanscans.com/	1970-01-20 09:09:33	Name: cto_bundle Value: nVBeRF9LT3JERTM0T3I1T1pjbll1VUhiSGFkMXZMWWN0YVRjdiUyRjBtbDIwM3RpckVRUkZKb0praFdDR3JocjVjbHREVkZVZlc3T1VzUGtaMVNYTGJSY3BkUkRqSW5HTFIzbEQySHA4V2JyVzFKZWd5NHhFUFlvM3h1Qk1TU09oVDNHdWdx
leviatanscans.com/	1970-01-20 09:09:33	Name: cto_bidid Value: iyr4R18lMkJqaUdTeWZ2RDFoWkVPQlZOVkhvbFFEdWhhQXliME1YcldKQWsxcDBoQkI3MTUlMkJNbGdsdFklMkZOZnMlMkJ0V3BsZkpCMERRQkV3YXh5YUo2Sk8yWWtlaDBBJTNEJTNE
.agkn.com/	1970-01-20 08:33:33	Name: u Value: C\|0GEApYIiZKWCImwAAAAABAQ13AQCAAQpAAAAAAAEABwAAAAABmMyD__8eAAAAAABeiwIAAAAAE06pZQAAAAAJvSXDAAAAAB7CP80A
.demdex.net/	1970-01-20 04:07:09	Name: demdex Value: 58086748967209721293665128486227847791
.discovery.demdex.net/	1970-01-20 04:07:09	Name: discovery Value: 58086748967209721293665128486227847791

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://tags.orquideassp.com/tag/8273 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://pagead2.googlesyndication.com/pagead/show_ads.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://tags.orquideassp.com/tag/8273 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://pagead2.googlesyndication.com/pagead/show_ads.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://leviatanscans.com/type_error:SafeUrl Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://rtb.adxpremium.services/openrtb2/auction Message: Failed to load resource: net::ERR_CONNECTION_CLOSED
network	error	URL: https://rtb.adxpremium.services/openrtb2/auction Message: Failed to load resource: net::ERR_CONNECTION_CLOSED
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPJSkxrainrPkG3CfDKgym6VWhdw3jqid7JqSNQ2FMTBcLUY0RJCYXUGHwpNCarbc8IKlbxb8s_rVWIOGE6qH9HLV4bYHRs Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJgtW8SwSTnohysPt4Br6MsMY9t7k2Ex8BQuy7oy8YvXWDrlLYUClnEX8RyheQLt2TsV8WPPFRx155ZyryrpRyO2tiYxbpUFA Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yc3MFuip2E8Nf8xyJABULgAAAoYAAAAB&google_gid=CAESEKw-7K_yTd4D7q54HftzLsw&google_cver=1&google_push=AYg5qPL-7L4OAPD413pJutzKR4ob4iN4DQotx_9vUcTI9ytjUIretR2snqV02KSSofhTtO58oz6yEV-PXIFv3yAdHXj2GlRWpg3AyA Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a50af0647c5e78709792c49944f12eec.safeframe.googlesyndication.com
ad.360yield.com
ad.doubleclick.net
ad4m.at
ade.googlesyndication.com
ads.betweendigital.com
ads.pubmatic.com
ads.servenobid.com
ads.travelaudience.com
adservice.google.co.uk
adservice.google.com
adtelligent-d.openx.net
adx.adform.net
ap.lijit.com
b1h.zemanta.com
b1sync.zemanta.com
bid.g.doubleclick.net
bidder.criteo.com
c.amazon-adsystem.com
c21lg-d.media.net
ce.lijit.com
cm.g.doubleclick.net
cms.quantserve.com
code.createjs.com
code.jquery.com
contextual.media.net
cpm.unibots.in
cs.media.net
csi.gstatic.com
d.agkn.com
de.tynt.com
delivery.adrecover.com
discovery.demdex.net
dm.hybrid.ai
dsp.adkernel.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
e.dlx.addthis.com
eb2.3lift.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
fw.adsafeprotected.com
gcdn.2mdn.net
ghb.adtelligent.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
googletagmanager.com
gum.criteo.com
hblg.media.net
htlb.casalemedia.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
image8.pubmatic.com
imasdk.googleapis.com
jscdn.greeter.me
leviatanscans.com
lg3.media.net
match.adsrvr.org
match.bnmla.com
mp.4dex.io
mug.criteo.com
odr.mookie1.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
papayads.net
partner.googleadservices.com
pbjs.e-planning.net
pixel.adsafeprotected.com
pixel.advertising.com
pixel.quantserve.com
pixel.rubiconproject.com
player.adtcdn.com
player.adtelligent.com
player.aniview.com
player.avplayer.com
prebid-eu.creativecdn.com
prebid.a-mo.net
prebid.smilewanted.com
pubads.g.doubleclick.net
px.owneriq.net
qsearch-a.akamaihd.net
r4---sn-aigzrner.c.2mdn.net
resources.infolinks.com
router.infolinks.com
rtb.adxpremium.services
rtb.openx.net
s.amazon-adsystem.com
s.cpx.to
s0.2mdn.net
script.4dex.io
securepubads.g.doubleclick.net
serv.modoro360.com
servs.modoro360.com
servt.modoro360.com
ssc-cms.33across.com
ssc.33across.com
ssl.google-analytics.com
ssum-sec.casalemedia.com
static.adsafeprotected.com
static.criteo.net
stats.g.doubleclick.net
supertruco.com
sync.1rx.io
sync.adtelligent.com
sync.go.sonobi.com
sync.targeting.unrulymedia.com
sync.technoratimedia.com
tags.orquideassp.com
tg1.modoro360.com
tpc.googlesyndication.com
u.openx.net
um2.eqads.com
ups.analytics.yahoo.com
useast.quantumdex.io
warp.media.net
www.google-analytics.com
www.google.co.uk
www.google.com
www.googletagservices.com
www.gstatic.com
www.papayads.net
x.bidswitch.net
cm.g.doubleclick.net
rtb.adxpremium.services
sync.adtelligent.com
104.111.215.191
104.111.242.53
104.26.6.39
129.159.70.95
142.250.184.198
142.250.184.226
142.250.185.194
142.250.186.98
147.75.61.140
15.197.193.217
172.217.16.130
172.66.42.247
174.137.133.49
178.162.133.149
178.250.0.157
178.250.0.165
18.156.0.31
18.193.230.138
18.197.73.85
18.66.109.174
185.184.8.65
185.64.189.110
192.0.78.218
193.0.160.128
198.47.127.18
198.47.127.19
198.47.127.20
2.16.186.67
2.18.233.180
2.18.234.21
2.18.235.93
2001:4de0:ac18::1:a:1b
205.185.216.42
209.54.180.144
213.19.147.44
216.52.2.48
23.111.200.117
23.37.38.181
2600:9000:223f:600:8:48e:53c0:93a1
2600:9000:2250:9c00:2:e529:700:93a1
2606:4700:10::6816:2460
2606:4700:20::ac43:4bf1
2606:4700:3032::6815:2c71
2606:4700:3037::6815:135b
2606:4700:3037::6815:3471
2606:4700:3039::6815:c0a7
2606:4700::6812:353
2606:4700::6812:372
2620:116:800d:21:51e4:db4b:4436:b305
2a00:1450:4001:802::200a
2a00:1450:4001:803::200e
2a00:1450:4001:809::2008
2a00:1450:4001:80e::2001
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2001
2a00:1450:4001:812::2002
2a00:1450:4001:827::2003
2a00:1450:4001:828::2003
2a00:1450:4001:82b::2003
2a00:1450:4001:82b::2006
2a00:1450:4001:82b::200e
2a00:1450:4001:82f::200a
2a00:1450:4001:82f::200e
2a00:1450:4001:830::2002
2a00:1450:4001:831::2002
2a00:1450:4001:831::2004
2a00:1450:4001:831::2008
2a00:1450:4007:819::2003
2a00:1450:4009:1::a
2a00:1450:400c:c0c::9b
2a02:2638::1c
2a02:2638::3
2a02:26f0:6c00:28a::2c79
2a02:26f0:6c00::210:ba1a
2a02:26f0:6c00::210:bb21
2a02:26f0:6c00::210:bb99
2a0c:5c81:5142::2
3.122.111.84
34.149.20.76
34.231.131.161
34.241.165.231
34.242.66.111
34.98.64.218
34.98.67.61
35.171.252.175
35.190.0.66
35.227.252.103
35.244.174.68
37.157.5.142
37.18.16.21
37.252.172.37
38.27.122.158
45.133.44.4
5.178.65.245
51.89.21.30
51.89.9.252
54.154.182.198
54.174.249.39
54.218.141.220
54.72.237.47
54.88.99.244
63.32.41.216
63.32.69.142
64.202.112.223
64.74.236.191
66.102.1.154
67.202.105.22
67.202.105.34
69.173.144.139
72.251.249.9
76.223.111.18
77.245.57.72
00b3b0b438a1a3e7f01112f487ffb01e64db47935eb0e1e2927bdb4811ee935f
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
0238d703b19a00969faed52ee7aaef77f9c2b030eab09cf8290a34c382d8a646
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051
0479911127b27309910046e621e9813c33171f25eed795c5f933041f1b11dec9
04e6fb814fccce3a0aecb83be0bc24665cf3e6a5e993f296471a63708f63e138
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0795c0f2ee324de950910865d36a6e93888db235510619459f88f53e11c77c20
07d2b7c2df967b7820b8ce99be3f7db1a1db5a82797826cd9a06e6489e89f71a
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
0a546896f620e65a6db5b922746b9a609f6eb849ef91969682b9979ec9d779f3
0b2ff73f55bb392d94dced5e70652a97b7090a3ace877f9e74383540f1cc1af5
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0cd851e5b33af0fbb354df65506da39807b998e07723f3d08aba5179fa2ed97e
0cf4c08b0f6827c2b9128ee87e6b252605d9e255f562c9f9188b486d9cdd0394
0d98213a583cc573cd291302ec1e71094804e54f3a259ca70324161c9695b961
0dd9935552633c7a149a715988f93a54fc1b1993e2efbf6dc33d5a09d4f33f2d
0e13db9ef39321bb4b07d767962d18a0b3c38d70f210186a0258829672c6eae4
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0f34ac5b7825c44b1b412bd88a5f8c0eefc44c20f58fe68b8cd5255289a57aca
10d9b2ee6dddebff133dae0bd96c629e44810974c347081196d5a9cf215612a7
12247ef1042523a1d64768be7b7aebdb3938b5d2a8342a6d94fa2eb1d4acbbc2
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1349ab831d930c782baf6577f44cd810053db33b587e604e2fdf959da87974e0
139e3933d1528be86b8e9111d4c0c891b1a9d6cc61f5f0d5f4bb23c4f34f24fc
13d2df1bdaaf8d0e9efbf090b130c76dd81a4dc99be37f7eb2d8c6f2307e69a2
1677330ebdd2cc50c12bc87e4d7baad8d1f7b2477aae9033a40bc53053890cfd
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1cb523f61842a97dcebd2366b0efb68d206fcd4d530879c45dded29790decfdd
1d0a0e27a6e814d6d73e847ee7ae8a1bf22e1625992543eff268728fd2f7e5a4
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1e07dc5f74ce36a9e8ec8068b4fdfb91d7044fa29aa19492914bc0ceb55ac639
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
21061765237c66c10b48e236063a3497c22d33629e98f8654d1a3b860fa48700
2160563b906e020e4eaa4d66362de20fab097fecac3b399cde52fdfec052e72a
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
24ff3ff811639dbd0cf8c784eb31af79ce69276c440d62a5181ac92e482cb807
260c4fa0bb32dd09b2436f751905cdd647ede2f6eecadc2d9aa34138f6a05906
26726bac4060abb1226e6ceebc1336e84930fe7a7af1b3895a109d067f5b5dcc
26ac3f6f49fa9327310ea37c924bd47b9efd7a599fc7bf74bb644c25daca6581
26ddf54ed28a5a8527cd6349c747145b0b229115476ea2d113995c05c8580216
293913879d30bab7499013e935009f5183facbddd63bfc9656a859622590b80b
2b2d20e05ab9c873e8b3df7c80ca5d82cf0c5d0e3f6f3af744010967f3d4a52d
2be99b99f418219be8ca7a986038e1a94c5df5b2c91a0c0d9ee35552fbb8fde8
2cc36b7e19b912c6d09739d2c3edbbb05a272be96736ae9fb0b0a70c2a331d48
2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396
2d02d165cb720aec2fde78a93113a459729e0503951353f719076bc5b4a7a845
2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
32575500d68da0a31967cfeb4ac5eb724c6733a42aca88fad3d41a401c9eb80c
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
333465e950f24e693b6db299b91cab42ddafd843df1e6b5deee195f70718ffa3
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
344553683bf450a1df810af5339bbd8a92d0b631d12d9aeff094f1fef5f24dcb
357452f2a55c999ddd3afdcbce2c339d41cf7a01613d9d45ff88a753bb82f21d
35ab68ac95e4ed80cb1481c397e2880e785235068c743e7e13bb18cae19d775b
35ec2a45c678383720cf3dde7bab8a0256752143690c852750438c3b1c2c4b95
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
36f7e89cb79ed00bb3eb43644501e42b98563e123c2144542adde59a40e3229b
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
3879ad6a59cfc1221137bff90eedba00bd9b9450f4732da52f55186f8c946a9a
388405119307f1f72e8b6e9c8e7c3bded6622131bb2d5b0b6590b627343ffb67
38a6885a0efdd1ef7dda598e7567b2c9cb8e19da939256a6885a852247705f4f
38bdfb0b449d596b8bed6f42c89ef0aeb8fb5e0f04bf2c1abc600db898da6062
3a98dfaad4d425c099473a666b3f633ddf5e22d68d3850a9fa5d8111aac563a2
3aed79010fbe2de5b979c31502c15d33e28c6565562a680f994f12e555eeca84
3c27e617cb9beb801b8aa19c3722ef99d2d7ffa673c0da1eb99241de2be87ec7
3d070ced08ef71bcf9833b8d3e837c0a6a4aaac03411f5a976121234082bfeb0
3d1ed1affc8bef9859778b9821375af240dff09e4aa8411456d3168206ed6fe7
3d276d676d044a790a34f40aa20de0fc4e3d1c561a635ae430d28c693fbe1473
3d3e547db2a13d41df925331856b26585b2329ccc95ba9366517e94f45816e7c
41c8460c9c718fb0e8c275b7baa9083f5477ec0919bab552ef952ecee74c567b
43294c18e22cdf63ac68c86743b7258eb8475bf45b88e7876784aa9a0eefdd58
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
471f01c34b1e740437d004fec57ed495c7a681c9ef891f2bfd25ef5c3ac92c9b
477556439826bff483f5a539220d3a748c0b9d18f153f6337be70b883925847b
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4ba1b25e68d60244006d6ce251be9fb095fdc07867e47481a08b4e048dac6d0b
4cb2f23b4dd842f61c29d2b2a945b40de099e624ac079bb8be2ccdc05cb96554
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4dcae7e8aa4cc9d6b038a58e072f751ca5e8fa22fca565d17bae5c4623225808
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
511962f33eb6cbd9d5c1e1daba21c20e39bdb27007a706e208106d0c1dcb5db4
524c7a16fe9ed9e4f4e22c0ce7c27610dfc12c1e63b071eb007cb6dd53f8f33f
5309992180d2462e7a6cf662f5fb330483f2adbffa27d1fba682ea97b56357d0
54cee2d8dddbfc424848203ec93667bebdb0bb7681a14205d1808fc64c88c2d0
554b646191d2ab8967ebd91131ed931ad31c9b0445fd199382c13016e71af0e6
575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e
57d6b25be8e53edfbb469bf824f2d63f1d27f9cf8be3c4a65cebd2b104e21e40
58c0760f001f9590b0b3f847f3749ea54018280191d09f7fa3960c28de9a5883
596608cced1a43420e7d5b7c621a462d9fc5c2594d75a020e3908b6c82d2539b
5ad633e35c299ba6208e50825fbae678dd6272ab28aa0944c2a55bf067f9e456
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5deff4163ad18316aaf1c5ed1aaa3a85f47051686787ab2a2211bb676bcee8a8
5e1374b71b229954ab22ea58320ea94050787435c50e660409e188a3ef390dab
5fc7d2e3184231305ec73246789dbe11e0110ff4d332d25cce5a29f5858513f7
5ffbc206fd0668e877ea0626a10fde94f4465d77ffa15518b7a454847f8cefb6
60421ba56c118854378a7e90ecd0a0180fd598fc0e0faf0b5aa5e8dddb627ce0
60631ed8f1dfa6713ff9e30fec41786aadc477c0cac5a75dca66b5a49f76b901
60a846787e162ec553422194e9323334ac6a62d40f36a858c6f7f2f38f15b3e2
6115155cc5d175a4c02ce2ac6afa143245f00dc02bfb2a0d48049d424bdd1c40
6438deeda87c2438473fc3c887e708b7f23b9c27dbf7df19e2e525f3b299abd9
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
663f09386ec791dec8eaf3b1b18f3c24c2dd06351f9277bba880d9c2a29a91d6
6748b7afb78de53a1d2d4063e4bc61b3f4d17025eb6425e1fe9ca9db3a4dccf1
6757f6d5adae8696fa2d13c32f005130f9a068979fd87d2aa15a1f4e2abab917
68e84c18a824bdd11a4deb974a1606e5782c9dacf6cb1c9d12909e6efab3c80d
69fc7bcafee09477b13dbda32d00410bc15a3faeb3e890cc15fef46d7c84d432
6a53d94e4dae3c762a479c5eab42863daaffbfb81e8d587c49cb17f9cb4c486e
6a775ca98cf4ff122fca7d13aaf3ec5bbf324d0834d0b1404fc6efc70a8e37a5
6b038e3b15c6182fb4b5328d358a49c514ad1d47cf2a2853031b75a77952c5e6
6b270c38e8603e15968af9c6c63b7375d1ab3676d7de33963fdb528d47021446
6b33e4f491c6c9f0fd996c4daa8244b50e59299235caa187aadb0eaacb89aff8
6b54b9d51b8e7575fc6ac2e2bfd7826e021c3385b15f6e07581d58234219a3ce
6b6c187c63bd6211da32ae416431f5a7ca515462adc9058d703354318a8be306
6bdcc96931d474500b0423a364465a1b58bfb0f9fc4e602f27ebc55a107a219e
6def1bda699ef5e604dde98b184bb397b4b13483b2866ef5fb52fe3af531310b
725c8296434e1873a3d51020e78caa746615ba9904a478f0f1501f77c50ba936
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
77e72e51aef1579d0409c964961d5cb4387d3d7d534811ed0a109d7515abe7c5
79219a163e1a67750d478a2fc694a9d5b3dbb3ff609acd4c48edb95b74635b8e
7930f49c4da455b5c7dd46dd4aaa7260afedf32a341da9fa5f6867cdcf4acee4
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7971832c20016200a2a5f62bdc202c7132ab262a0ddc080a0f6e50164a1f8a24
7a2c297ff10d5f0f0be5781b6c8a6f0ad80a8b1f13766e5c53a710a77cc64775
7d3f245ed19e4ac51ec4433c7643b67e0d733b2ce13dcbaed2436beec05336f8
7d4d5fbc26db94a6051ca0ad0867ed9282e5ebbbfe0803209ca5845027ea166f
7f4ae2c5151b4caeaaf66c0e1b6f026f7416e589e8b22c52cd0f5896045ce755
7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf
7ff45556f52496aea6da8eb81814a2f6b621faf43d5d3e5dc8c27da42d68905c
8064021e39b96980da5079cd55014c355aba191e6b9a59c64c6057f868cce09d
8091c035b2cfc560596369db3cc3df6de8dbafd5c825d9585d9a076176a61183
82df16c2b9566862302bf45688a07667a9e658325d3fb54e5dcf9482306a39fa
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
872da42407b1f639ffc235a1f2cba24755b729380791390d8ecfc3b6fa95fb4c
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
88d34d768fff67e23429eef90f0221bfb514aa59a013560d2a3286f2c6ea4534
8a051973cd974d69938bd3994654ce4f699ea7aac4734e51d0bec3b5d430b79a
8b1b9a885cbf0376883df89b5edc39b85021d79a21b15250c5abc4f902c9dfc8
8ba873e69f6392eaef044a33637176a32f3f4cd7a47f3928eb78b2a89018a6ce
8c6fb7c5b9f878275e8ba560fbf1ff002c2823809ee40ff75e5113d8682dd653
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
8d2eb62cccd023cef02f0dc3054c1798027ef758e40856869748dd1c740a1cfb
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8dfa810258dc3047b89d8d960a393beb7c231744eb54854aa0216355d2880e1c
8f82ee58d2108699a11f13c771a5ae5a95bc3360928e9c462198b195f8b9b4bb
9046bf71adf64d44931bd84e86c313417548845d7c1ed53b93ea01549612466b
90b7cbfb57ddecb443fed08c1516d4af8424e91e739f823e8db6bb914292cbae
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
91298475a2b34efd8e78ce2169f4d6eee3c4a067cdec1a379a5e8a96b26b4d09
92492a41ed7dbc02f64b8f399adef0bc87063f9011ea0dcf397d19a8d484bfa7
9284d948e86d2e99f31483b5f4b3a4c3e65e0a6fbca9a8d2db8c6095f82ac3f5
94bd084a74a70d450f4de9d54813a586e05797456b2dc21f60fe6e89960132e2
94c3b7aef4f2ff7f46aa44ee6959cd1420a433a41e70bd8d901322c895752468
95d4d8629ad355ddde1a0d71170cacdfd2d97846f9c9d98f361fe5ecb90639fe
98ddb287f732226372997f79305711a5e967604a39e322057da219fbd872af60
99cbf4cb51f4a6dce8e3b366c6d8dc2a63a18ace5e379c75c72d0b97e9c0ba04
9a739a22d434b6cdfb9d0909c547114cd34975b38ed0cef24a20940517f624fa
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b4ae3dc15cc5f387deddacccab9717a81128c3743e6fe962a892163729bf199
9b8bb7e25dcb0e1170eb74e39d61a923080019e5318d936a04d0ca8e17b93221
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
9dd0267be425d440c77eaddd28c40507f18958cc78e31731857a2f43a97aef91
9e310680af72d7e7b621a632e487dc61eb280a245446e8ef815187a2952e828d
9e4c187bb3bcd3bf31af74e20e70c88c4231ef43bb6ecdd229441cf6d055e77e
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a2433a649238f0fa3def41b128d7d8885e7a20524a0b3725952ff3adcab77b0f
a3adf8de3981a42b01865bc7c8ac3fee4313ca430ae3995af67a951ada8ad971
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a74e0f1d2802b17f26b2d04e92e0783f68bcce7a488f736f4fe5afdc749aef65
a9c873e1a5c6c0e31103888c1f6ca5e902303d00ce9d2862ca8fa8c1dd66163f
aa5a03d2f3559300a1cc98c9865c5f3e7e442cb1907dbe7b6f2966a1c32fc32a
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910
adb7adacd821afa09bc6595a7ccf56381fb9d5caec83ec76702b5ef7b2d070cf
ae058fc90cb1e6c5d92156d35d04a3b113efde3e8d7d851287968c33271d123b
afcee61ffa77c766763143e934d9ea4ab0fbb86e65b5fca2bf8e72fb8cf980b4
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc
b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1a033e4fda51c100304d1fbceda0c9411149226516c424a36d137c5a4afc6b8
b2031f37deaf7d4187f4af0a104aa9222934efcc0085e9257917ae2727ff18dd
b3e65cecf7849a54918a1028fbf26e660d74c075ce5e9a769e74c8af72b3121c
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
b6a3f071a1a3b0e093861f3cf35921926aa10ccce5b4c59c609a19808083fc30
b7ab8989fc4fdf71dad241d721ae8397c01e29c5d5b09050b16f99d0ed297dca
b9284626669f7ed399e7634ad018f2542b74f48fdc6f775bcd30b6326508cfa6
b9a25501dfa30a3f2e95b2bd1a26a62173feb36e2d1ac7c9e1e3d4196ea019bc
ba606c9e3929f635a637959c231747c7969dd4f5b5ec0bd29c5872a2e040dc8f
babb159dce958bffda3e25bc459c0ddec5ec4d5d95cf13b3acbe3b1c0785811d
bc6555743d11492b02d29baa9a7c9084a5946a9507300097ca8c62dffb4fe230
bc7731959f24eb86dc0127adfa88c91e71d68b5a0c958dae09aab1b34438256c
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bdab1c3978eb230cd7809a84424a184ad363dcd802dba528615a85d2765a124f
becb2bafc108983951976faeccb302abaf1830c159056ee0d6a6fcd9319d6b15
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
c0b16719af5d7eb578148d02b9a55da3606a3558bcbd0dad5a409e3dbae278a9
c13afbb9d9d47a05debaad19b34c45a35cb2b4d075ea00d5a5a4f28e846c6627
c1e83eb2cfab4d5ded08a5b16f24b685fb3c3bddd0ea1aad17ca7b00e62e7ee2
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c45a7b49c14477cd160a83d4ee1fb8c311e12314e042d0647c68bec62f16fe29
c7081041f8eb7e8011e73de1556b636ab3627459f834f9ac532ec0928b1f2611
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
c80ede8646cccd2166185c2bacca4b17c828b4fc7d1033f271501f8de913b705
c948b6c9a9cf38601b45b63c383b178785f7588eff912be9543ad5ff32b2d1f9
c97860d29f00345ddfb445f4bbed66944543e7f2f5ed8bb13efc0b733f932275
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf796b5dd480c6cf942cc053c0cdf04d3ef463461760d7a7d7541545f40a2f08
cfd841ef08a38fe64bd9a45b256277ebd038b938c8fdf2cd4ba7781087c3873e
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d1ecf8af7c6241bef014c47ddcd805b38e8a313b1bb5493c2e8b0f020394a85b
d215c50a428d95aa3c8c436ed79e4d47799a78dcf48629df76ed33cf86538e13
d38b3dfdbe84b4b2c9d369269c788a189ac4b0c8acfd10a9c4b8432771b8f081
d4b0976813afe99e70baeaef4ef1ee77ed72fb5276cce430c75141ffde9d90a8
d4c71fb9eac90a3822e490161a6c0f645e4a36c4508d296ab69b694ed995a7ed
d5ef519b6fbcee933f3ef02d2e8357b9875a9bd43d61f69fd8b1ab6ee277a23a
d644dcb9365080ee85a79888a1c032897d5736aa21cb27f429630b81b4fd34ea
d7de6a718d964d3a25d3641628a8902936d6085631663d3f100f623dd3002bfb
d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e
d87ddf917b7a1449ab45e2b8e3c98354629bdd65b6659c37e6023bbea1ce1386
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
da5a43aecdcefd43a94a381e87ad13ccad329df523f72263e7a7412793cbbd2c
dbcbfbedb663b6a5d8569ebe4c279fa1ac0c97e62f91d116e1ff169931dbef20
dbea79f2df0b90afb4a54efb447d86eeb387be30ca8387fb69b069a46ae4896a
dc301354349ed1e7a0e1f656393097d10991617bc77dc50a59eaa25c291f51af
dc924e0a347039ab6a1652e4f006ae5596dd0942c3607c78de1b4975fa7847e3
dceda745a0fb58233a95eff6d10796026df6792cb960cdf675eb7b8a6750a2d2
de80309d98405d566c6fb1912811b24c8ad3a8380f6819d26a6c1eac5cd99185
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26
dfa729d82a3effadab1000181cb99108f232721e3b0af74cfae4c12704b35a32
e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db
e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442
e219a3750c2d6ec7c8aec3dbec8925a89172833ea88268b018b12860d34d933a
e23686b9b7141b46d74c4423b7ecc93551cf211e5aa816a1f39be7ac86377a2c
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e4f7d9088721ba3a7f7b14cd6647412ac23de131fee878971e6fa5ca22709494
e55e7d86f39ea5a73a5762be97a78bd26fad40b5e1d9318816d646109a9f71ee
e5964a20f910f2fefc6a59d8111ea8335fe00df2a0959eb5cb8240116f25328f
e6969b69570c743952ab51b9fba22410be503db91b0566753d6da10894e76dad
e6b629a70cfd4ff3831c27fda3071db00a1988b5b011b782d248787fb0039735
e72901a5cabcc2459283aefd3cba9917b195d004afea2137b3fdb586dfc27ce3
e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b
e87a1c5e24f9a7c7dcb437417f0b05b0a3c12947ce32d65c990c988a8b5ed4d7
e8e000114bdc17336aea3226a8fd1b001170f7371889a6f9ba4153efd32ab358
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
e90232fa519c3b428277755817c64d59056677920763465a851275ed53cd4d0b
e94b12cb948d3d2eff43addf04700f8611ba383c00892652dc294a76bec2a105
ea0776169602aa06ca7e5f4f7455bbc86459d46ca900ed665bf9fe077c77b40b
eaa3d12c6890efadb732d28d679f37a9d9f513ac686e7de453e82000612a7536
eb04b94656de1350a1fe252e640d692b44f9501188d48c01884d6962bea38913
eda76969217d61f1d94de37ea52f15c2266eb2c4fb56f107ff5835c59273bbd8
edc988f9162131dfa6d20d122013987468254662e7cdbc7565c39a5789edb6ca
edd03b96ae4ff7886406c59d7dfeeaa1b624a7da297bf2f92d0cb6b7f9633cba
ee9a49aae5d1fc7602361ae5c6d69fc8eb128d007b4dee67d42ce19bbf2c87e0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc
efc8ec85cc31993a904cbc64f3a2d69986ff3defb68d2512fdc0553273c0d361
f0bf74a88811811537ba7380098101b20fc5ae09de696bd2d04b3b308dbc2b8f
f15c9d64a512fb9023561f563f24a64597d1f91ff4efb88740537a477687254e
f3be6ad457ba5d4425f4d105688e9cf5a32595ff156bd290c8ccbe0e6ca3a68a
f3e04c9fd8cc7d94bfa698896ff5705dbaa829f42d480fa789a0375610aff669
f5543fc3c1e30b255c151988d389c90709913491fc964efa8393cc3964c28f81
f60c3780b054c439575b68030d4b3b8e496c7c17f21b0ef9db25a0e80bf54640
f790f464d4514565e44c49d81bd4f9362b540346a33846681c7b125868733290
f892813352e5e89309ca85164763062ec1bd8adbb8bb586c01ad4ef2df7663f4
f8b0220980de4339ca04d32bc5656435847fecb3a47f2eac38e33277e18eddc8
fa926133299509244ccefff9ae0c690190e8fba1351d539797bd2992c68500b7
fab32ccef85408b763c899ad7c0b910c96c76dc9ed7158ce304fdcd3c0bf8388
fae2efcd0576c10d5c398f04b3839d8d1b49127eff6c7af7a701099998204bda
fb71b5f3d54d14a6259adeaa97eb115cbfd68348cef90ba4fe9a318065b3426e
fd8088042323328c0ab329a44288949cd7be0b5fdecc97a4aae92cbd7e0b26f7
fdb3e6de194f648755da7ac37f139d711ace40c9b0d3b7a67fc44ceab6d80c5f
fe440bd1cc574dd938977d531976c605d6478aef0c411cd25cca10345fb7966c
ff4b0bfbe8f2b851571ba2d36a152dbdc57cf417cd323848dcd99f59041af582
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

leviatanscans.com Open in urlscan Pro 2606:4700:3032::6815:2c71 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

573 Requests

87 %HTTPS

36 %IPv6

78 Domains

128 Subdomains

96 IPs

9 Countries

13137 kBTransfer

26548 kBSize

98 Cookies

38 Outgoing links

Page URL History

Redirected requests

573 HTTP transactions Everything HTML Script AJAX CSS Image Expand all -1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

leviatanscans.com Open in urlscan Pro
2606:4700:3032::6815:2c71 Public Scan

Screenshot
Live screenshot

Full Image

573
Requests

87 %
HTTPS

36 %
IPv6

78
Domains

128
Subdomains

96
IPs

9
Countries

13137 kB
Transfer

26548 kB
Size

98
Cookies

573 HTTP transactions
-1 data transactions