leviatanscans.com Open in urlscan Pro
2a06:98c1:3121::a Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://leviatanscans.com/
Effective URL:
https://leviatanscans.com/ayg
Submission: On May 17 via api (May 17th 2022, 6:24:47 pm UTC) from GB — Scanned from GB

Summary HTTP 599 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 76 IPs in 11 countries across 62 domains to perform 599 HTTP transactions. The main IP is 2a06:98c1:3121::a, located in United States and belongs to CLOUDFLARENET, US. The main domain is leviatanscans.com. The Cisco Umbrella rank of the primary domain is 466738.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 24th 2022. Valid for: a year.

This is the only time leviatanscans.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 64	2a06:98c1:312... 2a06:98c1:3121::a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
80	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
3 7	2606:4700:20:... 2606:4700:20::ac43:4411	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:205... 2600:9000:2057:a000:2:e529:700:93a1	16509 (AMAZON-02) (AMAZON-02)
5	172.66.42.247 172.66.42.247	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
2	2606:4700:440... 2606:4700:4400::ac40:92da	13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
59	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
3	108.156.255.177 108.156.255.177	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1	192.0.78.218 192.0.78.218	2635 (AUTOMATTIC) (AUTOMATTIC)
2	45.133.44.3 45.133.44.3	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1 1	2a00:1450:400... 2a00:1450:400c:c07::9b	15169 (GOOGLE) (GOOGLE)
5 9	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
5	23.227.146.234 23.227.146.234	55081 (24SHELLS) (24SHELLS)
1	2a02:26f0:350... 2a02:26f0:3500:595::2c79	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:350... 2a02:26f0:3500:c::5c7b:6837	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
31	35.173.69.21 35.173.69.21	14618 (AMAZON-AES) (AMAZON-AES)
3	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
35	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
3	23.35.237.86 23.35.237.86	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2a02:26f0:350... 2a02:26f0:3500:58c::2c79	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2606:4700:20:... 2606:4700:20::ac43:4bf1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	135.125.163.79 135.125.163.79	16276 (OVH) (OVH)
1	104.92.100.195 104.92.100.195	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700:10:... 2606:4700:10::6816:2460	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	77.245.57.72 77.245.57.72	36057 (WEBAIR-IN...) (WEBAIR-INTERNET-MTL)
2	52.18.151.34 52.18.151.34	16509 (AMAZON-02) (AMAZON-02)
3	185.33.220.100 185.33.220.100	29990 (ASN-APPNEX) (ASN-APPNEX)
1	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1	146.0.227.109 146.0.227.109	29066 (VELIANET-...) (VELIANET-AS velia.net Internetdienste GmbH)
1	8.2.110.139 8.2.110.139	46636 (NATCOWEB) (NATCOWEB)
2	178.250.2.131 178.250.2.131	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
8	145.40.89.200 145.40.89.200	54825 (PACKET) (PACKET)
2	63.251.14.14 63.251.14.14	14744 (INTERNAP-...) (INTERNAP-BLOCK-4)
1	2606:4700::68... 2606:4700::6812:372	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	46.249.52.249 46.249.52.249	50673 (SERVERIUS-AS) (SERVERIUS-AS)
1	64.202.112.223 64.202.112.223	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1	2a02:2638::2 2a02:2638::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	2a02:2638:1::4 2a02:2638:1::4	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	23.35.229.181 23.35.229.181	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	51.83.220.94 51.83.220.94	16276 (OVH) (OVH)
1	62.149.0.72 62.149.0.72	15497 (COLOCALL ...) (COLOCALL Internet Data Center ColoCALL)
1	54.145.157.73 54.145.157.73	14618 (AMAZON-AES) (AMAZON-AES)
31	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	178.250.2.148 178.250.2.148	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
32	178.250.0.139 178.250.0.139	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
10	178.250.0.162 178.250.0.162	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	64.202.112.159 64.202.112.159	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	151.101.114.132 151.101.114.132	54113 (FASTLY) (FASTLY)
1	104.102.28.254 104.102.28.254	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	150.136.25.38 150.136.25.38	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
2	35.172.49.77 35.172.49.77	14618 (AMAZON-AES) (AMAZON-AES)
2 3	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
2 2	213.19.147.44 213.19.147.44	3356 (LEVEL3) (LEVEL3)
7	18.198.218.238 18.198.218.238	16509 (AMAZON-02) (AMAZON-02)
3	35.157.246.167 35.157.246.167	16509 (AMAZON-02) (AMAZON-02)
1	64.74.236.255 64.74.236.255	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
4 5	192.82.242.209 192.82.242.209	62713 (AS-PUBMATIC) (AS-PUBMATIC)
50	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
3	2a02:2638:1::2 2a02:2638:1::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:813::2006	15169 (GOOGLE) (GOOGLE)
3	2620:116:800d... 2620:116:800d:21:5a23:9c4e:e774:96c1	16509 (AMAZON-02) (AMAZON-02)
1 1	52.214.225.206 52.214.225.206	16509 (AMAZON-02) (AMAZON-02)
15	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
1 1	18.198.193.48 18.198.193.48	16509 (AMAZON-02) (AMAZON-02)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
2	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
2 2	35.158.21.212 35.158.21.212	16509 (AMAZON-02) (AMAZON-02)
1 1	103.229.206.240 103.229.206.240	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 1	2a05:d018:d29... 2a05:d018:d29:3602:1396:457e:6f4c:9f77	16509 (AMAZON-02) (AMAZON-02)
2 2	213.155.156.164 213.155.156.164	1299 (TWELVE99 ...) (TWELVE99 Arelion)
1	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1 1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	2.20.157.55 2.20.157.55	16625 (AKAMAI-AS) (AKAMAI-AS)
2 4	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	141.95.98.66 141.95.98.66	16276 (OVH) (OVH)
599	76

64 2a06:98c1:3121::a (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

leviatanscans.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
player.adtcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

80 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:20::ac43:4411 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

papayads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.papayads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:a000:2:e529:700:93a1 (United States)

ASN16509 (AMAZON-02, US)

tags.orquideassp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.66.42.247 (United States)

ASN13335 (CLOUDFLARENET, US)

resources.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
router.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::ac40:92da (United States)

ASN13335 (CLOUDFLARENET, US)

delivery.adrecover.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

59 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.156.255.177 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-156-255-177.dus51.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.218 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

supertruco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.133.44.3 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

player.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9b (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany) 5 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.227.146.234 (Piscataway, United States)

ASN55081 (24SHELLS, US)

ghb.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:595::2c79 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

tg1.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:c::5c7b:6837 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

player.avplayer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 35.173.69.21 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-69-21.compute-1.amazonaws.com

track1.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.35.237.86 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-237-86.deploy.static.akamaitechnologies.com

widgets.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widget-pixels.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:3500:58c::2c79 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

player.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:4bf1 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 135.125.163.79 (France)

ASN16276 (OVH, FR)
PTR: ns3190286.ip-135-125-163.eu

rtb.adxpremium.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.92.100.195 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-100-195.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:2460 (United States)

ASN13335 (CLOUDFLARENET, US)

useast.quantumdex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 77.245.57.72 (United States)

ASN36057 (WEBAIR-INTERNET-MTL, US)

cpm.unibots.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.18.151.34 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-151-34.eu-west-1.compute.amazonaws.com

ads.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.220.100 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

adtelligent-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.0.227.109 (Ascension Island)

ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE)

inv-nets.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.2.110.139 (United States)

ASN46636 (NATCOWEB, US)

ads4.krushmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 145.40.89.200 (Ashburn, United States)

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.251.14.14 (United States)

ASN14744 (INTERNAP-BLOCK-4, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:372 (United States)

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 46.249.52.249 (Amsterdam, Netherlands) 1 redirects

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net

pbjs.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.202.112.223 (Harrodsburg, United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

b1h.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638:1::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.229.181 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-229-181.deploy.static.akamaitechnologies.com

tcheck.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.83.220.94 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: app-ngx-pl-03.adpartner.pro

a4p.adpartner.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 62.149.0.72 (Ukraine)

ASN15497 (COLOCALL Internet Data Center ColoCALL, UA)
PTR: 0-72.cc86365-03-tmp.cc.colocall.com

sync.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.145.157.73 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-145-157-73.compute-1.amazonaws.com

go1.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.250.2.148 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 178.250.0.139 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.par.vip.prod.criteo.com

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 178.250.0.162 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.202.112.159 (Harrodsburg, United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

log.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.132 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

odb.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.102.28.254 (Milan, Italy)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-102-28-254.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 150.136.25.38 (Ashburn, United States) 1 redirects

ASN31898 (ORACLE-BMC-31898, US)

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.172.49.77 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-172-49-77.compute-1.amazonaws.com

sync.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.156.0.31 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.19.147.44 (Utrecht, Netherlands) 2 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 18.198.218.238 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-218-238.eu-central-1.compute.amazonaws.com

grid.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.157.246.167 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com

web.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c2shb.pubgw.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.74.236.255 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: chi.outbrain.com

mcdp-chidc2.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 192.82.242.209 (United States) 4 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

50 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:1::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:5a23:9c4e:e774:96c1 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.214.225.206 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-214-225-206.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.198.193.48 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-193-48.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.158.21.212 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-21-212.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.229.206.240 (Singapore) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3602:1396:457e:6f4c:9f77 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.164 (Uppsala, Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)
PTR: 213-155-156-164.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.162.133.149 (Rijswijk, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.20.157.55 (Milan, Italy) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-20-157-55.deploy.static.akamaitechnologies.com

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638::1c (France) 2 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.98.66 (France)

ASN16276 (OVH, FR)
PTR: ns3216537.ip-141-95-98.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
110	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 95 cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 130	1 MB
94	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 44 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 187 stats.g.doubleclick.net — Cisco Umbrella Rank: 92 cm.g.doubleclick.net — Cisco Umbrella Rank: 212 pubads.g.doubleclick.net — Cisco Umbrella Rank: 482	349 KB
73	criteo.net static.criteo.net — Cisco Umbrella Rank: 621 pix.eu.criteo.net — Cisco Umbrella Rank: 7541 csm.eu.criteo.net — Cisco Umbrella Rank: 7580	585 KB
62	leviatanscans.com 1 redirects leviatanscans.com — Cisco Umbrella Rank: 466738	1 MB
53	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 46 imasdk.googleapis.com — Cisco Umbrella Rank: 407	10 MB
39	google.com 5 redirects www.google.com — Cisco Umbrella Rank: 7 fundingchoicesmessages.google.com — Cisco Umbrella Rank: 2279 adservice.google.com — Cisco Umbrella Rank: 74	125 KB
38	aniview.com tg1.aniview.com — Cisco Umbrella Rank: 10100 track1.aniview.com — Cisco Umbrella Rank: 1958 player.aniview.com — Cisco Umbrella Rank: 2073 go1.aniview.com — Cisco Umbrella Rank: 5172 sync.aniview.com — Cisco Umbrella Rank: 2798	239 KB
21	criteo.com 2 redirects bidder.criteo.com — Cisco Umbrella Rank: 763 rtb.fr.eu.criteo.com — Cisco Umbrella Rank: 12919 ads.eu.criteo.com — Cisco Umbrella Rank: 7544 cat.nl.eu.criteo.com — Cisco Umbrella Rank: 9672 rtb.nl.eu.criteo.com — Cisco Umbrella Rank: 11299 gum.criteo.com — Cisco Umbrella Rank: 393 mug.criteo.com — Cisco Umbrella Rank: 2669	171 KB
9	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 175	331 KB
8	a-mo.net prebid.a-mo.net — Cisco Umbrella Rank: 1183	2 KB
8	adtelligent.com player.adtelligent.com — Cisco Umbrella Rank: 5115 ghb.adtelligent.com — Cisco Umbrella Rank: 6102 sync.adtelligent.com — Cisco Umbrella Rank: 4112	36 KB
8	gstatic.com fonts.gstatic.com	85 KB
7	bidswitch.net grid.bidswitch.net — Cisco Umbrella Rank: 1107	5 KB
7	yahoo.com 3 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 297 web.ssp.yahoo.com — Cisco Umbrella Rank: 2240 c2shb.pubgw.yahoo.com — Cisco Umbrella Rank: 1063 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 485	3 KB
7	papayads.net 3 redirects papayads.net — Cisco Umbrella Rank: 32473 www.papayads.net — Cisco Umbrella Rank: 35140	29 KB
6	pubmatic.com 4 redirects ads.pubmatic.com — Cisco Umbrella Rank: 439 image6.pubmatic.com — Cisco Umbrella Rank: 612	8 KB
5	outbrain.com widgets.outbrain.com — Cisco Umbrella Rank: 1327 widget-pixels.outbrain.com — Cisco Umbrella Rank: 2750 odb.outbrain.com — Cisco Umbrella Rank: 1442 mcdp-chidc2.outbrain.com — Cisco Umbrella Rank: 6777	89 KB
5	infolinks.com resources.infolinks.com — Cisco Umbrella Rank: 7215 router.infolinks.com — Cisco Umbrella Rank: 3257	58 KB
3	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 1128	1 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 237	15 KB
3	openx.net adtelligent-d.openx.net — Cisco Umbrella Rank: 18143 rtb.openx.net — Cisco Umbrella Rank: 1524	865 B
3	adnxs.com ib.adnxs.com — Cisco Umbrella Rank: 240	13 KB
3	casalemedia.com 2 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 477 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 530	2 KB
3	4dex.io script.4dex.io — Cisco Umbrella Rank: 1842 mp.4dex.io — Cisco Umbrella Rank: 2444	24 KB
3	google.co.uk www.google.co.uk — Cisco Umbrella Rank: 3062 adservice.google.co.uk — Cisco Umbrella Rank: 4630	1 KB
3	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 288	40 KB
3	google-analytics.com 1 redirects ssl.google-analytics.com — Cisco Umbrella Rank: 285 www.google-analytics.com — Cisco Umbrella Rank: 37	18 KB
2	rlcdn.com 2 redirects id.rlcdn.com — Cisco Umbrella Rank: 598	576 B
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 5262	722 B
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 887	2 KB
2	1rx.io 2 redirects sync.1rx.io — Cisco Umbrella Rank: 520	1 KB
2	outbrainimg.com tcheck.outbrainimg.com — Cisco Umbrella Rank: 4142 log.outbrainimg.com — Cisco Umbrella Rank: 2136	788 B
2	e-planning.net 1 redirects pbjs.e-planning.net — Cisco Umbrella Rank: 4049	1 KB
2	lijit.com ap.lijit.com — Cisco Umbrella Rank: 615	1 KB
2	servenobid.com ads.servenobid.com — Cisco Umbrella Rank: 1769	1 KB
2	adtcdn.com player.adtcdn.com — Cisco Umbrella Rank: 21103	121 KB
2	adrecover.com delivery.adrecover.com — Cisco Umbrella Rank: 13660	12 KB
1	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 663	624 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 354	459 B
1	sonobi.com sync.go.sonobi.com — Cisco Umbrella Rank: 1014	478 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 444	861 B
1	mookie1.com odr.mookie1.com — Cisco Umbrella Rank: 947	356 B
1	agkn.com 1 redirects d.agkn.com — Cisco Umbrella Rank: 568	763 B
1	everesttech.net 1 redirects pixel.everesttech.net — Cisco Umbrella Rank: 3409	376 B
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 264	17 KB
1	google.fr adservice.google.fr — Cisco Umbrella Rank: 26188	792 B
1	technoratimedia.com 1 redirects sync.technoratimedia.com — Cisco Umbrella Rank: 1163	388 B
1	adpartner.pro 1 redirects a4p.adpartner.pro — Cisco Umbrella Rank: 8026	259 B
1	creativecdn.com prebid-eu.creativecdn.com — Cisco Umbrella Rank: 5990	179 B
1	zemanta.com b1h.zemanta.com — Cisco Umbrella Rank: 4440	123 B
1	krushmedia.com ads4.krushmedia.com — Cisco Umbrella Rank: 28002	304 B
1	admixer.net inv-nets.admixer.net — Cisco Umbrella Rank: 2358	507 B
1	unibots.in cpm.unibots.in — Cisco Umbrella Rank: 31157	264 B
1	quantumdex.io useast.quantumdex.io — Cisco Umbrella Rank: 9895	339 B
1	adxpremium.services rtb.adxpremium.services — Cisco Umbrella Rank: 7255	866 B
1	avplayer.com player.avplayer.com — Cisco Umbrella Rank: 10014	61 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 789	424 B
1	supertruco.com supertruco.com — Cisco Umbrella Rank: 64645	821 B
1	googletagmanager.com googletagmanager.com — Cisco Umbrella Rank: 70	69 KB
1	orquideassp.com tags.orquideassp.com — Cisco Umbrella Rank: 24150	1 KB
0	gemius.pl Failed googlecm.hit.gemius.pl Failed
0	smilewanted.com Failed prebid.smilewanted.com Failed
599	62

	Domain	Requested by
71	pagead2.googlesyndication.com	leviatanscans.com pagead2.googlesyndication.com tags.orquideassp.com googleads.g.doubleclick.net www.googletagservices.com tpc.googlesyndication.com cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com srcdoc
62	leviatanscans.com	1 redirects leviatanscans.com
50	imasdk.googleapis.com	player.aniview.com imasdk.googleapis.com
49	pubads.g.doubleclick.net	imasdk.googleapis.com
35	tpc.googlesyndication.com	securepubads.g.doubleclick.net googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com leviatanscans.com
32	pix.eu.criteo.net	ads.eu.criteo.com
31	static.criteo.net	ads.eu.criteo.com player.adtcdn.com static.criteo.net
31	track1.aniview.com	leviatanscans.com player.aniview.com
20	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
17	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net imasdk.googleapis.com
15	cm.g.doubleclick.net	cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
13	fundingchoicesmessages.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
10	csm.eu.criteo.net	ads.eu.criteo.com
9	www.googletagservices.com	leviatanscans.com googleads.g.doubleclick.net cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
9	www.google.com	5 redirects tpc.googlesyndication.com cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com leviatanscans.com
9	securepubads.g.doubleclick.net	papayads.net securepubads.g.doubleclick.net leviatanscans.com
8	prebid.a-mo.net	player.adtcdn.com player.aniview.com
8	fonts.gstatic.com	leviatanscans.com fonts.googleapis.com
7	grid.bidswitch.net	player.aniview.com
5	image6.pubmatic.com	4 redirects ads.pubmatic.com
5	ghb.adtelligent.com	player.adtelligent.com player.adtcdn.com
4	gum.criteo.com	2 redirects static.criteo.net
4	cat.nl.eu.criteo.com	ads.eu.criteo.com
4	ads.eu.criteo.com	googleads.g.doubleclick.net cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com leviatanscans.com
4	cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	www.papayads.net	leviatanscans.com www.papayads.net
3	mug.criteo.com
3	cms.quantserve.com	cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
3	rtb.nl.eu.criteo.com	leviatanscans.com
3	ups.analytics.yahoo.com	2 redirects player.aniview.com
3	cdnjs.cloudflare.com	ads.eu.criteo.com
3	ib.adnxs.com	player.adtcdn.com
3	player.aniview.com	player.avplayer.com player.aniview.com
3	fonts.googleapis.com	securepubads.g.doubleclick.net cdnjs.cloudflare.com
3	router.infolinks.com	resources.infolinks.com
3	c.amazon-adsystem.com	papayads.net c.amazon-adsystem.com
3	papayads.net	3 redirects
2	ssum-sec.casalemedia.com	2 redirects
2	id.rlcdn.com	2 redirects
2	d5p.de17a.com	2 redirects
2	pm.w55c.net	2 redirects
2	rtb.openx.net	cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
2	c2shb.pubgw.yahoo.com	player.aniview.com
2	sync.1rx.io	2 redirects
2	sync.aniview.com	player.aniview.com
2	pbjs.e-planning.net	1 redirects leviatanscans.com
2	ap.lijit.com	player.adtcdn.com
2	bidder.criteo.com	player.adtcdn.com
2	ads.servenobid.com	player.adtcdn.com
2	script.4dex.io	player.adtcdn.com script.4dex.io
2	widgets.outbrain.com	leviatanscans.com
2	adservice.google.co.uk	pagead2.googlesyndication.com
2	player.adtelligent.com	player.adtcdn.com
2	player.adtcdn.com	papayads.net
2	delivery.adrecover.com	leviatanscans.com
2	ssl.google-analytics.com	1 redirects leviatanscans.com
2	resources.infolinks.com	leviatanscans.com
1	id5-sync.com	player.adtcdn.com
1	pixel.rubiconproject.com	1 redirects
1	sync.go.sonobi.com	cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
1	pr-bh.ybp.yahoo.com	1 redirects
1	sync.mathtag.com	1 redirects
1	odr.mookie1.com	cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
1	d.agkn.com	1 redirects
1	pixel.everesttech.net	1 redirects
1	s0.2mdn.net	imasdk.googleapis.com
1	mcdp-chidc2.outbrain.com	widgets.outbrain.com
1	adservice.google.fr	securepubads.g.doubleclick.net
1	web.ssp.yahoo.com	player.aniview.com
1	sync.technoratimedia.com	1 redirects
1	ads.pubmatic.com	player.aniview.com
1	odb.outbrain.com	widgets.outbrain.com
1	log.outbrainimg.com	widgets.outbrain.com
1	go1.aniview.com	player.aniview.com
1	sync.adtelligent.com	leviatanscans.com
1	a4p.adpartner.pro	1 redirects
1	widget-pixels.outbrain.com	leviatanscans.com
1	tcheck.outbrainimg.com	widgets.outbrain.com
1	rtb.fr.eu.criteo.com	googleads.g.doubleclick.net
1	prebid-eu.creativecdn.com	player.adtcdn.com
1	b1h.zemanta.com	player.adtcdn.com
1	mp.4dex.io	player.adtcdn.com
1	ads4.krushmedia.com	player.adtcdn.com
1	inv-nets.admixer.net	player.adtcdn.com
1	adtelligent-d.openx.net	player.adtcdn.com
1	cpm.unibots.in	player.adtcdn.com
1	useast.quantumdex.io	player.adtcdn.com
1	htlb.casalemedia.com	player.adtcdn.com
1	rtb.adxpremium.services	player.adtcdn.com
1	player.avplayer.com	tg1.aniview.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	tg1.aniview.com	papayads.net
1	www.google-analytics.com	googletagmanager.com
1	www.google.co.uk	leviatanscans.com
1	stats.g.doubleclick.net	1 redirects
1	supertruco.com	tags.orquideassp.com
1	googletagmanager.com	papayads.net
1	tags.orquideassp.com	leviatanscans.com
0	googlecm.hit.gemius.pl Failed	cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
0	prebid.smilewanted.com Failed	player.adtcdn.com
599	100

This site contains links to these domains. Also see Links.

Domain
xxx.leviatanscans.com
agencyorquidea.com
www.papayads.net
paypal.me
discord.gg
patreon.com
papayads.net

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-03-24` - `2023-03-24`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
tags.orquideassp.com Amazon	`2021-06-29` - `2022-07-28`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
adrecover.com Cloudflare Inc ECC CA-3	`2022-05-03` - `2023-05-02`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
tls.automattic.com R3	`2022-05-10` - `2022-08-08`	3 months	crt.sh
player.adtelligent.com R3	`2022-03-21` - `2022-06-19`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
ghb.adtelligent.com ZeroSSL ECC Domain Secure Site CA	`2022-04-07` - `2022-07-06`	3 months	crt.sh
*.aniview.com DigiCert SHA2 Secure Server CA	`2021-12-30` - `2023-01-03`	a year	crt.sh
*.google.co.uk GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
outstreamedia.com R3	`2022-05-08` - `2022-08-06`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
*.outbrain.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-03` - `2023-04-04`	a year	crt.sh
*.adxpremium.services Sectigo RSA Domain Validation Secure Server CA	`2021-08-05` - `2022-09-05`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
*.unibots.in AlphaSSL CA - SHA256 - G2	`2021-09-02` - `2022-10-04`	a year	crt.sh
ads.servenobid.com Amazon	`2021-06-28` - `2022-07-27`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.admixer.net Sectigo ECC Domain Validation Secure Server CA	`2021-11-16` - `2022-12-17`	a year	crt.sh
*.krushmedia.com Go Daddy Secure Certificate Authority - G2	`2021-11-24` - `2022-12-26`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-11` - `2022-07-07`	3 months	crt.sh
*.a-mo.net R3	`2022-04-19` - `2022-07-18`	3 months	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2022-03-11` - `2023-04-12`	a year	crt.sh
*.zemanta.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-29` - `2022-08-29`	a year	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-17` - `2023-04-12`	a year	crt.sh
*.fr.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-13` - `2022-06-09`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-19` - `2022-06-18`	3 months	crt.sh
*.outbrainimg.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-11` - `2023-03-15`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-11` - `2022-07-13`	3 months	crt.sh
*.nl.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-15` - `2022-06-13`	3 months	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-10` - `2022-07-04`	3 months	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2022-02-04` - `2023-02-03`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-01-11` - `2022-07-06`	6 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2022-04-05` - `2023-05-04`	a year	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-03-08` - `2022-08-31`	6 months	crt.sh
*.google.fr GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-24` - `2023-03-27`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2021-12-08` - `2023-01-09`	a year	crt.sh
*.id5-sync.com R3	`2022-03-08` - `2022-06-06`	3 months	crt.sh

This page contains 138 frames:

Primary Page: https://leviatanscans.com/ayg
Frame ID: A1788FAB62F244AD8DBD2EEECB6D93FC
Requests: 221 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220509/r20190131/zrt_lookup.html
Frame ID: F44350118CAB92BCD727CA2DBDB62989
Requests: 1 HTTP requests in this frame

Frame: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fayg
Frame ID: 50AF9E4E8592112BF4B171124365B045
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&adk=1812271804&adf=3025194257&lmt=1652811865&plat=1%3A16777216%2C8%3A64%2C9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fleviatanscans.com%2Fayg&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=90&bdt=685&idt=15&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4407568677578&frm=20&pv=2&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=285
Frame ID: 700A1A60691E9E01F8B0A8DF107DE35D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=2934450161&adf=1996529579&pi=t.ma~as.8517528668&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=4&bdt=686&idt=86&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=xse1nx5sl3&p=https%3A//leviatanscans.com&dtd=290
Frame ID: C930BE69DD7841F70EFA9E059A3ADB51
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7913044002918072&output=html&h=90&slotname=www.leviatanscans.com&adk=341351668&adf=1137708138&pi=t.ma~as.www.leviatanscans.c_&w=728&lmt=1652811865&url=https%3A%2F%2Fleviatanscans.com%2Fayg&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=5&bdt=685&idt=102&shv=r20220509&mjsv=m202205120101&ptt=5&saldr=sa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=4407568677578&frm=20&pv=2&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=502&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=zuAMxHfhUR&p=https%3A//leviatanscans.com&dtd=325
Frame ID: 5BD0425C2DCF9AAC08437DB7655531A0
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3406818463&adk=3473407943&adf=1447115540&pi=t.ma~as.3406818463&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=13&bdt=685&idt=113&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2053&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=oEd2rjo5GF&p=https%3A//leviatanscans.com&dtd=329
Frame ID: 8182AA61DC18C3874F10E26DF4CD333B
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=250&slotname=9245119454&adk=829915779&adf=2503946917&pi=t.ma~as.9245119454&w=330&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=330x250&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=2&bdt=685&idt=118&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=555&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=HJ5vnt9rsO&p=https%3A//leviatanscans.com&dtd=333
Frame ID: 5DE6E6DC85A65C14E5F662397DF3AB1C
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3064878007&adk=4082483822&adf=57030562&pi=t.ma~as.3064878007&w=1200&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=3&bdt=685&idt=149&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C730x280%2C330x250&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2443&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=ENiZ7otpis&p=https%3A//leviatanscans.com&dtd=341
Frame ID: 34356FDA9ABBD956668901A7CA625F39
Requests: 7 HTTP requests in this frame

Frame: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: BD889BBE9B3B03C8ECE1B7298DFB9E3F
Requests: 1 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Frame ID: F7A94D7B818CCC4A05A801F74B3F41CC
Requests: 2 HTTP requests in this frame

Frame: https://widgets.outbrain.com/outbrain.js
Frame ID: 642348A2AC809C8C249AA4E59836BCDC
Requests: 8 HTTP requests in this frame

Frame: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Frame ID: AE9F779F1DDF130A31E72479B488E6F9
Requests: 19 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YoPoVgAOIb0A-QIGAAnyA8X8gMeh9Z9o0vePVg&u=%7C%2F8l6m5wX50v0H51n%2BfzCfnOO7mCEY6EdnyG08QyEDGY%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzm4RCiJiIGT5xwGwpq72AA9lgQMhjuegw_i1z1sivk7DguWQRdbyTCURx0b8AC2Dglbo7TpCaV1fMieuLSCkiWmzCqBGEl1ChYwmiDj-tjZ4Vo02QfdsJLz43PqGIuC6l9EuFfDtett0-bka6retvFsmVRSHNzHDORtkkeSKXrEpNU6IPXMIUndywFZS6R-TRO-haLcxCe4u_wBEWbW5H_UqOg1Kq0Mm8sZwoBUVNbdlUNq0UC7qgTwMaqqDh0sJj57HMMIbvXW7ZwwLptqGI6qi_KVOH_AA4SAw8a5QMu7vL17mhABZu2tOaOoJnjLRJL_iCtGngJMlV2EGi1Ioq4xC1cCu_Wavy1OHTieW9KdVhBXLoUmdIdCnrtCNfKIJLTobTfOFxzHm3bIIdzWd-KHbWeqFDCh6d-Ba1_0iESilt4kEFcL7SZn&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCyRGNVuiDYr3DOIaE5LcPg-Sn4Avkj9KxXK-w_YiIAcCNtwEQASAAYLsGggEXY2EtcHViLTQ4NzU5NzI0ODgwMTA4NTGgAb3UiOsDyAEJqQLOdrOe_ey0PqgDAaoEzQFP0E4jyd75Z7ygLi5Yxtnbcb76KRxikA7kZ6KVpRyVtm3nK9Y4MOEM80-cMng1X77GXaWhhF8pchjX5dqps7k18f-w4NNwiGLkvU0kQ7_EbjHGuevTF4BcNxhlSwCnXImMw1GozmBdnejF8ZHsNZJ1bjPnXhmvNeW4Oaxkm47FMuSRYvd_-rgZTVLtXXuy-wr9jpOtxrISotteHMc2bm_c0l7D3Ae0fzjnPYb8-GQt18yHdRFYEcCYI9QSmtyf6ezY-V1wHYVO_VW_NgGHgAaN3vehyZykwtcBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2zuEuqlIpPOKBPfvBNuRD1nyRHWw%26client%3Dca-pub-4875972488010851%26adurl%3D
Frame ID: 1FCA23094419BC72DB38B6B21518FA2F
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: ABEEA18104F2BB0C299F9FCE16D8A1C7
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: D6EA1970CAD7117DB5025F5970CCBB34
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: D27A756DC38C6E5AB7DBD3F710E0E677
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220509/r20110914/zrt_lookup.html?fsb=1
Frame ID: 93D5A4FC8FD6CAFA309C2554915FF034
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: EA159DFFEF0689CCC123CAF28023C848
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/g51hIJTSSbKmE1DfHFqbr9lDc41juRM9f8n7HMlSD3A.js
Frame ID: 3053C13107113D524F4C2496A5DBEFE0
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=160993&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1652811863869-963056969725-006807-009-008792%26biddername%3D1%26key%3D
Frame ID: EE9800F33CD8C5E54A16A667AA444B7C
Requests: 2 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1652811863869-963056969725-006807-009-008792&biddername=3&key=GDPR
Frame ID: 04B26F2AE5E47B7D9EEFF6860D82A752
Requests: 1 HTTP requests in this frame

Frame: https://ups.analytics.yahoo.com/ups/58543/occ?gdpr=1&gdpr_consent=
Frame ID: 0CF46E9D2A3FADD05F2D6E0CBE3670BB
Requests: 1 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1652811863869-963056969725-006807-009-008792&biddername=200&key=OPTOUT
Frame ID: C9EB8172FDAB1508D34205D7FCBD623E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/g51hIJTSSbKmE1DfHFqbr9lDc41juRM9f8n7HMlSD3A.js
Frame ID: 8D3032C4151740EE0928EAAAB441C6E0
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/g51hIJTSSbKmE1DfHFqbr9lDc41juRM9f8n7HMlSD3A.js
Frame ID: DA6A95AE8C9FB06EE1AAA926EFD8C955
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/g51hIJTSSbKmE1DfHFqbr9lDc41juRM9f8n7HMlSD3A.js
Frame ID: 038197EAE6CC85D79C1F2B02D8F11848
Requests: 1 HTTP requests in this frame

Frame: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 56A1A8C5429BB879252A06E785B74B16
Requests: 1 HTTP requests in this frame

Frame: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E8C20178AEFF1D1287A39A929356FCF0
Requests: 9 HTTP requests in this frame

Frame: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 714D490ABFE52320E6032483E25A1EBE
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B678AF12F798CBE0203638486089A374
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C6AC3C8C8B06069749BD98CD0798391A
Requests: 2 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YoPoWAACDqwK4EsBAAqIK2imhG1ScHJJESnbAg&u=%7CH%2Fudr%2FBqJnzddeTZFFVnNd0Z8kav6%2Bc%2BrsO7x737BVo%3D%7C&c1=0n2XosTo5clc2Y5hvSIf5mYMGd9qs4qlgkCe6-ijoCRMK1mCmTgIbqIDMD2xRulRs1WR3SMSMjCjPcKo2Ky-sWAAgnR155fpZaW0UpgRNfFYv-A6W_zmlvG9wHJt5FPMfNfl6IvItqReK_SJG43nL4Pf_7NaQHUb8Hmx3iNkELobq8lKiqBFxHcDw1TpfpbYDEiEr4ZZ3Gs0sHqEhnS8rqBUjnTT0VSVXvLk4sIPwUc7bcn8nL32TSyoLv2XxTl-eXxGV_0fEQ6jZdAxOkyddtDCWb3XJ3R9g9glp4Q8VE5whz15ZhCrmuOTsssJmQpyWSB7xtvwR02dsXoreoS7QU0MOW_bZdBxPWXHbmy59a2884fZPbNqFlOUnl92bbNet0NympFPBiKjT2wb9O7F2woV-o3TZq2dIDATYlvuW7xjquW0A_JWSNVwrVR98PK0_K2ptQiDl7w8VTvhKSo4lkmgcBdsR_fjO1MOVpbk7XteofTGapnUEg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-aOSWOiDYqydCIGWgQerkKqYBMme0rFctZjj1pMBwI23ARABIABglQKCARdjYS1wdWItNzEzMDUyMjU1ODI1MTIwMaAB1bbS6gPIAQmpAmta3VZCrrE-4AIAqAMBqgSIAk_QdQW_hh2nSVIlbF3zxG1r1NdccTlgQEurVIAjbnCEKr-CCVwjOhlPk_JkHzmzp7DkdlIYuvI8mfIVh6kI2zg3DX6tY1r5L6SypSdTpENVtR1_D1fek4fn4IsVZtKK4eqvMq5tjphaZAhGVgrMCd8qaPq8j3iGNpKrhUgIl7Shs-uQuXpO404nedqZq-9cPfoW825XXMuesR0hu46kbacYL2FvV6NvkqYQQt6t48Y1_slIxd2oiMzWXkWlfxdw3Tr_4DrNLKuv7P73ZweIETLbQUX9OSEeWpVooMDiQDgUaZ4i9QT-Y9Up1EHZ7jNS0pL0RViQOt19NCriYxdrYla1MpM-_R3NYuAEAYAGi76M3cCuk9raAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3hZdhjfx4QCdDLzpWSaJMOgCjqYA%26client%3Dca-pub-7130522558251201%26adurl%3D
Frame ID: 4009EB40C34898E2903ACB2550359D70
Requests: 20 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: CB21CB22A4F220B853F8CCDA73096971
Requests: 9 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YoPoWAACD1EK4EsBAAqIK9WSE9tQoQaQJLi2Qw&u=%7CH%2Fudr%2FBqJny9uHVNN9iAencr4h6dRyV0Wd4sqKpvSyY%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9WJFnYIjd6QuwnXZqEaa1gUNh9XpcFaLgYAMdHUQKUvDTjI51INLdRCtFN-3CSgzfR7p-o4F1qZDpl6ydNq-Z1lPG9TQELik0f-QF3H_oFq0TWrhFNtVK2JyGEHX5oqgOEgnIK2QpFr4q_37Z7SRiQtHE6Q7e8YowcJOby0QAD-coIfsfAaSfKEskcUGvYUIqo53wkENy28xIfDoMi_WxG1Hjh7q7WvaEOqj4tVo9UFhssy_k9vM0BYxfhBO_Fti_U9OQsaXYncaTfZfcdkyKyBy2heYx9Dl7uR5_OwCRhSykPLk00C-XmC671pX6hMCyDzStAxOS-D-LlooJk2AFOIgA15UAyIGO6Y53XYVvmJsg7LrxK6NhrzEKl5X1bNn23CjXRav15jeKpCCsSEf6GUtu8rIrlSecP8OA37RUCOn4&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC3GtTWOiDYtGeCIGWgQerkKqYBMme0rFc1Z2R93DAjbcBEAEgAGCVAoIBF2NhLXB1Yi04NTg0Mzg0NTE2NTUwMTAwoAHVttLqA8gBCakCa1rdVkKusT7gAgCoAwGqBIECT9BHYI0zRmywRY0VCbKmKdHkYd4eLVT7fqWuUaaPUQ07me5lKFAcg-f64HhnS_AKNeW7wsJ6I8ImNYEKg70nqaj1ItTT9s4ctACcgvpHFcindiDI-jUid7krKsFJkvr6q4e4Bc1MJGfjq4y3URAcX3ZFmohxGvNSbGMNpl9pma4PuZj6EH3MU3CJavbF46rVCc_sLcS_Hk-Sw2pJskrvhnkv4i_jC7fZ83tFk_byzjjwujj7ePtH314uhoPQNf-T_Zc57UPU5hgVHCt4tbC85hQuJFU7D_124l0p2cDEhsHblb_74C0ULX1Dwh3fYLkTPBJWW6s17xrqjebDPWjbB-bgBAGABrn6je7ojPjawwGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0qNP5fC17CNumbtrrK4y-rNiQxaQ%26client%3Dca-pub-8584384516550100%26adurl%3D
Frame ID: 727FB93036060CDC108E7339CEC2ECE3
Requests: 40 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 954214AEDEDE6A6179C10A21F8CBE16D
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pagead/adview?ai=CUXBOWOiDYoucCIGWgQerkKqYBMme0rFc1Z2R93DAjbcBEAEgAGCVAoIBF2NhLXB1Yi0zOTk0NDY0MTQwNDMxNjAzoAHVttLqA8gBCakCa1rdVkKusT7gAgCoAwGqBPwBT9C9tQMxiU6rMTyPqUDCaaK9pbT_rTkycAxtvwHxg916OVUwdtC81Cca7hsgzrWXzmOfF2-4oiKQ6Kn-JEmsFUsDocOLnr2UFKTvN9qsTkFBQB8xsV9GObr2p6g3Uzfysw-T4wtvlJKxhXUF1gntKzg4LMLE4fHIUXL6viTb4-WKeYxxuDrJZVycuACi4le0ZDZK24x9OJs29x8Omte3jV7QZcTUNWIR5HZ2HQ9GaLkLY2Nbub0ABeVLk1O_N4-eL6AMKXnyoBMfgXWwAW53ewBu9PtHEigBxwphcveRQc_BRP15ti8e9mhLsNo8xIvJ8aB6siesDyKpBlL64AQBgAbzoaOX0Oyz7n2gBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAYAKAfoLAggBgAwB0BUBgBcBshccChoSFHB1Yi0zOTk0NDY0MTQwNDMxNjAzGKuRcA&sigh=_k7-ugRPaDQ&uach_m=[UACH]&cid=CAQSOwCNIrLMqC6JL6Jdd7jhC1-JQfvHj7g7RRuMwFDApI-dvZWEDg6EwTfjbIbQJK_Cpk6u8dAC8rY-aAFDGAE
Frame ID: 443DBD1225BFF4ED40786A77F2815234
Requests: 9 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YoPoWAACDgsK4EsBAAqIK3dagTMRijz8ZxI2bA&u=%7CH%2Fudr%2FBqJnwefUpAleY3nSDR3%2F%2BAL1rlMH7M7x%2FX7L4%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzm4RCiJiIGT5xwGwpq72AA9lgQMhjuegw_i1z1sivk7Dkf3965Oj6pIy1pLVOsYrbonYUYAxlqMeclno8pSZAKGDq861CQvEt67w2gKcVchupdXjmKIQz91Mo_56LU-z-LMaLyfdVQIdXkluoVFrFVdMZgoIJoHXccpMXVSq3o9R0_DmdsWXpa0TQJOJQM-FHGTEAZPxIZnNAcoHDUBLxnN3oceoM-te-V4aZGVAGkD2hueRXMGH0ls95oS-5YCDA1ZdGwf-nAncL59XP3VCJLdpG9k42_NNBk8duiSdU6EmGU1pqR7X1SpPI9BUdiV1capc1TZmolqv3vvnKYX3l0trIh7RBdTAwu6jXXqgzrzJ1MIHsY7dv6kxwc0P0HKLWXWfmMSl0fvAZbcKCFcZnQtjo_1g7ssFDTLpbzVspu1VnLe7esA9KRr&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP9PZWOiDYoucCIGWgQerkKqYBMme0rFc1Z2R93DAjbcBEAEgAGCVAoIBF2NhLXB1Yi0zOTk0NDY0MTQwNDMxNjAzoAHVttLqA8gBCakCa1rdVkKusT7gAgCoAwGqBP8BT9C9tQMxiU6rMTyPqUDCaaK9pbT_rTkycAxtvwHxg916OVUwdtC81Cca7hsgzrWXzmOfF2-4oiKQ6Kn-JEmsFUsDocOLnr2UFKTvN9qsTkFBQB8xsV9GObr2p6g3Uzfysw-T4wtvlJKxhXUF1gntKzg4LMLE4fHIUXL6viTb4-WKeYxxuDrJZVycuACi4le0ZDZK24x9OJs29x8Omte3jV7QZcTUNWIR5HZ2HQ9GaLkLY2Nbub0ABeVLk1O_N4-eL6AMKXnyoBMfgXWwAW53ewBu9PtHEmoD5pjm_WuC_lPV5y1EENcX4mL9uvQkRj8BzAaIDTmAF6cDgkFFo3Za4AQBgAbzoaOX0Oyz7n2gBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0vt4_djumDEQSTxV0Ka1R9vW7Q0Q%26client%3Dca-pub-3994464140431603%26adurl%3D
Frame ID: AFB6A78784B93D1ADDA113DCE557FDF9
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: BA1B5B7EB99F2B22D3DA675217177A47
Requests: 9 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 042B36E5679C936A6E56641CA43E650D
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: FF96C40C4CD1134AA9E4AB02F8A41838
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 9A202B42034D0E24BFB29C643A9CD4C1
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 2DEAF85115F737F0FED85C69E8D62FB9
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 2928814A67587785861E417DD9FDD752
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 86D0EA8B5D0BAE60EC82509CF44A2DD9
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 54EA424A276415283D191D7E2F31A959
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: C6CDD39839DB9E8516D0EFDED0C9249F
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 1BC996E9DD739181D44EE467B97B6216
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 27EECEC8B0276967809B2C6369BF4767
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=leviatanscans.com
Frame ID: 7654FB44C40696AAC8C06FD90DD53697
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 0A1F3069F5C264205345859824C1EFB0
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: CEFCA2A808014768D5DB608BBBD5A5B2
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: A14AD5D31E593903697940AFF8B6DD8E
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: C48F65B702752B26C187190BFC99E615
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 6CE14F30FCD11E73C17CDB01D215AA56
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 906AD286DBDC8742057CFEE429822AA9
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: D502550E289A0B41A50885DE72F484CD
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: EE1BF169D8A489762C979D2725492734
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: D400BEDF76BFC59DFBD113EEE8655C33
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 66569D1461534EE246752AA4E1353719
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 7F0E7E510D369A9E1B0E09D205E6BB73
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: E83CB132D08D7871ADB21E1AE53A79B8
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: CFD3C21AB9448220C9C0EBB125110F11
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: B504DFA680D4395C5D199F5ED64E5FE8
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: FF8B68C8D33A3D7E15EC6D7BEC2D8F47
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 7B7F92BDD11EE9C66FB661CD729DF92E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 52D70AE3C50FE7DEC968920000C3EEBA
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 888F4CC5E97C360371D6760425C8E552
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 892D875D6521B6474126EF893E9CA8B4
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 8EBEAA24A12B7AE76B34885FBA40E987
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: FF05DD9FBD68DEAC8D12E2693C9BDDFF
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 7C95884EB5C9572BEBC9E465ABB1E3A7
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: B76E5C2139D7527ABE8CD12C0914848A
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 75D87534A0412F529E60CE303E7B2448
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 1FF3ED83002CE91EEF5E947B80D7E137
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: D98ABF59D932E10765BB9AA0E6365571
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: DD8A931016B963F0F933BBFA8A5DDA76
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 10E5F61AF6232196A060AF74CB918FBF
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 891C8100DD6362D81C3CBFB171EC83C9
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 44ADB3F844B3CAF8155E9F84A6C1EE55
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: BB30B2D6E0DF37B64FC20359EE21DE53
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 4533267B58E5C3F226359EE310DEADD4
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: A10C36B1FE46109E68E68F19B5F59D63
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 9AAC69A209E3598CCE7D50541B0D9018
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 564AB8996A46EFE82AE578574C7BF51D
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 1B189B11AB6AC0AACF48AA5EB00D8C5A
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 9C223A9542CF796276153BD86C58410C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 12CA7F0EA55091A261E542F120E8538C
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 9142D71D257DE7BB0418A972E31977B8
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: A05E49DA461A6321C5334C8C3E4640BB
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 5295F475F3B4D55A232D36591CA9D839
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 83637775CBF138BF71871D2E17F5F5CC
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: E8E724D2535E860E0BC44A588FE0CC8D
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 33EEE25BED259F374FAAFEAD43A0C51A
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 7002DCD71199797E8A6FA3C450E28F9E
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: C295355D6A62749A2DED4B2DBF397BF5
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 132672CC3B0389D79D8CC7DA271B56AE
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 1E09C7EE9E5AA981DFE0E47A7404A1A1
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 9AD466AF3AF75CB970089D9E477F2E50
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: AB3608998350A1C9EBC0740330E49DA5
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 6C6A630BC1EC5A137C493A1D8CD7D5C1
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 4E894DE179488190FB3A539B8CB008D0
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 77BED58DF638F5E5A3CE5799929BEB88
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 3C70D56C1B3E3BBC4F342E22F58F874C
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 62CF1BA9EAA04FA3B969F0EC06549CB4
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 85C98CAFC54B313A028F8F12FE0E2DDE
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 3E00FD4762F084D7A93362A573EF12C0
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: EFDC5C51FCDD094D575F89BA6015FEA0
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 5A0BDDDE1B61B987A3BD59DF5FB3F24F
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 228E72D09A1A5F8898043C16AF8A8F19
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: F557062A9DA4D1C0CA726B1D36F7A24B
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 97E6272AD0978BDBA142185F2176B677
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: E813AEB183553D75B597B6D23A874D0B
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: CBAED18D6A8E1253438EAC0FAC5741EC
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 6D8C036DF36AFA780E8A3E4A4DBAAF35
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 8EFD7382F80BCC6FB5EFA0C849DC9CFD
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: C8CE0DC8F010E56736E8473482BD79E9
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 663D4738C44DB1A1D90930B09079513A
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 127EF802BBAD22827B164A0ED90AB25E
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 87DEAC4CF56BE5F42EA426B88EC3AED1
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: E3E6E611B97A532EDCA23D1C442F5539
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 61ADA3A564377C541018730244F594BB
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 7E9E6D93282A6CAD87D4E0AF5B149AD7
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: CADF70C9C54702808F982F90963BB434
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: E840410FCAE0263B1B573BB01721B912
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: C997A69752259E51E18AC7CC794B55DB
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: AB1D99DA5A465C88616157A368CF145A
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: EA9BD2258F1F4123A2C9DD1039FA4ED6
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: E3C29239703B450254EF023F62CC7098
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: B5A33FEA5F6AB5C48C2DFE1BB70B6E2C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: E46D1E63DC8CEE89B5EBDE662A879D92
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: B2DA63DBF4C510C18FBD46C4F6FF497B
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: BE635D0F8347C21471434035443F4CBA
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: A2EC5F3E43EBEC558287327C3ABD5224
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: FF4FBF5DC5EC08DBDEC779EED7B562FC
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: DB7B59026B95DFFBAF9C15BCB9B2ED86
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 6716FE2A9404A1B4E31303E967CD01A7
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 80212BC4F8F0C4B706FC394165B1BAFA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

LeviatanScans – Enjoy your favorite comics!

Page URL History Show full URLs

https://leviatanscans.com/ HTTP 301
https://leviatanscans.com/ayg Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js
tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Ionicons (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+ionicons(?:\.min)?\.css

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Outbrain (Widgets) Expand

Overall confidence: 100%
Detected patterns

widgets\.outbrain\.com/outbrain\.js

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?slick-theme\.css
(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

599
Requests

96 %
HTTPS

39 %
IPv6

62
Domains

100
Subdomains

76
IPs

11
Countries

15350 kB
Transfer

43734 kB
Size

52
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://xxx.leviatanscans.com/
Title: Pornhwa

Search URL Search Domain Scan URL

URL: http://agencyorquidea.com/

Search URL Search Domain Scan URL

URL: https://www.papayads.net/?referral=leviatanscans
Title: - PapayAds Advertising -

Search URL Search Domain Scan URL

URL: https://paypal.me/leviatanscans

Search URL Search Domain Scan URL

URL: https://discord.gg/leviatan

Search URL Search Domain Scan URL

URL: https://patreon.com/leviatanscans

Search URL Search Domain Scan URL

URL: https://papayads.net/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://leviatanscans.com/ HTTP 301
https://leviatanscans.com/ayg Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14

https://papayads.net/clnt/leviatanscans/v2/adtags.js HTTP 301
https://www.papayads.net/clnt/leviatanscans/v2/adtags.js

Request Chain 65

https://papayads.net/clnt/leviatanscans/v2/adtags.css HTTP 301
https://www.papayads.net/clnt/leviatanscans/v2/adtags.css

Request Chain 78

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1249025418&utmhn=leviatanscans.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=LeviatanScans%20%E2%80%93%20Enjoy%20your%20favorite%20comics!&utmhid=1057778784&utmr=-&utmp=%2Fayg&utmht=1652811862288&utmac=UA-138586448-1&utmcc=__utma%3D210982024.547592442.1652811862.1652811862.1652811862.1%3B%2B__utmz%3D210982024.1652811862.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=809826394&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-138586448-1&cid=547592442.1652811862&jid=809826394&_v=5.7.2&z=1249025418 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-138586448-1&cid=547592442.1652811862&jid=809826394&_v=5.7.2&z=1249025418 HTTP 302
https://www.google.co.uk/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-138586448-1&cid=547592442.1652811862&jid=809826394&_v=5.7.2&z=1249025418&slf_rd=1&random=2411412623

Request Chain 155

https://pbjs.e-planning.net/pbjs/1/2e43c/1/leviatanscans.com/ROS?rnd=0.8214990230066248&e=300x250_0%3A300x250%2C728x90%2C300x600%2C970x250%2C970x90%2C1024x768%2C768x1024%2C480x320%2C320x480%2C336x280%2C320x100%2C320x50%2B300x250_1%3A300x250%2C728x90%2C300x600%2C970x250%2C970x90%2C1024x768%2C768x1024%2C480x320%2C320x480%2C336x280%2C320x100%2C320x50%2B728x90_0%3A728x90%2C970x90%2C320x100&ur=https%3A%2F%2Fleviatanscans.com%2Fayg&pbv=6.7.0-pre&ncb=1&vs=FFF&crs=UTF-8&fr=https%3A%2F%2Fleviatanscans.com%2Fayg&e_pubcid=72cea876-8b5b-4db5-b9ff-865494e9e7cb HTTP 302
https://pbjs.e-planning.net/hb/1/2e43c/1/leviatanscans.com/ROS?ct=1&r=pbjs&rnd=0.8214990230066248&e=300x250_0%3A300x250%2C728x90%2C300x600%2C970x250%2C970x90%2C1024x768%2C768x1024%2C480x320%2C320x480%2C336x280%2C320x100%2C320x50%2B300x250_1%3A300x250%2C728x90%2C300x600%2C970x250%2C970x90%2C1024x768%2C768x1024%2C480x320%2C320x480%2C336x280%2C320x100%2C320x50%2B728x90_0%3A728x90%2C970x90%2C320x100&ur=https%3A%2F%2Fleviatanscans.com%2Fayg&pbv=6.7.0-pre&ncb=1&vs=FFF&crs=UTF-8&fr=https%3A%2F%2Fleviatanscans.com%2Fayg&e_pubcid=72cea876-8b5b-4db5-b9ff-865494e9e7cb

Request Chain 193

https://a4p.adpartner.pro/ssp/match?redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307558%26extuid%3D%7Buser_id%7D HTTP 302
https://sync.adtelligent.com/csync?t=a&ep=307558&extuid=baf9ea40-7f07-48c0-94b7-97336ca6aa7d

Request Chain 214

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 216

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 217

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 236

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 239

https://sync.technoratimedia.com/services?srv=cs&pid=70&uid=1652811863869-963056969725-006807-009-008792&cb=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1652811863869-963056969725-006807-009-008792%26biddername%3D3%26key%3D%5BUSER_ID%5D HTTP 307
https://sync.aniview.com/cookiesyncendpoint?auid=1652811863869-963056969725-006807-009-008792&biddername=3&key=GDPR

Request Chain 241

https://sync.1rx.io/usersync2/rmpssp?sub=aniview&redir=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1652811863869-963056969725-006807-009-008792%26biddername%3D200%26key%3D%5BRX_UUID%5D HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=aniview&zcc=1&redir=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1652811863869-963056969725-006807-009-008792%26biddername%3D200%26key%3D%5BRX_UUID%5D&cb=1652811864050 HTTP 302
https://sync.aniview.com/cookiesyncendpoint?auid=1652811863869-963056969725-006807-009-008792&biddername=200&key=OPTOUT

Request Chain 320

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPL1E4X6QmW-NJhvRkmPH9OpIrs53BrlpdG_5WljiVcw_kEu2mroJSSv-trzTuKXrqHLB-8pxNDP6LvUMUEaiQvzXUnWrYkb&google_gid=CAESECO6D_z7E0k60ammZf-u4Og&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WW9Qb1dRQUFCVEUwVHdQNQ&google_push=AYg5qPL1E4X6QmW-NJhvRkmPH9OpIrs53BrlpdG_5WljiVcw_kEu2mroJSSv-trzTuKXrqHLB-8pxNDP6LvUMUEaiQvzXUnWrYkb

Request Chain 321

https://d.agkn.com/pixel/2175/?google_gid=CAESEJwPXXmNB27R9cFdxJjpPKE&google_cver=1&google_push=AYg5qPKcmgqkBnGWm6ZzGs3kr4_QjJ_Xf4WWsO8WPj_ehIDe6wYTgLkQm1-yfxmviqGc_OFkXmdqnL4CdhosGv7HBUSPy1GQyq8Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKcmgqkBnGWm6ZzGs3kr4_QjJ_Xf4WWsO8WPj_ehIDe6wYTgLkQm1-yfxmviqGc_OFkXmdqnL4CdhosGv7HBUSPy1GQyq8Y&google_hm=Q0FFU0VKd1BYWG1OQjI3UjljRmR4SmpwUEtF

Request Chain 324

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEBd1-P1HcgTdgy_hJO8QPAA&google_cver=1&google_push=AYg5qPLmnmqNCtmTBHe9Lzgc-wgHPqhQyQLNCHZUJlMptMoLFMRbALnkG8iZdGOhWtG8LAfeVBbvXXSEX-REB-IHCz6uGs0q6qcR HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEBd1-P1HcgTdgy_hJO8QPAA&google_cver=1&google_push=AYg5qPLmnmqNCtmTBHe9Lzgc-wgHPqhQyQLNCHZUJlMptMoLFMRbALnkG8iZdGOhWtG8LAfeVBbvXXSEX-REB-IHCz6uGs0q6qcR&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=PDZU6j7kSCmm_7odHhrmyA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLmnmqNCtmTBHe9Lzgc-wgHPqhQyQLNCHZUJlMptMoLFMRbALnkG8iZdGOhWtG8LAfeVBbvXXSEX-REB-IHCz6uGs0q6qcR

Request Chain 328

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELlI7lKERSuaAH_th3E6IuU&google_cver=1&google_push=AYg5qPKz6_TmBX4Iy-1kV8kRsThL_zuhwloURYkftmpKtNE25yMYNgjv_08lJ4E8R3U8I9xxB1_948fUG7JlZY3OKru6tWbx85Fu HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELlI7lKERSuaAH_th3E6IuU&google_cver=1&google_push=AYg5qPKz6_TmBX4Iy-1kV8kRsThL_zuhwloURYkftmpKtNE25yMYNgjv_08lJ4E8R3U8I9xxB1_948fUG7JlZY3OKru6tWbx85Fu HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=VnNOd0I4eVkxTlIxUlQ1&google_gid=CAESELlI7lKERSuaAH_th3E6IuU&google_cver=1&google_push=AYg5qPKz6_TmBX4Iy-1kV8kRsThL_zuhwloURYkftmpKtNE25yMYNgjv_08lJ4E8R3U8I9xxB1_948fUG7JlZY3OKru6tWbx85Fu

Request Chain 329

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEIMaub3XuWEq8z80WTQ6c_Q&google_cver=1&google_push=AYg5qPKolJOVvlub11TvNfoFsH6L-3FjnrGZFJI08epaWbEmzkWy2N37FoCc-lnqObRaVrV-LhcDuxJyzm1aPUhhscj2m_9fB1nE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPKolJOVvlub11TvNfoFsH6L-3FjnrGZFJI08epaWbEmzkWy2N37FoCc-lnqObRaVrV-LhcDuxJyzm1aPUhhscj2m_9fB1nE

Request Chain 330

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEMWZUfN51zgMsGlqaAdZQ60&google_cver=1&google_push=AYg5qPJNt1twNj03m1UQQUMjZjVqaTw0eHQWZq14wKwA3r5AlCbKM35jUfIoryO1acS8kJX_i8DjgNDvZxcwdX-18DWcvN_3qEKz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPJNt1twNj03m1UQQUMjZjVqaTw0eHQWZq14wKwA3r5AlCbKM35jUfIoryO1acS8kJX_i8DjgNDvZxcwdX-18DWcvN_3qEKz&google_hm=MTY0NDEzMjY0OTAwNTE5NzY2Nw%3D%3D

Request Chain 331

https://d5p.de17a.com/cookies/google?google_gid=CAESEKbmewbOsINbk2258giuy-Q&google_cver=1&google_push=AYg5qPJCVT9ZGvjJ98zQAEBENqPNDBS4y-iscH7ZvTMGG6UKyuMKcHx4JCgRlJPLI0Xb7eGc60shmVB4fWQCG3YUbwUS3nIBa2vR HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEKbmewbOsINbk2258giuy-Q&google_cver=1&google_push=AYg5qPJCVT9ZGvjJ98zQAEBENqPNDBS4y-iscH7ZvTMGG6UKyuMKcHx4JCgRlJPLI0Xb7eGc60shmVB4fWQCG3YUbwUS3nIBa2vR HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPJCVT9ZGvjJ98zQAEBENqPNDBS4y-iscH7ZvTMGG6UKyuMKcHx4JCgRlJPLI0Xb7eGc60shmVB4fWQCG3YUbwUS3nIBa2vR

Request Chain 333

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEEX5XBzByOWA4ha9_oeG7i4&google_cver=1&google_push=AYg5qPJ2c_hhkZGVmZuCR00rauvX_FMCpDY0JKUz_-8URx_gWre_-Xx9wofOj6AEA86wRx5cT5zvTaVP59KnZU2MjurCaY1BYHCBlg HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEEX5XBzByOWA4ha9_oeG7i4&google_cver=1&google_push=AYg5qPJ2c_hhkZGVmZuCR00rauvX_FMCpDY0JKUz_-8URx_gWre_-Xx9wofOj6AEA86wRx5cT5zvTaVP59KnZU2MjurCaY1BYHCBlg&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1VdDRaTWQxRTJ1RVhDa0Q5ZDIyV25aUVFpUVJxWE8xRX5B&google_push=AYg5qPJ2c_hhkZGVmZuCR00rauvX_FMCpDY0JKUz_-8URx_gWre_-Xx9wofOj6AEA86wRx5cT5zvTaVP59KnZU2MjurCaY1BYHCBlg

Request Chain 344

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPJaAJOQBezkxviXY3TWb7MfzTacm4WbArpnyLI5GKwrv-qr8DsVvkeOeG9cO5Kx5Ta7t3l9OxVZW4dwq-0y16C5XnAigQPxUw&google_gid=CAESEPIE58QlIzOGXOpIj8aZffE&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCNnQj5QGEgUI6AcQAEIASnJnb29nbGVfcHVzaD1BWWc1cVBKYUFKT1FCZXpreHZpWFkzVFdiN01melRhY200V2JBcnBueUxJNUdLd3J2LXFyOERzVnZrZU9lRzljTzVLeDVUYTd0M2w5T3hWWlc0ZHdxLTB5MTZDNVhuQWlnUVB4VXc HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwVXc4SHFwLXpwYjFwdVoxUDhEZjRPOGZhOXRra1RmWmtfLWU3aHVVSVhrOA==&google_push

Request Chain 346

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEBd1-P1HcgTdgy_hJO8QPAA&google_cver=1&google_push=AYg5qPKFdwI0sOFIvXDq_2TVQw8nLGLNrCjDEnTtlFNH-usTzfTLu-hiaH2BinWSQg36zImvUjEJSfa9gRDiJnN4dlTcAwxWP8Clqw HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEBd1-P1HcgTdgy_hJO8QPAA&google_cver=1&google_push=AYg5qPKFdwI0sOFIvXDq_2TVQw8nLGLNrCjDEnTtlFNH-usTzfTLu-hiaH2BinWSQg36zImvUjEJSfa9gRDiJnN4dlTcAwxWP8Clqw&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=HionzC4LQTO88TV-ma19Bg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKFdwI0sOFIvXDq_2TVQw8nLGLNrCjDEnTtlFNH-usTzfTLu-hiaH2BinWSQg36zImvUjEJSfa9gRDiJnN4dlTcAwxWP8Clqw

Request Chain 347

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEL8szwh_j1FJARskPL-P6vI&google_cver=1&google_push=AYg5qPIiA7YCNKg5_c5zYS3dLZJOJFtJ8wHka27p4JI7Sq8jrMCKYOLPbKOWVl4GtOCRhYedvO4i4N-RGHuY8W24SbHe2I_Oy-QxrQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDNBSElENlUtWC03WTc0&google_push=AYg5qPIiA7YCNKg5_c5zYS3dLZJOJFtJ8wHka27p4JI7Sq8jrMCKYOLPbKOWVl4GtOCRhYedvO4i4N-RGHuY8W24SbHe2I_Oy-QxrQ

Request Chain 348

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEAvRTqjG0Eez3MutPU1gapI&google_cver=1&google_push=AYg5qPKyZg6hTi3eBMlig5EP1Ui6R66KWlAGEeIJu51hgfCUriXwgAK9I3zhE54wX68Ud9foP7UpITms8-trPaL_hjePR_fsA0_4Lw HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEAvRTqjG0Eez3MutPU1gapI&google_push=AYg5qPKyZg6hTi3eBMlig5EP1Ui6R66KWlAGEeIJu51hgfCUriXwgAK9I3zhE54wX68Ud9foP7UpITms8-trPaL_hjePR_fsA0_4Lw&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YoPoWSWwY4nINB7r-pyDOwAAAU4AAAIB&google_push=AYg5qPKyZg6hTi3eBMlig5EP1Ui6R66KWlAGEeIJu51hgfCUriXwgAK9I3zhE54wX68Ud9foP7UpITms8-trPaL_hjePR_fsA0_4Lw&google_cver=1&google_gid=CAESEAvRTqjG0Eez3MutPU1gapI

Request Chain 367

https://papayads.net/images/LOGO/logo-banners.svg HTTP 301
https://www.papayads.net/images/LOGO/logo-banners.svg

Request Chain 422

https://gum.criteo.com/sid/json?origin=publishertag&domain=leviatanscans.com&sn=ChromeSyncframe&so=0&topUrl=leviatanscans.com&cw=1&lsw=1&topicsavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=DQk0f3xWU2xEdGF4M2lvbi8zQXJNWGd1VWptT090bk5mMkNTdXBMUnRsL2l5YzVYMWgyUmJUVnRiQXZXRDg4cjRObUdidTUvcm16TVRrSitKUEFEWmZkZ0x3ZUk1RHBtR2hBVlRPZTl4cmsyNnZ2OTdXcXBQc0dIM3FHVFZMNFlEVk8vRStmMDhGc29DL01Vb3I5QitodmtKTFJ3Z2Q2VFYydTB4Y0RyUkJMYnY1M2hYQ2JFTmJld2Z2WDZzd1VvTzlNaUZQRnJ4NmVYRGpUcExnS0F1R0tlSll6LytkbDJxQnA5cXdobnZvbzljVXdLYW1pMDQwbnZzNFZIM0RBQzVObTB0Zmx2VGQzWGNXZlRjTU83VXJ2R0JaQT09fA&cppv=2

Request Chain 456

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fleviatanscans.com%2F&domain=leviatanscans.com&cw=1&pbt=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=lr62QXxBZmgxMkxMek9QYkxFSVlhT0tKNUJ2dXpMQkZLRzF0aTRJdUdkYXRhT29EQTFsNU82aHFaa0F1QW9CNGtNZm1UY1pkeW1jMjcxdzFVQm56bmJ6YmNNa2gyc3BRY0huOTVzV0U2eDBXaFkvcUYycUZuUlNZMXZGK2xQNEp1NCsyUVZ3WVl0NlRwWk82RXRqTkUzQ3NzSGRNaEFOY1ZadUVLU3RZZEdSb01sV3NwT3ExdXp5bDFiZU4wc0pPZzhncGRUSXhHUTBhU2JnS2c2VitpNUpZSnJHLzV2WjB3bnJIZVhpZGc4WUplOERxSnJFTjhYWVpPSWhTNjFKNVM4WC81bkdwY1d1TjNod0JicDk5TUErKzZ6UT09fA&cppv=2

599 HTTP transactions
17 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request ayg Show response
leviatanscans.com/
Redirect Chain

https://leviatanscans.com/
https://leviatanscans.com/ayg

88 KB
16 KB

711ms
710ms

Document
text/html

2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/ayg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ffa8a5f82441ecbfe35c4ff7df5bd4cc92b0070b49298445dcf7235982a3fa63

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=3600, public
cf-cache-status: DYNAMIC
cf-ray: 70ce63b3a9b1718a-LHR
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 17 May 2022 18:24:21 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Tue, 17 May 2022 18:24:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vx3lOg%2F5kpWkjhgsyfTAacTnh%2BB4SyqcpVWrmZNYSV6HDXIMb0oQr53vidMrLD4Za5aOn9zeO3LtApvOVSTVUT7%2B6c0b5sYGe6%2FUa0ZYjx6HC34mMrSytL6MgX0orDaWGCWFXcsV88E2ByDqu%2BC2%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,X-Forwarded-Proto

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=3600
cf-ray: 70ce63b368f2718a-LHR
date: Tue, 17 May 2022 18:24:21 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Tue, 17 May 2022 19:24:21 GMT
location: https://leviatanscans.com/ayg
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GEcACsThbB1OYoWMp%2BvCja7C7edUnb9B0mk8LLr2qYkPGrVz3w%2FKG54M3zoUmYXMJmBKz47hVAkumy42LXvzi4YsmGt0npzRtYzc8YVSPhl%2FcpXecKAN1pxb7%2FvvBArAmZMOMcQKmaIUZPRytL10SA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 158 KB
55 KB 170ms
79ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/ayg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fb03eb8e36bc12e8babab36c75820a0e1d77001c6b5f14ea38bdb1a956b158e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56193
x-xss-protection: 0
server: cafe
etag: 17351064450977160911
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 17 May 2022 18:24:21 GMT

GET
H3 200 style.min.css
leviatanscans.com/wp-includes/css/dist/block-library/ 81 KB
12 KB 99ms
98ms Stylesheet
text/css 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/css/dist/block-library/style.min.css?ver=5.9.3
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3587680
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 06 Apr 2022 05:44:57 GMT
server: cloudflare
etag: W/"624d28d9-145db"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kr1cYzBHkHdqI%2BKM3SHnM7hcTSZGNA%2BoFDlr6VbzWq%2BAnGtKuK94Ee8EIOcLcc9EFE%2BeXOcWE%2Bwd7VHg148j0seQSydBcuw0%2F%2FMVhojWA0dNHMNPOaAzDvnYsrmTGPmk4pM7XH%2BGFKkZvhfRtyeFHA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 70ce63b838147750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 shortcodes.css
leviatanscans.com/wp-content/plugins/madara-shortcodes/shortcodes/css/ 23 KB
5 KB 38ms
36ms Stylesheet
text/css 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/plugins/madara-shortcodes/shortcodes/css/shortcodes.css?ver=5.9.3
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0a4375d9abb19e1ad99be871bd3c41f16a148c87d277f19dfe92d9b69fb57efe

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3587680
cf-polished: origSize=27133
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 30 Nov 2021 21:10:46 GMT
server: cloudflare
etag: W/"61a69356-69fd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZMR9jTqL%2BqVWXKy7%2FbVCA1jMCsAsbZYTn1mdM1MqVzjZ76kjZKxPI%2Buu5oxhieaR%2F3ZDCtF6rLqnx6gNyvKxWXoG0NdpeS8mf%2Fb9mDvhlWDZMIuI5%2FWT7S7QipUHxqxwosQYeyU5owewStdZ0JKz0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 70ce63b848187750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 all.min.css
leviatanscans.com/wp-content/themes/madara/app/lib/fontawesome/web-fonts-with-css/css/ 58 KB
13 KB 93ms
90ms Stylesheet
text/css 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/app/lib/fontawesome/web-fonts-with-css/css/all.min.css?ver=5.15.3
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d87ddf917b7a1449ab45e2b8e3c98354629bdd65b6659c37e6023bbea1ce1386

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17549623
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: W/"61235442-e7d0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RexsnbS91EPkrl2JjCx57%2BuyxlwaMQWKACfCN53hxiUfNnQexbxya1aVrl7fgDBNN1VjZvZBMRJKKAKjvfQEGhbHtqjakodPsileZmC2BKZRfxsW6B61WTvIF0HA4zeyjzEnJYotbnnHhJZU6uxTVg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 70ce63b848197750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 ionicons.min.css
leviatanscans.com/wp-content/themes/madara/css/fonts/ionicons/css/ 44 KB
8 KB 70ms
68ms Stylesheet
text/css 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/css/fonts/ionicons/css/ionicons.min.css?ver=4.5.10
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ba1b25e68d60244006d6ce251be9fb095fdc07867e47481a08b4e048dac6d0b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17549622
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:43 GMT
server: cloudflare
etag: W/"61235443-b0aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GBGpjhsIOHq8DWNVt8f9unwveg6qrkdKDMBwgBFF4ZJ6fvJIafHvFsHD%2FVlIhaCmh%2FN01U6p5FOv3bgsQfdAOhuM08TFwbvDWVL5EBOTjq8G1RROLRxLrhuEASXwdvB3V3uAhFKr37KUweHn4QsZSg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 70ce63b8481a7750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 ct-icon.css
leviatanscans.com/wp-content/themes/madara/css/fonts/ct-icon/ 48 KB
9 KB 65ms
62ms Stylesheet
text/css 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/css/fonts/ct-icon/ct-icon.css?ver=5.9.3
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bdab1c3978eb230cd7809a84424a184ad363dcd802dba528615a85d2765a124f

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3587680
cf-polished: origSize=59048
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: W/"61235442-e6a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dkaJ7NC4%2BVM0qSJ5M4zQdKLBh9yJmOw8DmTEoKDMj0r%2BujwE%2Ffn7psh4ctSt3gaTYyEi4qMUkTuiCopp4MT9Jvzf%2BIZHTeX2yfk5%2FKhHHINgtHw3djyK9EKKVf4aquY76bpU%2B%2BFzEMXf5XUG2ul%2Fjw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 70ce63b8481c7750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 bootstrap.min.css
leviatanscans.com/wp-content/themes/madara/css/ 158 KB
25 KB 43ms
41ms Stylesheet
text/css 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/css/bootstrap.min.css?ver=4.3.1
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17549622
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:43 GMT
server: cloudflare
etag: W/"61235443-27681"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5eMCPPbYzN0AZ16r8Lt3MioJljUEHHenrLggkJhzZudzBZkXkDNa3f80HmYwXWuhmZmSy6AJqTcYhN6w8fDBTVcvfB8ccj4uT043%2FkKPtvhgStDwv2iK7QeoaJXUs9LHDtCZ16itHibGw%2Fv2oIF1%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 70ce63b8481e7750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 slick.css
leviatanscans.com/wp-content/themes/madara/js/slick/ 1 KB
1 KB 38ms
35ms Stylesheet
text/css 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/js/slick/slick.css?ver=1.9.0
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21061765237c66c10b48e236063a3497c22d33629e98f8654d1a3b860fa48700

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17549622
cf-polished: origSize=1776
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: W/"61235442-6f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=45r90VhiDaVZgPQ3t7QVH%2FQ57U77bm3lrSPKlQtO0Lb5XC%2FaKQT57kRhmXPi5SsUjU6FkXxl0Nd5pRK%2F8sJBd2PO4%2BhrhNeEzMQ1hw0mvabtwxwJ2DF3W1%2Fp4zBxNDRYIdA8B6nv4wC21bCDxwnfdw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 70ce63b848207750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 slick-theme.css
leviatanscans.com/wp-content/themes/madara/js/slick/ 2 KB
1 KB 43ms
41ms Stylesheet
text/css 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/js/slick/slick-theme.css?ver=5.9.3
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f8b0220980de4339ca04d32bc5656435847fecb3a47f2eac38e33277e18eddc8

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3587680
cf-polished: origSize=3145
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: W/"61235442-c49"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5ZRNavDF3%2BZSqwGkbfAKN38jronrSxJiXHZUCmL59iUiXCesVkG8uaJ%2F0MPoC2xch6GaSFtcLPwFw8Tj9x8vgKScROycFS68Z4mgYYPIDBh%2BMkyRF%2F%2BXqC6ZumouQM5N0%2BP2HXxSOrZSRHavVxcmHg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 70ce63b848237750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 loaders.min.css
leviatanscans.com/wp-content/themes/madara/css/ 37 KB
5 KB 99ms
97ms Stylesheet
text/css 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/css/loaders.min.css?ver=5.9.3
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e90232fa519c3b428277755817c64d59056677920763465a851275ed53cd4d0b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3587680
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:43 GMT
server: cloudflare
etag: W/"61235443-95cc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0ag4tafz0k1J%2FKtFIWACO8I8GO4Ps6DRmuhyWDDv9R6Pv50kqKP9vvk3qNpHmL23%2BJIsGI9vc25vzwDKY1evMcQIrs%2FDJVMgIev02X9rG%2FGUz1xR5ZMr8AK%2Biw5QFSxTkndjSDrrJ1nG5q4Yj5jmrg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 70ce63b848247750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 style.css
leviatanscans.com/wp-content/themes/madara/ 267 KB
35 KB 118ms
116ms Stylesheet
text/css 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/style.css?ver=1.6.6
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 57d6b25be8e53edfbb469bf824f2d63f1d27f9cf8be3c4a65cebd2b104e21e40

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17549744
cf-polished: origSize=327832
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: W/"61235442-50098"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AfNXO90hTtkKK3P9hYwbt21SnKfe%2FuoOhmKf66iJfbYP10NyrgW6UHiPQblJBEgS58IZIynvcxwqEeTX8EbfQU83Tgp5haFFpbi%2Bm4wlPYourqrt1KMtgoz4tpCYWnSiF8j%2FeghKx3lbTI1V94vG4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 70ce63b848267750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 jquery.min.js Show response
leviatanscans.com/wp-includes/js/jquery/ 87 KB
32 KB 124ms
122ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7038804
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 20 Jul 2021 17:44:35 GMT
server: cloudflare
etag: W/"60f70b83-15db1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R2032UIdkSlvTt%2BrQNdBSfn5R7R2QeNFSiMgJKvbhsOJvHJfRyf%2BX4MvGezefoCKBGG4c0T8BawGJIsUmTmm6Dbr8W4eFDMijIPEe7%2BsPMDuUUVvznIE%2BgnO5CDdx8SHbBHSGKpPMvOUHZnqDp%2BImQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63b848287750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 jquery-migrate.min.js Show response
leviatanscans.com/wp-includes/js/jquery/ 11 KB
5 KB 143ms
142ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17549621
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
server: cloudflare
etag: W/"5fb4e3fe-2bd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gXzNhEqULqcZFE7ctxHTUysJEYyaS2lebUpwoF9hji%2B11CdW3AL%2FJdfhoEwEzy0YPGouwvmDFodO6LtnkorZeytkpJsd24FTgRIQCPkbYlZcMyxynj%2BAjgyo7rGvZwM7xScFstIpjlZyPGoJV%2BDz%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63b848297750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 wp-emoji-release.min.js Show response
leviatanscans.com/wp-includes/js/ 18 KB
5 KB 82ms
76ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/wp-emoji-release.min.js?ver=5.9.3
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3587679
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 20 Jul 2021 17:44:36 GMT
server: cloudflare
etag: W/"60f70b84-4705"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lj9%2FcakIzf2lprk3zO8AVEMBA%2BRslQNs5ER56Ak4ftdEgg3a%2BJd1l4c1W2WGBtZfazP%2Btc12PZTSkrKz2EpUxTl31wJUvh9C7bsNBo3eiVQEvruncv2F2rc%2B7FNB%2FmubaGIKNdfwT4rWGkntWD6XXw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63ba5c7c7750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2

200

adtags.js Show response
www.papayads.net/clnt/leviatanscans/v2/
Redirect Chain

https://papayads.net/clnt/leviatanscans/v2/adtags.js
https://www.papayads.net/clnt/leviatanscans/v2/adtags.js

20 KB
4 KB

45ms
35ms

Script
application/javascript

2606:4700:20::ac43:4411
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.papayads.net/clnt/leviatanscans/v2/adtags.js

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/ayg

Protocol

Server

2606:4700:20::ac43:4411 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

654400da854cd877b48c677289172ef110f9a42f1af950e07dc9c6e646f89645

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3203
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 15 Apr 2022 11:17:14 GMT
server: cloudflare
etag: W/"6259543a-5f9c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tSJRs9OtNcmF9%2FfGc77fHXgKRsnsJRSAJnfTrD9CsmjyN2XQUqnEnRcej0E3nAz9auu1AqOjdm%2B96Bw6h7jps3Er7IGt62YKzsdOX4is9OAoxs2Lt1%2Bhjr16Y023JsQBk2Kt%2Fwuqz79Nb0jYGNA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-polished: origSize=24476
cf-ray: 70ce63b9f89576e3-LHR
cf-bgj: minify

Redirect headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 188
x-powered-by: PleskLin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z5909UyeWUIEYVVIFBgTXIT6a1FRdtOaZkKYYKpfBIYs9fwAcnb0sFW9sLfhri44d7Qzc8xbxk0Z90EFSEv%2BqGTUQi9BEeDZO0P8S1AmMjLhWuLXvQjJK%2F69XUbxLAhvtbTDvw7wiA2IxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
location: https://www.papayads.net/clnt/leviatanscans/v2/adtags.js
cache-control: max-age=14400
strict-transport-security: max-age=15768000; includeSubDomains
cf-ray: 70ce63b97fd876e3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 logo-web.png
leviatanscans.com/wp-content/uploads/2021/03/ 14 KB
14 KB 83ms
76ms Image
image/png 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/03/logo-web.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1349ab831d930c782baf6577f44cd810053db33b587e604e2fdf959da87974e0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13362769
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14172
last-modified: Fri, 12 Mar 2021 05:58:37 GMT
server: cloudflare
etag: "604b030d-375c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FJAG%2BwHk4y25Oh2onGeMHZ92k4DY3sARtCYR54sJ2%2BocdVGx02MuM4gn1203KHl6b6d4UcrBib4AMcCCAYSgnEy1fkXgKiHqq2yC2g81V3YzWZQovxf8Kz5h0mESlToE5hDe12Yi0W%2BCciyZfegPmw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 70ce63ba5c7d7750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 158 KB
55 KB 141ms
57ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4875972488010851

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/ayg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a8c3e0599835e2806679170a98e213ad2b0d655e5a253c34102046fbb8e0350

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56163
x-xss-protection: 0
server: cafe
etag: 18329104190396422970
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 17 May 2022 18:24:22 GMT

GET
H2 200 8273 Show response
tags.orquideassp.com/tag/ 676 B
1 KB 164ms
41ms Script
text/javascript 2600:9000:2057:a000:2:e529:700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tags.orquideassp.com/tag/8273

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/ayg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:a000:2:e529:700:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx/1.16.1 /

Resource Hash

0dd9935552633c7a149a715988f93a54fc1b1993e2efbf6dc33d5a09d4f33f2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 50
x-dns-prefetch-control: off
x-cache: Hit from cloudfront
date: Tue, 17 May 2022 18:23:54 GMT
content-length: 676
x-xss-protection: 1; mode=block
server: nginx/1.16.1
etag: W/"2a4-o/D65pg4+RcD/llrTPjHjW6uezI"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: Kw_1vzYZrOOos8bp6HcSCUzgTsgr5G5sWFmfJhJJtI_UJb8R__0K2g==

GET
H3 200 cover-_NJACBV-175x238.png
leviatanscans.com/wp-content/uploads/2021/03/ 85 KB
86 KB 120ms
114ms Image
image/png 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/03/cover-_NJACBV-175x238.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36f7e89cb79ed00bb3eb43644501e42b98563e123c2144542adde59a40e3229b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17549745
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 87361
last-modified: Fri, 12 Mar 2021 22:41:42 GMT
server: cloudflare
etag: "604bee26-15541"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FTWS9ATDQjAv%2Fe2gvuAK0KIIu1359YBA7Ejc%2BVdOjtQjbwWPIwKw1pn7pc3zVr3PFhoeElpuWmSdaPOtC3F1iJ40QFfeFdYNrJITmSfgsbyK0xOiIMZF2UYiVRP2SK03zWwqxPSH7MMYsZG%2Bn3Ju5g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 70ce63ba5c837750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cover-SK-175x238.png
leviatanscans.com/wp-content/uploads/2021/03/ 95 KB
96 KB 122ms
116ms Image
image/png 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/03/cover-SK-175x238.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1deed49f89b542fc47812be6f25657f4a2027e2ba563f1c5db9ccfb68a885b8

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17477123
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 97680
last-modified: Wed, 04 Aug 2021 00:06:07 GMT
server: cloudflare
etag: "6109d9ef-17d90"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gdqNo9N8jIjTxJLuXRTs4Ked4EKI7gwo7iBRXeqJ5B3bnTHHnwnWa5a98i2VMDBYvQql8EMnWUBykoITPY69P%2BVqkwhGWyUe4XXiAL8aIRq1JfKDbsIJ3k7CCEU8Pgmv691FmmlwGYkcTZEwJ39WlA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 70ce63ba5c857750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 Leveling-175x238.jpg
leviatanscans.com/wp-content/uploads/2022/03/ 21 KB
21 KB 84ms
78ms Image
image/jpeg 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2022/03/Leveling-175x238.jpg
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9745abef688313fc70a7e223365c318f97958cdf075827ec40486fd08d06af2f

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
last-modified: Thu, 24 Mar 2022 00:54:52 GMT
server: cloudflare
age: 4727127
etag: W/"623bc15c-5333"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gl7KmzIiV5IznpPaD6I32mGAUybUxn3D7XgCudhhbMbUtQVOKZgjZcQenzBGnCaPfzuilA4DSt1sqJ3SXAvjrXinoks%2FwCXbgOi49ufLEY0A4pfGqYdErP89f30icktVCPCFTuloKxnO785fFjPNeg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 70ce63ba5c877750-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cover-175x238.jpg
leviatanscans.com/wp-content/uploads/2021/05/ 20 KB
20 KB 136ms
130ms Image
image/jpeg 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/05/cover-175x238.jpg
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a547efbfd785ca2ec616b6f6c340445e23b1e09815215ae5c701306c399e895

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
last-modified: Mon, 18 Apr 2022 03:48:06 GMT
server: cloudflare
age: 2557632
etag: W/"625cdf76-4f4c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i66W4ESMouO1btUoO4Tkic%2FvOHKRt27vvZ%2BFfSUDKiioRmbLf8ftEj6GDD%2FWZCtf8W6DecYDO1%2FbmBwxvyCJ57LaiK%2BbMq6NQkR%2Bnh26rtfXkg%2B2dU2U5Y%2B7WiEd9uzAHXxV34fvvfZnl%2BPt0alOYA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 70ce63ba5c897750-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 player-300x450-1-175x238.jpg
leviatanscans.com/wp-content/uploads/2021/04/ 21 KB
21 KB 137ms
132ms Image
image/jpeg 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/04/player-300x450-1-175x238.jpg
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c878e04af5ee66469acf284a8fd5cc0902b07bc7abb4d571e99b71f9739917f

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
last-modified: Wed, 27 Oct 2021 03:40:55 GMT
server: cloudflare
age: 17365382
etag: W/"6178ca47-52a3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2FsqKBYBRnlpr3XWAAvW2%2Bo7ELP2ZbTLCH49ge6LHntkx0xk7i0i%2BVr4GOrsy8qaY8uM%2FaZ9coBB5C1Gm0HuZP3gZS7r9bVstq%2BZ38jYQ%2BrwRi%2BOOf0G4sGaID510oaZ4L3GITRQRmlgAJXB3KDp6w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 70ce63ba5c8a7750-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cover-175x238.jpg
leviatanscans.com/wp-content/uploads/2021/03/ 17 KB
18 KB 112ms
106ms Image
image/jpeg 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/03/cover-175x238.jpg
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6b44a9371c442e411b7592b1da6f03cf9711e1d91fd790c2b25bab8dda4d62ae

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
last-modified: Sat, 18 Dec 2021 18:44:42 GMT
server: cloudflare
age: 11323461
etag: W/"61be2c1a-43fc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9aOCsYZroqxtxNPZNwzhPVgjiN2dylbsMJXGsEfzCpRKNofw7%2Bq66PgRIP9JjvE64Kz%2BEdrjBaIxC2rticy6gPES245P6sIrj7szAageS4eUI7ITEZ%2F%2FyDXnfsW%2FtesJ6y5RUx0aklM1xXb9opVbPg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 70ce63ba5c8c7750-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 8tHClassMageReturns-1-175x238.jpg
leviatanscans.com/wp-content/uploads/2021/07/ 19 KB
19 KB 114ms
108ms Image
image/jpeg 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/07/8tHClassMageReturns-1-175x238.jpg
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce4870039b18e0e087af9e46c4463eee8ef304068c383668280e487bb9cbab96

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
last-modified: Sun, 17 Apr 2022 16:21:02 GMT
server: cloudflare
age: 2598996
etag: W/"625c3e6e-4b81"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kmGacif42WalS%2F1Cq1vcuWkKxckVc%2BCMTq%2FuFYv%2FJc5S2m%2BVfXmvj2BMVEIC%2BatBTFMSVl9omkfyu2O5UToiDTBGYR2eMV4vPFlrlQW5vRhjTf2M1qEY1R8%2BwVf9i5jA5CnO1PVuXm484Jzi3TheDw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 70ce63ba5c8d7750-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cover_ITTRA-175x238.png
leviatanscans.com/wp-content/uploads/2021/03/ 99 KB
100 KB 87ms
81ms Image
image/png 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/03/cover_ITTRA-175x238.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ab4189d67c93c85b88f2d2b03ed8aad1afb083b444bf5714b401de3cfcd4260

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2892993
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 101540
last-modified: Fri, 12 Mar 2021 23:27:06 GMT
server: cloudflare
etag: "604bf8ca-18ca4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Npw4xrkRjkkkrB938ZExoDo7O830ozUIAubGe0S2rjdASj14X5QVPrjoWtSyw92fqoYSPak9LrkXaztLV61HkmNnzM2QnI%2FDyRKGmZ1BMsXKpBmH4i%2BZKHQn%2BH4lk0cE3utgRyel%2FAFwjhEt8RSJBg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 70ce63ba5c8e7750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cover-_TSRC-175x238.png
leviatanscans.com/wp-content/uploads/2021/03/ 81 KB
81 KB 87ms
81ms Image
image/png 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/03/cover-_TSRC-175x238.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e00869dabcc0043ef3346bedfb4afab35f3d126e3963a0a70bd744161917ad66

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17549745
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 82656
last-modified: Fri, 12 Mar 2021 08:05:29 GMT
server: cloudflare
etag: "604b20c9-142e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V%2F5Y2pjxnfA8Ac7xvHCOKy%2BsrJauQNVhfFdNmyy1f%2Fg9TAeh6YnZ1OyIyRZ7r5uXvRjP4W3iFPmpHiI5XH5PHJnAgJAr3zKKtTfsmMRy0NYbCsTHtOcfk3eSdKVEc%2BIHtVEsN1aAJVEas4nUu5a0RA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 70ce63ba5c8f7750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cover-175x238.jpg
leviatanscans.com/wp-content/uploads/2021/08/ 18 KB
19 KB 141ms
136ms Image
image/jpeg 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/08/cover-175x238.jpg
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ea15d3c9032b89f389259ec3228a035419a55e092ee25d5f944ff90b2c312508

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
last-modified: Sun, 15 May 2022 00:23:02 GMT
server: cloudflare
age: 237628
etag: W/"628047e6-47d2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UY5fPvzbLs3%2FZTjixKkR6F34DS%2BIbW5JxLjhENquvPvOi5wJ6oZWkjxH51o0GhTsfTrtokmYJ67RmVS9uskYnRKwLAW4sdb0SQfdgrIo6Dg3O%2FG7kTYGh7E2WT1%2FOVzAy59DbbTHUa6Ymh4zaO1woQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 70ce63ba5c917750-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cover-s2-300-450-175x238.jpg
leviatanscans.com/wp-content/uploads/2021/04/ 22 KB
23 KB 143ms
138ms Image
image/jpeg 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/04/cover-s2-300-450-175x238.jpg
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e4e0807293cf9e041e5ef753106df37ff0d481ec9344c03c12d5ee6b3eee0da

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
last-modified: Tue, 14 Dec 2021 15:14:46 GMT
server: cloudflare
age: 13315090
etag: W/"61b8b4e6-58c4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bXD8bIhgC%2FvIxt%2Fl8W3WeyrON9Lc166o86%2BerTr2iUrZ7CUPg3dCcBi9B2SPMKL86j2ZLPkkvY0I0NnPPHZGKmiy9kB1Jo7EuwrC%2FW455lTaRzoIdE6rcygIi0i3D63LSAzG1asFZ7CO0fbtlslwrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 70ce63ba5c927750-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cover_BE-175x238.png
leviatanscans.com/wp-content/uploads/2021/03/ 71 KB
71 KB 84ms
79ms Image
image/png 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/03/cover_BE-175x238.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1e0cce612c097d50694c628441252d87f640626ff88cdd253823ec2bc63e7301

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17450684
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 72423
last-modified: Sat, 27 Mar 2021 16:19:34 GMT
server: cloudflare
etag: "605f5b16-11ae7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vAtLfPLAD45fQoafrOC08WVRFY2b6IZ2Zb8gfv09JLXxTHB%2BaUazsnmDGmHO0llAbl4hLeI2oOTtR%2B8O%2BH4MPwvFmLWxlrZHn1lB76U76tkG3SHIn31ewX13QmWH20vQgjYKsjwRQISYw5vVQoThOA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 70ce63ba5c9a7750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 paypal.png
leviatanscans.com/wp-content/uploads/2021/05/ 13 KB
14 KB 148ms
143ms Image
image/png 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/05/paypal.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ee7c644c591cec61ddf1b090547fac75e06593f99c3f16df08c0e67f14b648c1

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17548958
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13398
last-modified: Wed, 26 May 2021 13:50:56 GMT
server: cloudflare
etag: "60ae5240-3456"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KHXQ2dU7XX7295k4ev5%2F5%2BcZSSo7g1cp%2F5B%2BKXzpzoo9ErjoBNCfAJZR4lCjUgTPtuh%2F2WzOlob7yKQ%2BaBT2ng%2B7FK13bcRZz9JWzQSgJdO%2FghxokEDBFaxLupqzIXw2x6kTmfG7xhVISNELYHzSxg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 70ce63ba5c9b7750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 discord.png
leviatanscans.com/wp-content/uploads/2021/05/ 9 KB
10 KB 148ms
143ms Image
image/png 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/05/discord.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c76f6bfca9e1383c42a28e020fe3f16240e8f27ab8cd2815f37a14782eb45406

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5949052
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9502
last-modified: Wed, 26 May 2021 13:50:46 GMT
server: cloudflare
etag: "60ae5236-251e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ox%2Bs7LSQd0S8Yglj%2BmLuUBsBTXx69Pc%2B7B%2FhfiMPLxHkHBqCdORE%2BLEqwvJ6pLEILYSXpC0et%2BSmuPJQKKaaD70F10p7k9Kuv5bHUgWsrDowpKnD62lR2J5ur6l%2FfHRhVKbpPjRVNIkFEnvYoDPz6w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 70ce63ba5ca17750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 patreon.png
leviatanscans.com/wp-content/uploads/2021/05/ 8 KB
8 KB 149ms
144ms Image
image/png 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/05/patreon.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: af778e059e32f18a6016ab0c2cdc8900a7a5a27c0271ce43cd578ce6f8d3e442

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13363434
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7751
last-modified: Wed, 26 May 2021 13:50:52 GMT
server: cloudflare
etag: "60ae523c-1e47"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p%2Bal8BO3eEg7iNwcsaqLfMsIXXUtX%2BKFCClkQgFIHCOSfmD2sOWRexepAkFg%2BZeYNxMvTAPGfgGqamw%2FmfM70yYnKg6kgszq5yqX%2B0unhFfCTPlH37tSPch3yO%2Fej0Wt%2Bv71VZzvP7jOdlb9Nd3pxA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 70ce63ba5ca27750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cover-1-75x106.jpg
leviatanscans.com/wp-content/uploads/2021/03/ 4 KB
5 KB 150ms
145ms Image
image/jpeg 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/03/cover-1-75x106.jpg
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f7dc16eabb68cee071897c75fd72a84a2a009d2e8875661856fed0dd725db7e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
last-modified: Tue, 21 Dec 2021 03:10:21 GMT
server: cloudflare
age: 12754455
etag: W/"61c1459d-10a6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KmVsEqf4Yv6PXJKsIjnsDnlHlhl8OJBG5CxeogHQ0VXkANFe%2FAuII%2BQG1E9qJaMw4gCVJ8MN9Bp9HNndmLJdcwQaTzMfmgCT1ojwY3xTPySuLPKINtR47lo7mmWOR0CbcJc5bUP39QFDwvTdxlMFng%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 70ce63ba5ca57750-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cover-_TSRC-75x106.png
leviatanscans.com/wp-content/uploads/2021/03/ 19 KB
19 KB 150ms
145ms Image
image/png 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/03/cover-_TSRC-75x106.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5b5da5a6a23c58b2d4d912b58cfb30ee461185651a79659dcb326206cd793b25

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13363434
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 19132
last-modified: Fri, 12 Mar 2021 08:05:28 GMT
server: cloudflare
etag: "604b20c8-4abc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gwlvst7A1uFdeu3U%2BYjk%2FHgEF1%2B%2BEOkiA5ML5Qh2RyAJmokjAZnL9p8oKvk9RAjchlZ65KnPEIBm0QCz0lOT5nhHfw6flylJaNYkGAejLwQlw1XCxKfsgAgCRPAenUnFNqV5ipgLgwDl8vmkS3xjWA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 70ce63ba5ca97750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 Cover-Trash-Of-The-Counts-Family-75x106.jpg
leviatanscans.com/wp-content/uploads/2021/03/ 5 KB
6 KB 151ms
146ms Image
image/jpeg 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/03/Cover-Trash-Of-The-Counts-Family-75x106.jpg
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: be7f27179c849f3e69bc6082925749287af2273c220e765778a7a4a980c4ecc7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
last-modified: Mon, 28 Mar 2022 04:02:03 GMT
server: cloudflare
age: 4371433
etag: W/"6241333b-13ee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B%2FxAFOWOnNOgjKfTyRMmLT3rJn%2BUi%2FfsurCFJdoqK%2F7sAhK92TAGu6GTLpoHgYCjk8fMEMsBg3KzR1uZKAfOpOroD30c3wcvEhj1ns86k22LMtomf49NTvjBQXetwwkjWoS4po%2BUSla98qnnw7mRGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 70ce63ba5caa7750-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cover-SK-75x106.png
leviatanscans.com/wp-content/uploads/2021/03/ 20 KB
21 KB 151ms
146ms Image
image/png 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/03/cover-SK-75x106.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 596999469e73831df3434f419bb097e6fe80049c3ed87b34ccda50f3efc2fcfb

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17548959
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 20821
last-modified: Wed, 04 Aug 2021 00:06:06 GMT
server: cloudflare
etag: "6109d9ee-5155"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FXmeuWPpjzQNhJDLZ1edtXaYgQzoG9xdNBnUmY4OWSOzAAYAZoJBOlLqkc7rWxjuUMwuHa9o%2Fnq5%2FgOF%2BeveRFW6yLXP6RJCs%2Bh1Mbe8b77rubwUqtl9l1SSNS8bx0v2qwWzVBiUoEotKlk%2Fu%2FSH8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 70ce63ba5cac7750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 My-Dad-Is-Too-Stronmg_2-75x106.png
leviatanscans.com/wp-content/uploads/2021/03/ 20 KB
20 KB 151ms
146ms Image
image/png 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/uploads/2021/03/My-Dad-Is-Too-Stronmg_2-75x106.png
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cdd9d614033bbea0d12c55f559381760267802641e35634e6a3b033ab8be272a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13286749
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 20352
last-modified: Wed, 03 Nov 2021 06:57:26 GMT
server: cloudflare
etag: "618232d6-4f80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=McpkG40%2BA%2BGGAoQUgksK2r15jD81eGEXvHUZiQ4nTg5YtgbGxMgynBs4w5%2Bus48E9yQ%2BsvXgT9oPGVU0wtDiQyI8krypIgH4P30z9we2YheUQkZI4aRNTDoybJllkAOzU6Ao73Td8mcHaV5Pjlkh6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 70ce63ba5cae7750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 comment_embed.js Show response
leviatanscans.com/wp-content/plugins/disqus-comment-system/public/js/ 878 B
986 B 39ms
39ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=5.9.3
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60631ed8f1dfa6713ff9e30fec41786aadc477c0cac5a75dca66b5a49f76b901

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3586318
cf-polished: origSize=1232
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 27 May 2021 07:04:35 GMT
server: cloudflare
etag: W/"60af4483-4d0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y1HwPSCUpVu0u0W8hUvTr7%2BCxy0Vhvd%2Bs6T%2Bt8jFCktcnOveF%2FVLB7HiiURIgFFPiwscNULeismDuuhFiU2MygI0o5Y95RCiYkciQg5lD25IJWlyZNSvZcPT2qhvDZ1LvXgTnm1zxOSs3lCdvjFBmg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63ba3c1a7750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 core.js Show response
leviatanscans.com/wp-content/themes/madara/js/ 375 B
839 B 56ms
54ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/js/core.js?ver=5.9.3
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e72901a5cabcc2459283aefd3cba9917b195d004afea2137b3fdb586dfc27ce3

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3587679
cf-polished: origSize=538
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: W/"61235442-21a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hvgsxtl5eWaSaFW9qd8gZZcy2yO6aj5JUqY5gGgRCYxDTYGR82P9MSsQ5YW0xxgwo%2FiDRT%2B9mO1Sj2RudIxeba3WGG6bq2jjshbUC3h4qdynuKW%2BBLNmI8Tr0UHw409ZtfgTkWIXu08xH%2BpMALRuzg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63ba5c487750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 bootstrap.min.js Show response
leviatanscans.com/wp-content/themes/madara/js/ 62 KB
16 KB 56ms
52ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/js/bootstrap.min.js?ver=4.6.0
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: edd03b96ae4ff7886406c59d7dfeeaa1b624a7da297bf2f92d0cb6b7f9633cba

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17549621
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: W/"61235442-f7eb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7VEIrLnNh%2FiD2dbCxVD3AuPZMUWdrzWPIzZU%2F5PMF%2FBn45i%2F75IanI6sb7T6y4LhwbZLATkWbD%2FenNshD2sq1Ub9HyrBMZXD3eBZKNQAiSg3pjhrHuceHx%2BtDJKuaMuE4Zs2e4XnrauZ6tke6%2BUlOA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63ba5c4c7750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 shuffle.min.js Show response
leviatanscans.com/wp-content/themes/madara/js/ 20 KB
7 KB 56ms
49ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/js/shuffle.min.js?ver=5.3.0
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6def1bda699ef5e604dde98b184bb397b4b13483b2866ef5fb52fe3af531310b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17549621
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: W/"61235442-50f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WJ08Au6TMUc%2BPBiqtKfQo%2FglB8TkyQyBfovLsR%2BszaC73%2F2HYpDabVd4YMGiS24sKovNG%2BN4GHvP73zB1zjDBH7T8iSgqu79iMMhcHdol42fLb6QHa7Osk1EGVjdQ5WosMdCchmWeHdp%2BvnhtPP7tA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63ba5c557750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 imagesloaded.min.js Show response
leviatanscans.com/wp-includes/js/ 5 KB
2 KB 57ms
50ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17549621
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
server: cloudflare
etag: W/"5ee520a7-15fd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VH%2FucRUhWM4tXxQzcLYgPMtgKWqzN2gVYyYChO4Rf%2FVm04BcA7tHRmuTLG34yElawBSKPCWQAb2uKYYKuRH0dLBLORIsgjoKHpugQ2LRO9vnqTEbqzaa9fWHCbJoXpPPrcTZKrBqPpwObpUrnOTKMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63ba5c587750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 aos.js Show response
leviatanscans.com/wp-content/themes/madara/js/ 12 KB
5 KB 57ms
50ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/js/aos.js?ver=5.9.3
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ea0776169602aa06ca7e5f4f7455bbc86459d46ca900ed665bf9fe077c77b40b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3587679
cf-polished: origSize=12446
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: W/"61235442-309e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HGnloMFtdAYCHr0mZti28zKin7LjcnoTbuoySMr3S71iwvrncqxO9xYWTe0bV8gDVQCSKCmL60Ppc6TJGWLmebGHzBxaiwfZrrK4bZjfM4%2BCk%2BBGfiHcP%2B1iCymguL4F3W86xT%2Bqc2cFhZ0iPS1h6A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63ba5c5b7750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 template.js Show response
leviatanscans.com/wp-content/themes/madara/js/ 16 KB
5 KB 60ms
52ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/js/template.js?ver=1.6.6
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3aed79010fbe2de5b979c31502c15d33e28c6565562a680f994f12e555eeca84

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17549620
cf-polished: origSize=21833
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: W/"61235442-5549"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5dhTxumhZ5QkFTXmNiYupcG%2Bh2IwFpXq4woLsxGj1NntCTQYxz%2FjTbue70Ec0t1rlgNTphRRzJQj%2BRW6xK%2BqTUziWW6ygiJW6iVKF4zrOCc%2B45sqEwIwAi1c0czKCv4XwIklyBF3emRQUxSu8hLjTw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63ba5c5d7750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 ajax.js Show response
leviatanscans.com/wp-content/themes/madara/js/ 1 KB
1 KB 61ms
53ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/js/ajax.js?ver=5.9.3
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f82ee58d2108699a11f13c771a5ae5a95bc3360928e9c462198b195f8b9b4bb

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3587679
cf-polished: origSize=2160
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: W/"61235442-870"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AajNrgudGWH4PUDnY63InKlvsVqlYKmw9YuemV0gCvuxY2vWbedXqEJ57uHogHIF5MvQJYOPNWr%2Bt7xA1nVfUtvem7Scvv0kDo6FH2PHlRnJoIXgoysuoH10QhAg%2BNOyDEeoqJdZcBykYkEUy444KA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63ba5c5e7750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 login.js Show response
leviatanscans.com/wp-content/plugins/madara-core/assets/js/ 7 KB
2 KB 61ms
54ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/plugins/madara-core/assets/js/login.js?ver=1.7.2
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d4b0976813afe99e70baeaef4ef1ee77ed72fb5276cce430c75141ffde9d90a8

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 14505187
cf-polished: origSize=9424
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 30 Nov 2021 21:10:12 GMT
server: cloudflare
etag: W/"61a69334-24d0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LhvRNnDj8yYPlN0Cy0UTInPs%2F2pxPGvW20fZh40m%2BS0PiUaAj3OIQr608y3tnInETDEA2mMmMy6npeVHRYySwT3LiyVXgQP0038ivfjjWlnA4HnkBuLcdNDUyfYKcciNkMS7ZYgms7tDiAPW76r1oA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63ba5c607750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 slick.min.js Show response
leviatanscans.com/wp-content/plugins/madara-core/assets/slick/ 43 KB
12 KB 61ms
54ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/plugins/madara-core/assets/slick/slick.min.js?ver=5.9.3
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 357452f2a55c999ddd3afdcbce2c339d41cf7a01613d9d45ff88a753bb82f21d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3587679
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 30 Nov 2021 21:10:12 GMT
server: cloudflare
etag: W/"61a69334-ab69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=InhTog3Ug3Idi%2BIfYnUYxUp%2FzUnHznYD0XRN2Zg945gRZ5zXw%2FDB7v23v0PhssfYNwhUArBZfK3dfR39vcDQ2n5SLfCG9IpCsDN3SJbr6Jx%2Bx%2BR3cpQkIVi0EbzG%2B8jl1xcgLOysq5SIj0vknHrLQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63ba5c617750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 core.min.js Show response
leviatanscans.com/wp-includes/js/jquery/ui/ 20 KB
7 KB 62ms
54ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9d7da1b980a95ff3d31d0bb8733cbabd1d210ec601d15a1aac2b67394a33191d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7038453
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 22 Feb 2022 17:44:35 GMT
server: cloudflare
etag: W/"62152103-50ea"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g4ew8d4Tjp9TTM3uIZ0etA%2FQJx7%2Bk1%2BTdpbTdFiEySRCCBfStBX4aP4vUs8ti%2BpJ02Gm%2FIQNJlFDS3k2ysTUw8aEOSWCJVyNqxLGwE5KvAmxsmBM6lsCeSERVSveRacfLJDLiOAV1YGs1hdRwf%2B2sA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63ba5c637750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 menu.min.js Show response
leviatanscans.com/wp-includes/js/jquery/ui/ 10 KB
4 KB 62ms
55ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/jquery/ui/menu.min.js?ver=1.13.1
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2abc07f83e0a9c350b5580983d7eb8249eb5848c40e4762770297b9e67eba974

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7259801
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 22 Feb 2022 17:44:35 GMT
server: cloudflare
etag: W/"62152103-2784"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eJv6sLkbJVg7ZFsFW7xA9%2BxwK9w0EJVhKYyYQsjEeomZEUasZrbl6IId5FiF3FB6Pzis37lGft%2FjSbOlAkYs8qvGyMfU3BUk%2FMOy%2BG%2B%2BCbtfFZpAvEVf5%2F4FvY87WaI4tNAS%2B6aQyt74JlUsJun4BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63ba5c647750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 regenerator-runtime.min.js Show response
leviatanscans.com/wp-includes/js/dist/vendor/ 6 KB
3 KB 62ms
55ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9635303
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 26 Jan 2022 05:45:54 GMT
server: cloudflare
etag: W/"61f0e012-195e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m77A%2BLxxWWct7G9J0yyhAV%2BZAX3QoHpjkCcj2A9%2FO88e4vXA3tNQ1g0o2AWGVz2FXeLEJUGXMhcYFn3Z9fn8JaSMQjYo1TGELrI3hrV14z%2BsQgrehtExbA%2FIpx5AULU92uNrFznobwPUty50IGTKIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63ba5c667750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 wp-polyfill.min.js Show response
leviatanscans.com/wp-includes/js/dist/vendor/ 16 KB
7 KB 63ms
56ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 293913879d30bab7499013e935009f5183facbddd63bfc9656a859622590b80b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17549618
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 20 Jul 2021 17:44:35 GMT
server: cloudflare
etag: W/"60f70b83-4056"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fFYMnU17ayW5Yq0%2FQKB4p9vfYsbSqsiYDz1krRygGv4ornliOyCiw2quTMAQV9uZrfqZqxtEeiqRWAUMzI9B1%2BH%2BGPsGrh1gKGIQ86fi%2BT9l4sfOI7NEAIj6MIuF8Yda9MjGqJg%2BNe%2Fytn8FxK6lqg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63ba5c6d7750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 dom-ready.min.js Show response
leviatanscans.com/wp-includes/js/dist/ 1 KB
1 KB 63ms
56ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/dist/dom-ready.min.js?ver=ecda74de0221e1c2ce5c57cbb5af09d5
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9635303
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 20 Jul 2021 17:44:35 GMT
server: cloudflare
etag: W/"60f70b83-4e9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FeKAz9b4AuvDcclYKKyZc1N6jZB12x2DHA4QPrTEbMdnXLfvqLOLH3gLaKwfl%2Fliv1MoQiTJMUEgslS0S9sdd4I6tUzckpFLYMovQgfvZ9D9Low0mHgsNfV7I0Fa0okIbnuL3%2BqLzZAPFdnGAtZ1pg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63ba5c6e7750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 hooks.min.js Show response
leviatanscans.com/wp-includes/js/dist/ 6 KB
2 KB 113ms
106ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/dist/hooks.min.js?ver=1e58c8c5a32b2e97491080c5b10dc71c
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9635302
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 26 Jan 2022 05:45:54 GMT
server: cloudflare
etag: W/"61f0e012-163a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JNs0rvu4WSy8l77Jc9qMmeBbjjDfDcP0M14yVIaT88GRTvHuUWVrNqXjWiICO55lzKu2veX%2FWUVkbTb1X0gHyJSpw58Kv2mrjaCRN0aoLFUPO%2BFlc9RN0QmxHm%2Bsg%2FoU%2Buu2P7VN0uVQk5u6z17E%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63ba5c6f7750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 i18n.min.js Show response
leviatanscans.com/wp-includes/js/dist/ 10 KB
5 KB 89ms
81ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/dist/i18n.min.js?ver=30fcecb428a0e8383d3776bcdd3a7834
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9635303
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 26 Jan 2022 05:45:54 GMT
server: cloudflare
etag: W/"61f0e012-28a7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CrzfqgLuNMEalEN%2BwyOGUgIvHfVwDq1D4F1y7Mnb0g2AOshOATIjazkhwRB%2BcELIUYUQI14LGed67%2BHDjEUsFs8daQ7e9dkGJY1E%2FeEdudFvG5l1fLX8X19NxD96HDZe9XGE%2FsIAn5Ku5PjzBo57iQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63ba5c727750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 a11y.min.js Show response
leviatanscans.com/wp-includes/js/dist/ 3 KB
2 KB 63ms
56ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/dist/a11y.min.js?ver=68e470cf840f69530e9db3be229ad4b6
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 927e16d837ac9f46ddb4a64c8fea1cbe39343902c91b14e11b484e9b01f98cdd

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9635302
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 26 Jan 2022 05:45:53 GMT
server: cloudflare
etag: W/"61f0e011-bfd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=warFLmMvvmn5kfw%2Bn34VrrfDFG0rtCbx77YYadNgrxsRv64QyEZTDzctlNnOO8XElNi62Clk74HE1HdetQiHc%2F3%2Fpg6xuRGyn4hgE9%2FZG4av%2FxV9wHS91JsV8uvQTI8KQ5hxoGOv3XZytIn90SjZXA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63ba5c757750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 autocomplete.min.js Show response
leviatanscans.com/wp-includes/js/jquery/ui/ 8 KB
4 KB 81ms
74ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-includes/js/jquery/ui/autocomplete.min.js?ver=1.13.1
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21c7b4a55ddcf0f40806dbec924729bd87dca55501380f6e6069b9f6e3492437

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7259801
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 22 Feb 2022 17:44:35 GMT
server: cloudflare
etag: W/"62152103-214f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T7c27b5HjL1XYOQxc%2FZ%2BmQG7EFvpGLmbs7Wb816CbqX%2FVB%2BSFw634ROd59PDHFc%2F3xwj%2B6h2gRB7FMIVkDt4fazG4Atkgj5b2dxDT8zM6luQdkU%2BjsxqDT%2FQup0a%2BLULRoscdTvzqOvBPfNqbM6thw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63ba5c767750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 script.js Show response
leviatanscans.com/wp-content/plugins/madara-core/assets/js/ 23 KB
7 KB 82ms
75ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/plugins/madara-core/assets/js/script.js?ver=1.7.1
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7081041f8eb7e8011e73de1556b636ab3627459f834f9ac532ec0928b1f2611

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 14505187
cf-polished: origSize=35316
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 30 Nov 2021 21:10:12 GMT
server: cloudflare
etag: W/"61a69334-89f4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=61kmMUNG1desGGnNrauhsCWqO7EQZxX25jF1I0wfPEuMud%2FGnzyEKjT%2BVX3VYoieT%2FBToiVRHjDhslzIlPmVzkMBftgCTJCtzEKmiSFsS9i6iUPpGCKwiaPlvXXEa1gu5DAzwzjrr9y5iYFcvrR8Gg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63ba5c777750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 slick.min.js Show response
leviatanscans.com/wp-content/themes/madara/js/slick/ 43 KB
12 KB 119ms
112ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/js/slick/slick.min.js?ver=1.9.0
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 357452f2a55c999ddd3afdcbce2c339d41cf7a01613d9d45ff88a753bb82f21d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17549744
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
etag: W/"61235442-ab69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qTIYtmSM3HcFFtnSfPppRPIhS1nbFMkP1%2B%2BHEAI00boWr0uQpPluo6uI2cnbFMFBUv%2FhUsnCCRLcZ0SIbKoBBGDmGfG2raczNg3IZYkuIXE7U7QJ9jK9TJsLUs8XgqorKSmlKvFcXyKLw85RIaLzZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63ba5c787750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 ct-shortcodes.js Show response
leviatanscans.com/wp-content/plugins/madara-shortcodes/shortcodes/js/ 8 KB
3 KB 120ms
114ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/plugins/madara-shortcodes/shortcodes/js/ct-shortcodes.js?ver=1.5.2.1
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5deff4163ad18316aaf1c5ed1aaa3a85f47051686787ab2a2211bb676bcee8a8

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/ayg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17549744
cf-polished: origSize=11264
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 23 Aug 2021 08:04:06 GMT
server: cloudflare
etag: W/"61235676-2c00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XHQCR%2FTMzGayl7PvZq9NQ4suKGBMgrCrxrWhUwB9WzrcA5Px1iODL%2FJxXD2RqHQCJcZR11npSxt%2BL0fkOWkS0zA9M%2FjiD%2BKYUi6AtOAUnLPNgHDZFCM1Faph2aIm0mysTY9NWxO3BA8IADx0LRBWcw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-ray: 70ce63ba5c7a7750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 infolinks_main.js Show response
resources.infolinks.com/js/ 3 KB
2 KB 125ms
48ms Script
application/javascript 172.66.42.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/infolinks_main.js
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 71a053c80bf9ddaa8850853f45bcce8ffb33f8d0c882cdee3d55149c37d3edf4

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

cf-ray: 70ce63bad86a74ad-LHR
date: Tue, 17 May 2022 18:24:22 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Sun, 15 May 2022 13:04:14 GMT
server: cloudflare
age: 4785
etag: W/"d62-5df0c8b6044ab"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 17 May 2022 18:04:37 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 132ms
40ms Script
text/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/ayg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 5608
date: Tue, 17 May 2022 16:50:54 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Tue, 17 May 2022 18:50:54 GMT

GET
H2 200 adRecover.js Show response
delivery.adrecover.com/42458/ 41 KB
11 KB 153ms
69ms Script
application/javascript 2606:4700:4400::ac40:92da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://delivery.adrecover.com/42458/adRecover.js
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:92da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5210fa83a7321389f40d97bf8c28e8cd3ed571fa4577272f931d7fa9dc9a187

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 17 May 2022 07:00:18 GMT
server: cloudflare
age: 40489
etag: W/"62834802-a2e1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=432000
cf-ray: 70ce63baea1b7743-LHR
expires: Sun, 22 May 2022 18:24:22 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205120101/ 309 KB
110 KB 155ms
73ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4875972488010851&plah=leviatanscans.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

147a24c2b8388652d7774b60c5ea07cf37a00ac99cde96b51f07e6acb64d6ffc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112759
x-xss-protection: 0
server: cafe
etag: 15439671340410546898
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 17 May 2022 18:24:22 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220509/r20190131/ Frame F443 10 KB
5 KB 124ms
38ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220509/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

42b853168bb627593eb95b83db66183f7b3bd442db24c37398f1958d1451acd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 81831
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4421
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 19:40:31 GMT
etag: 1428802124239944296
expires: Mon, 30 May 2022 19:40:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

adtags.css
www.papayads.net/clnt/leviatanscans/v2/
Redirect Chain

https://papayads.net/clnt/leviatanscans/v2/adtags.css
https://www.papayads.net/clnt/leviatanscans/v2/adtags.css

412 B
898 B

36ms
35ms

Stylesheet
text/css

2606:4700:20::ac43:4411
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.papayads.net/clnt/leviatanscans/v2/adtags.css

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/ayg

Protocol

Server

2606:4700:20::ac43:4411 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

7d3f245ed19e4ac51ec4433c7643b67e0d733b2ce13dcbaed2436beec05336f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5686
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 17 Jan 2022 22:24:38 GMT
server: cloudflare
etag: W/"22a-5d5ce9e3ff027-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mJWNRh7a85ydiwRt%2BmVp4xCSHlWH9ApA4CYisTRC48kUdT2gZsaZHeQhIOVdGa%2BAvH8Aa7A9k38eyhIU%2FPaAfsEkc4swCedT0gMis%2BX%2FovyFTs0p%2BOaqjeLS29CG7Qf8qopKVdgzD7NmATrfY4g%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-accel-version: 0.01
cache-control: max-age=14400
cf-polished: origSize=554
cf-ray: 70ce63bacdf071db-LHR
cf-bgj: minify

Redirect headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 240
x-powered-by: PleskLin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7NdgOYOyAzC3n%2BCRqdhMbMdVlBHrvwmc4g2PaZLpFFwZjww95QFUmkQgN2e2si2V6OkXp5RR7D8RbgKhfCM4OoKhKOkoVufAJ9AaL%2BGOPoHnf7wVup09FyW8CYpwH%2B%2F9BZHahSvDg9bbqA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
location: https://www.papayads.net/clnt/leviatanscans/v2/adtags.css
cache-control: max-age=14400
strict-transport-security: max-age=15768000; includeSubDomains
cf-ray: 70ce63ba8d7371db-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 hb_313926_10240.js Show response
player.adtcdn.com/prebidlink/459114/ 410 KB
120 KB 127ms
55ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js
Requested by: Host: papayads.net
URL: https://papayads.net/clnt/leviatanscans/v2/adtags.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0da7f3621835ce2f0d40f42fba6af2d214f9d6bced7f1f59b170d32936a15442

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 377
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 16 May 2022 16:25:07 GMT
server: cloudflare
etag: W/"62827ae3-6672f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wv5scJ9AqjoyDqla0VKa7frPdo7VDjC7TLNBOmPNb2VaQSy2PKmsiGXO6lb9gcE%2BniqGsitdZDbuS8Rwirl8tXdpFzvzMVbeCdH5kf5D8ZK2bCBjjm6q3G62o1XVMO89yRyIkf9h8gJq0py2hOTX1A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=345600
cf-ray: 70ce63bac8e08871-LHR
expires: Tue, 17 May 2022 18:33:05 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 81 KB
28 KB 152ms
50ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: papayads.net
URL: https://papayads.net/clnt/leviatanscans/v2/adtags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

ac9374c15c2dd33932d06810ca4fc8b898f179717876eea1da3fef616f4e3b37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28366
x-xss-protection: 0
server: sffe
etag: "1218 / 623 of 1000 / last-modified: 1652785528"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 17 May 2022 18:24:22 GMT

GET
H2 200 wrapper_hb_313926_10240.js Show response
player.adtcdn.com/prebidlink/459114/ 787 B
1 KB 112ms
41ms Script
application/javascript 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtcdn.com/prebidlink/459114/wrapper_hb_313926_10240.js
Requested by: Host: papayads.net
URL: https://papayads.net/clnt/leviatanscans/v2/adtags.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: daddf91dcc24e20b9ef30e0fc56d574b6b00bdb87d883620dc29ff847d2d29d9

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 377
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 16 May 2022 16:25:07 GMT
server: cloudflare
etag: W/"62827ae3-313"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tjH2pg3%2FBuuWHIvk0xtW8OTPIIS1osLEjyARPcbv4kp3eS5ZJYvcL4a9ZblwOn%2FVUWrLkxoYTZOI6LWem4faK34jLGnNYdhsmgE1XJmagePzSdbf3vOrmtKXKPP%2BAW8uMVQtO9iwIvvkOz3oOt5JKw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=345600
cf-ray: 70ce63bac8e68871-LHR
expires: Tue, 17 May 2022 18:33:05 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 135 KB
37 KB 160ms
50ms Script
application/javascript 108.156.255.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: papayads.net
URL: https://papayads.net/clnt/leviatanscans/v2/adtags.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.255.177 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-255-177.dus51.r.cloudfront.net
Software: Server /
Resource Hash: 1909b2a83fd41494d94862c4323944d9d0aa1f1e653f252ea5a73fc5944308b0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: STlSjRvyyTgJyl_raxUeHIFBn6F5DqB3
content-encoding: gzip
etag: 4abd427e43cd6822329a2c05539e321f
age: 347
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 0GM2JN61YH6FR7E1WXAG
date: Tue, 17 May 2022 18:21:06 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 6d98bef126a4247ea75e1c5621ccd3fc.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: ZQLYAxoGJsjqtvdfyZMuU3HswXpov2__PGKF38U5KAZIrqH-Dm-VKw==

GET
H2 200 js Show response
googletagmanager.com/gtag/ 190 KB
69 KB 159ms
54ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googletagmanager.com/gtag/js?id=G-0DPYVF5JK7

Requested by

Host: papayads.net
URL: https://papayads.net/clnt/leviatanscans/v2/adtags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dc68107e71c06ee306e742da349fad5204c19ad823520b0c9d1d3a0cff662a1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69926
x-xss-protection: 0
expires: Tue, 17 May 2022 18:24:22 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v9/ 8 KB
8 KB 127ms
40ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v9/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/wp-content/themes/madara/style.css?ver=1.6.6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fab32ccef85408b763c899ad7c0b910c96c76dc9ed7158ce304fdcd3c0bf8388

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Origin: https://leviatanscans.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 18:18:25 GMT
x-content-type-options: nosniff
age: 518757
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7968
x-xss-protection: 0
last-modified: Tue, 08 Oct 2019 21:22:03 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 11 May 2023 18:18:25 GMT

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v9/ 8 KB
8 KB 131ms
45ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v9/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/wp-content/themes/madara/style.css?ver=1.6.6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07d2b7c2df967b7820b8ce99be3f7db1a1db5a82797826cd9a06e6489e89f71a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Origin: https://leviatanscans.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 16 May 2022 18:02:46 GMT
x-content-type-options: nosniff
age: 87696
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7836
x-xss-protection: 0
last-modified: Tue, 08 Oct 2019 21:22:22 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 16 May 2023 18:02:46 GMT

GET
H3 200 ionicons.woff2
leviatanscans.com/wp-content/themes/madara/css/fonts/ionicons/fonts/ 49 KB
50 KB 147ms
146ms Font
application/font-woff2 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/css/fonts/ionicons/fonts/ionicons.woff2?v=4.5.10-1
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/wp-content/themes/madara/css/fonts/ionicons/css/ionicons.min.css?ver=4.5.10
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d02d165cb720aec2fde78a93113a459729e0503951353f719076bc5b4a7a845

Request headers

Referer: https://leviatanscans.com/wp-content/themes/madara/css/fonts/ionicons/css/ionicons.min.css?ver=4.5.10
Origin: https://leviatanscans.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
age: 1717
etag: W/"c57c-5ca3554723e24-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QwenNgPZhIM4ecv7Euv4Nqg4L9U9XcckvVoKF9gYmhd2D172w1HEL5%2FVlbWtnYWn0N3E0nXZaADbZ0gc1S3u93lP4adj2JGjwT1v16h%2BHad6F8fNEW8DMOhMba9ZP5fDqZnTvr3l6moWOjYPhid27g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff2
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 70ce63ba5cb07750-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 pxiGyp8kv8JHgFVrJJLucHtA.woff2
fonts.gstatic.com/s/poppins/v9/ 9 KB
9 KB 129ms
50ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v9/pxiGyp8kv8JHgFVrJJLucHtA.woff2

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/wp-content/themes/madara/style.css?ver=1.6.6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7930f49c4da455b5c7dd46dd4aaa7260afedf32a341da9fa5f6867cdcf4acee4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Origin: https://leviatanscans.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 07:49:08 GMT
x-content-type-options: nosniff
age: 38114
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9120
x-xss-protection: 0
last-modified: Tue, 08 Oct 2019 21:22:27 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 17 May 2023 07:49:08 GMT

GET
H3 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ 111 KB
39 KB 90ms
76ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: tags.orquideassp.com
URL: https://tags.orquideassp.com/tag/8273

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

383ed29b9d82e132112e0e61cc5052910417147ed9224896c2c710cefe477209

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39569
x-xss-protection: 0
server: cafe
etag: 8250593866512404215
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 17 May 2022 18:24:22 GMT

GET
H2 200 icon.svg
supertruco.com/ 1 KB
821 B 272ms
196ms Image
image/svg+xml 192.0.78.218
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://supertruco.com/icon.svg

Requested by

Host: tags.orquideassp.com
URL: https://tags.orquideassp.com/tag/8273

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.218 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6b54b9d51b8e7575fc6ac2e2bfd7826e021c3385b15f6e07581d58234219a3ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 19 Mar 2021 14:39:52 GMT
server: nginx
etag: W/"6054b7b8-47c"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
date: Tue, 17 May 2022 18:24:22 GMT
x-ac: 3.lhr _atomic_ams
expires: Tue, 24 May 2022 18:24:22 GMT

GET
H2 200 hbw_master_313926_10240.js Show response
player.adtelligent.com/prebidlink/459114/ 134 KB
30 KB 123ms
53ms Script
application/javascript 45.133.44.3
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/prebidlink/459114/hbw_master_313926_10240.js
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/wrapper_hb_313926_10240.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.3 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: 5e4b8eee13bf34c61c4da4ba0abe8a2e77781508ab5045ead1bc31ef7a832fd9

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: gzip
last-modified: Mon, 16 May 2022 16:25:07 GMT
server: nginx
etag: W/"62827ae3-219ff"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Thu, 19 May 2022 18:24:22 GMT
cache-control: max-age=172800
x-proxy-cache: HIT

GET
H2

200

ga-audiences
www.google.co.uk/ads/
Redirect Chain

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1249025418&utmhn=leviatanscans.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Le...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-138586448-1&cid=547592442.1652811862&jid=809826394&_v=5.7.2&z=1249025418
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-138586448-1&cid=547592442.1652811862&jid=809826394&_v=5.7.2&z=1249025418
https://www.google.co.uk/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-138586448-1&cid=547592442.1652811862&jid=809826394&_v=5.7.2&z=1249025418&slf_rd=1&random=2411412623

42 B
501 B

175ms
74ms

Image
image/gif

2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-138586448-1&cid=547592442.1652811862&jid=809826394&_v=5.7.2&z=1249025418&slf_rd=1&random=2411412623

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/ayg

Protocol

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:22 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/html; charset=UTF-8
location: https://www.google.co.uk/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-138586448-1&cid=547592442.1652811862&jid=809826394&_v=5.7.2&z=1249025418&slf_rd=1&random=2411412623
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 block.jpg
delivery.adrecover.com/ 631 B
770 B 34ms
34ms Image
image/jpeg 2606:4700:4400::ac40:92da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://delivery.adrecover.com/block.jpg?ts=1652811862322
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:92da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9284d948e86d2e99f31483b5f4b3a4c3e65e0a6fbca9a8d2db8c6095f82ac3f5

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
age: 10795
last-modified: Wed, 23 Jun 2021 06:37:54 GMT
content-length: 631
cf-bgj: h2pri
server: cloudflare
etag: "60d2d6c2-277"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=432000
accept-ranges: bytes
cf-ray: 70ce63bb9b6a7743-LHR
expires: Sun, 22 May 2022 18:24:22 GMT

GET config
c.amazon-adsystem.com/cdn/prod/ 0
0

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
489 B 72ms
72ms XHR
text/javascript 108.156.255.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fleviatanscans.com%2Fayg&pid=PIetZ5Ozg5T1O&cb=0&ws=1600x1200&v=7.75.0&t=2000&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-1615738069852-0%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F21797538459%2FPapayAds_LeviatanScans_TOP_Banner%22%7D%5D&pubid=9f69069e-7132-4170-a8f2-2b572c005f5b&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.156.255.177 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-156-255-177.dus51.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
via: 1.1 6d98bef126a4247ea75e1c5621ccd3fc.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: DUS51-P2
x-amz-rid: N991Q0F5MW91911C33DQ
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://leviatanscans.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: NlO9opGQ2AhtAI0_q_f7VNSeL5jSAsGSxJh8d54ut6D6fr1sfape_A==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 130ms
44ms XHR
application/javascript 108.156.255.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.255.177 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-255-177.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: aaJeHz3g2a7aWr9hYquBq.aDaObnNoK3
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 57890
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Thu, 28 Apr 2022 01:41:20 GMT
server: AmazonS3
date: Tue, 17 May 2022 02:19:33 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 6d98bef126a4247ea75e1c5621ccd3fc.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: 5KYkM0U9g905TrbYspqoDZuSK8S8LwQcpMfb27J_JEb1WN88seMBEA==

GET
H3 200 pubads_impl_2022051201.js Show response
securepubads.g.doubleclick.net/gpt/ 368 KB
125 KB 118ms
38ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051201.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

7e34e3650444be4442224a77990a95d0ba66457124adf9e73df76e8134110d1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 17:03:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4831
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127621
x-xss-protection: 0
last-modified: Thu, 12 May 2022 08:35:40 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 17 May 2023 17:03:51 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 375 B
193 B 129ms
49ms XHR
application/json 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=leviatanscans.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

07fd252455eb0889fe26448a35eb6e0522d7fa18698bce8c3349e111a8c30e72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 168
x-xss-protection: 0
expires: Tue, 17 May 2022 18:24:22 GMT

GET
H3 200 new.gif
leviatanscans.com/wp-content/themes/madara/images/ 1 KB
2 KB 45ms
44ms Image
image/gif 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://leviatanscans.com/wp-content/themes/madara/images/new.gif
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/wp-content/themes/madara/style.css?ver=1.6.6
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc6555743d11492b02d29baa9a7c9084a5946a9507300097ca8c62dffb4fe230

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/wp-content/themes/madara/style.css?ver=1.6.6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13363228
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1417
last-modified: Mon, 23 Aug 2021 07:54:43 GMT
server: cloudflare
etag: "61235443-589"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I31bVl8Gec3OBpgQmAFKIK6KyEb6dGvFZI%2Bw5QqxRlT3L7AoRBKTFTUDbZTkEyLnlkXtSgr9lOkKiLNXZDKL7ZwkZ9WN0cfoU1qA%2BJ7UrX6fXEFt8d0g9U3zn2gIMt2Ur9gLM3bL%2FemmYsx7XnQiIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 70ce63bbefe27750-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 fa-solid-900.woff2
leviatanscans.com/wp-content/themes/madara/app/lib/fontawesome/web-fonts-with-css/webfonts/ 76 KB
77 KB 41ms
40ms Font
application/font-woff2 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/app/lib/fontawesome/web-fonts-with-css/webfonts/fa-solid-900.woff2
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/wp-content/themes/madara/app/lib/fontawesome/web-fonts-with-css/css/all.min.css?ver=5.15.3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef

Request headers

Referer: https://leviatanscans.com/wp-content/themes/madara/app/lib/fontawesome/web-fonts-with-css/css/all.min.css?ver=5.15.3
Origin: https://leviatanscans.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
age: 1717
etag: W/"13174-5ca35546f7f06-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U170oVdlcQ7Kr0cWQIaReIU0ePI0pTIJMz%2FtLbf%2B5wMDU9sX0GQkvbXWGxqvTYmJZyn9WYDZvpO8fiMsV6y36a66YbvYQSRIw2Q0td4K68rJDcYxpbO%2B9G0htqqDC9%2BBm%2BOp%2Fn6riATD8DGIeOoX0w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff2
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 70ce63bbefe67750-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 pxiDyp8kv8JHgFVrJJLmr19VF9eO.woff2
fonts.gstatic.com/s/poppins/v9/ 9 KB
9 KB 118ms
39ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v9/pxiDyp8kv8JHgFVrJJLmr19VF9eO.woff2

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/wp-content/themes/madara/style.css?ver=1.6.6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7ab8989fc4fdf71dad241d721ae8397c01e29c5d5b09050b16f99d0ed297dca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Origin: https://leviatanscans.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Fri, 13 May 2022 01:40:00 GMT
x-content-type-options: nosniff
age: 405862
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9140
x-xss-protection: 0
last-modified: Tue, 08 Oct 2019 21:22:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 May 2023 01:40:00 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
339 B 132ms
46ms Ping
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-0DPYVF5JK7&gtm=2oe5g0&_p=1057778784&_z=ccd.tbB&cid=1837759030.1652811862&ul=en-us&sr=1600x1200&_s=1&sid=1652811862&sct=1&seg=0&dl=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=LeviatanScans%20%E2%80%93%20Enjoy%20your%20favorite%20comics!&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: googletagmanager.com
URL: https://googletagmanager.com/gtag/js?id=G-0DPYVF5JK7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:22 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://leviatanscans.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 fa-brands-400.woff2
leviatanscans.com/wp-content/themes/madara/app/lib/fontawesome/web-fonts-with-css/webfonts/ 75 KB
76 KB 35ms
35ms Font
application/font-woff2 2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leviatanscans.com/wp-content/themes/madara/app/lib/fontawesome/web-fonts-with-css/webfonts/fa-brands-400.woff2
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/wp-content/themes/madara/app/lib/fontawesome/web-fonts-with-css/css/all.min.css?ver=5.15.3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af

Request headers

Referer: https://leviatanscans.com/wp-content/themes/madara/app/lib/fontawesome/web-fonts-with-css/css/all.min.css?ver=5.15.3
Origin: https://leviatanscans.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
cf-cache-status: HIT
last-modified: Mon, 23 Aug 2021 07:54:42 GMT
server: cloudflare
age: 3453
etag: W/"12bdc-5ca35546f5fc6-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Yky9jdxWvznnGg67x4t%2BDJnKkq0ciV8a6h7QKGt8Ny7D0MwwCh%2BHPl7WIPZnp4zEzAsgCGBKY4IxkIQgfwaXBliUGGj%2BnRVtxILMWxjl%2FUY9ir71ux8EhOelB4zJMclA5t806ajQiRL426xGuYdPg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff2
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 70ce63bc69227750-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 ca-pub-4875972488010851 Show response
fundingchoicesmessages.google.com/i/ 93 KB
33 KB 156ms
70ms Script
application/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-4875972488010851?ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4875972488010851&plah=leviatanscans.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b2277d74e32021a0028209b27e46600204c5b587c39f5b2e61c7e594ba3bb7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7LE6h-feGs1-eQYuIec6tQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'nonce-7LE6h-feGs1-eQYuIec6tQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: application/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-7LE6h-feGs1-eQYuIec6tQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'nonce-7LE6h-feGs1-eQYuIec6tQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ice.js Show response
resources.infolinks.com/js/1795.019-3.025/ 178 KB
55 KB 54ms
53ms Script
application/javascript 172.66.42.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/1795.019-3.025/ice.js
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 662965fa73cc33cae0885f2c931c058093a875e5d368694041967c993fb4cc1d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

cf-ray: 70ce63bcebe374ad-LHR
date: Tue, 17 May 2022 18:24:22 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Wed, 11 May 2022 08:29:56 GMT
server: cloudflare
age: 6058
etag: W/"2c8b1-5deb83f067027"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
content-encoding: gzip
expires: Thu, 16 Jun 2022 16:43:24 GMT

GET
H/1.1 200
OK / Show response
ghb.adtelligent.com/geo/ 132 B
405 B 618ms
93ms XHR
application/json 23.227.146.234
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/geo/
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/459114/hbw_master_313926_10240.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.227.146.234 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 4949e54bc1685c8754c0b2037a34ae60d859922797133862c2a9165cb9ee8e80

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Tue, 17 May 2022 18:24:22 GMT
Server: Adtelligent
Content-Type: application/json
Access-Control-Allow-Origin: https://leviatanscans.com
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
X-Robots-Tag: noindex
Content-Length: 132

GET
H/1.1 200
OK tracking Show response
ghb.adtelligent.com/adunit/ 43 B
434 B 619ms
93ms XHR
image/gif 23.227.146.234
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/adunit/tracking?event=11&type=0&client_id=313926&site_id=10240&full_page_url=https%3A%2F%2Fleviatanscans.com%2Fayg&adid=ahib4v.7k&features=16416&vpbv=N060&lifecycle_tte=1607
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/459114/hbw_master_313926_10240.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.227.146.234 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Tue, 17 May 2022 18:24:22 GMT
Server: Adtelligent
Content-Type: image/gif
Access-Control-Allow-Origin: https://leviatanscans.com
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
X-Robots-Tag: noindex
Content-Length: 43

GET
H2 200 config.json Show response
player.adtelligent.com/exchange_rates/313925/ 6 KB
3 KB 79ms
26ms XHR
application/json 45.133.44.3
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/exchange_rates/313925/config.json?cb=https%3A%2F%2Fleviatanscans.com%2Fayg
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.3 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: 2a2917d2e4ffdfea2569c6ab9ad1fb95737586644007d8907b4f81c563716c35

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: gzip
last-modified: Mon, 16 May 2022 00:02:14 GMT
server: nginx
etag: W/"62819486-19a6"
content-type: application/json
access-control-allow-origin: https://leviatanscans.com
expires: Thu, 19 May 2022 18:24:22 GMT
cache-control: max-age=172800
x-proxy-cache: HIT

GET
H2 200 21735472908 Show response
fundingchoicesmessages.google.com/i/ 93 KB
32 KB 93ms
92ms Script
application/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/21735472908?ers=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7061699be7143d6535f94d889b049c341da0cad4e916fc20adcb8a6e3031e1a2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-VqrwNqhlL80cKQgl0hq2BA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'nonce-VqrwNqhlL80cKQgl0hq2BA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: script-src 'report-sample' 'nonce-VqrwNqhlL80cKQgl0hq2BA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'nonce-VqrwNqhlL80cKQgl0hq2BA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
date: Tue, 17 May 2022 18:24:22 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: application/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 manage Show response
router.infolinks.com/usync/ Frame 50AF 0
34 B 153ms
145ms Document
text/plain 172.66.42.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/usync/manage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fayg
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1795.019-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 70ce63bd9d6674ad-LHR
content-length: 0
date: Tue, 17 May 2022 18:24:22 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
via: 1.1 google

GET
H2 200 lcmanage Show response
router.infolinks.com/usync/ 0
34 B 149ms
144ms Script
text/plain 172.66.42.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/usync/lcmanage?pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fayg
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1795.019-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 70ce63bd9d6974ad-LHR
content-length: 0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

GET
H2 200 gsd Show response
router.infolinks.com/ 0
44 B 133ms
129ms Script
text/plain 172.66.42.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/gsd?evt=afterGSD&pid=3346611&wsid=0&pdom=leviatanscans.com&purl=https%3A%2F%2Fleviatanscans.com%2Fayg&jsv=1795.019-3.025&_cb=16528118626410
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1795.019-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 70ce63bd9d6a74ad-LHR
content-length: 0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

GET
H/1.1 200
OK spt Show response
tg1.aniview.com/api/adserver/ 18 KB
6 KB 197ms
43ms Script
text/javascript 2a02:26f0:3500:595::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://tg1.aniview.com/api/adserver/spt?AV_TAGID=623c56fc50c5544cb7441ab7&AV_PUBLISHERID=61bb50b4ad11e83d79154566
Requested by: Host: papayads.net
URL: https://papayads.net/clnt/leviatanscans/v2/adtags.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:595::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: a543b20306378c5993b2f42f97aa87783702245a904583a6c65e4f2ed9f6fa77

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Tue, 17 May 2022 18:24:22 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, DELETE, PUT, OPTIONS, INDEX
Content-Type: text/javascript
Cache-Control: max-age=300
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Bamboo-Token,Event-Id,X-Requested-With,avsptstaging
Content-Length: 5259
Expires: Tue, 17 May 2022 18:29:22 GMT

POST
H3 204 AGSKWxWJsxyaw33LypMmLfsaEFtgU3-46BbexgfACpSSbxyanYjnuxygXvf-oUVGGnKLqBgqWAIIvzkGVvB7r2ocf-c= Show response
fundingchoicesmessages.google.com/el/ 0
28 B 133ms
52ms XHR
text/html 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWJsxyaw33LypMmLfsaEFtgU3-46BbexgfACpSSbxyanYjnuxygXvf-oUVGGnKLqBgqWAIIvzkGVvB7r2ocf-c=?pvid=C8C6C026-1549-49E3-A43F-BFE703B05C95&anonid=67B57870-A512-4782-BE69-98BDED479C13

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.0H7CWRmOtNU.es5.O/d=1/rs=AJlcJMx730eo_rOfM3aSQMASca6XU9tCKQ/m=kernel_loader,loader_js_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-fFJew-sV49xjGkUBzvqYuw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-fFJew-sV49xjGkUBzvqYuw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://leviatanscans.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-fFJew-sV49xjGkUBzvqYuw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-fFJew-sV49xjGkUBzvqYuw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 221 B
424 B 47ms
46ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=leviatanscans.com&callback=_gfp_s_&client=ca-pub-4875972488010851

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

38c59c1295ab6c317f6a9176e5dab3d883ad5d5c013e419a5446d8f4747e0f09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 209
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
792 B 172ms
48ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=leviatanscans.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 132ms
47ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 72ms
72ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fleviatanscans.com%2Fayg&tn=DIV&cls=go-to-top%20active&ign=false&pw=1600&ph=1200&x=1575&y=1175

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/ayg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 700A 115 KB
37 KB 822ms
742ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&adk=1812271804&adf=3025194257&lmt=1652811865&plat=1%3A16777216%2C8%3A64%2C9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fleviatanscans.com%2Fayg&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=90&bdt=685&idt=15&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4407568677578&frm=20&pv=2&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=285

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

975eeffb0ee7d07345ed5da3f8665210bfcdf29979015310f16e1e6e0ff0528f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 37609
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 17 May 2022 18:24:23 GMT
expires: Tue, 17 May 2022 18:24:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C930 69 KB
28 KB 605ms
530ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=2934450161&adf=1996529579&pi=t.ma~as.8517528668&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=4&bdt=686&idt=86&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=xse1nx5sl3&p=https%3A//leviatanscans.com&dtd=290

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1c048d06a68214faca5ad1302e44004e4deda4e7493915cc47f45e746083819e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 28376
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 17 May 2022 18:24:23 GMT
expires: Tue, 17 May 2022 18:24:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5BD0 603 B
68 B 288ms
248ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7913044002918072&output=html&h=90&slotname=www.leviatanscans.com&adk=341351668&adf=1137708138&pi=t.ma~as.www.leviatanscans.c_&w=728&lmt=1652811865&url=https%3A%2F%2Fleviatanscans.com%2Fayg&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=5&bdt=685&idt=102&shv=r20220509&mjsv=m202205120101&ptt=5&saldr=sa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=4407568677578&frm=20&pv=2&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=502&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=zuAMxHfhUR&p=https%3A//leviatanscans.com&dtd=325

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 17 May 2022 18:24:23 GMT
expires: Tue, 17 May 2022 18:24:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8182 69 KB
28 KB 472ms
436ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3406818463&adk=3473407943&adf=1447115540&pi=t.ma~as.3406818463&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=13&bdt=685&idt=113&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2053&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=oEd2rjo5GF&p=https%3A//leviatanscans.com&dtd=329

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

970275342a648f659763f14e691ccc48d56256ff130d4cfde8b996698b976fef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 28431
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 17 May 2022 18:24:23 GMT
expires: Tue, 17 May 2022 18:24:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5DE6 69 KB
28 KB 486ms
461ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=250&slotname=9245119454&adk=829915779&adf=2503946917&pi=t.ma~as.9245119454&w=330&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=330x250&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=2&bdt=685&idt=118&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=555&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=HJ5vnt9rsO&p=https%3A//leviatanscans.com&dtd=333

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

33ddfd27b2c73f9f7aa019ea8724ee345631c431374c387148b1333ba52c1bce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 28388
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 17 May 2022 18:24:23 GMT
expires: Tue, 17 May 2022 18:24:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3435 23 KB
9 KB 441ms
418ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3064878007&adk=4082483822&adf=57030562&pi=t.ma~as.3064878007&w=1200&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=3&bdt=685&idt=149&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C730x280%2C330x250&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2443&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=ENiZ7otpis&p=https%3A//leviatanscans.com&dtd=341

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

959b9f9e7e9b0627ee5be97627c8208c05d6bb65102dd00e588a2fadfd5a53ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 9698
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 17 May 2022 18:24:23 GMT
expires: Tue, 17 May 2022 18:24:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 AGSKWxV01LjaIGgG95Z0GDtB5UfIpq17NzkTsh6m0E_KLZd_kYLFcEFclq7nt4v6tAU4BjBFumnu6fAMlt-Le0A23_4= Show response
fundingchoicesmessages.google.com/f/ 46 KB
17 KB 149ms
69ms Script
application/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxV01LjaIGgG95Z0GDtB5UfIpq17NzkTsh6m0E_KLZd_kYLFcEFclq7nt4v6tAU4BjBFumnu6fAMlt-Le0A23_4=?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjUyODExODYyLDgwMjAwMDAwMF0sIkM4QzZDMDI2LTE1NDktNDlFMy1BNDNGLUJGRTcwM0IwNUM5NSIsIjY3QjU3ODcwLUE1MTItNDc4Mi1CRTY5LTk4QkRFRDQ3OUMxMyIsbnVsbCxbbnVsbCxbN10sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLHRydWUsdHJ1ZV0sImh0dHBzOi8vbGV2aWF0YW5zY2Fucy5jb20vYXlnIixudWxsLFtdXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6588429337f7d5c544edaf371cff5f0b977bdc35637a19ecd60d1d8e906ef6f0

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-WlS2WGXfFUshfWcdMLh6yg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-WlS2WGXfFUshfWcdMLh6yg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: application/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-WlS2WGXfFUshfWcdMLh6yg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-WlS2WGXfFUshfWcdMLh6yg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 33 KB
12 KB 139ms
139ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3889823887939924&correlator=3716855733942931&eid=31067384%2C31067485%2C31067168%2C31065401%2C44752585%2C31061690%2C31062931%2C44755509&output=ldjh&gdfp_req=1&vrg=2022051201&ptt=17&impl=fifs&us_privacy=1---&iu_parts=21797538459%2CPapayAds_LeviatanScans_Interstitial&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=7&adks=4232083514&sfv=1-0-38&ecs=20220517&ists=1&fas=8&fsapi=false&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1652811862825&lmt=1652811865&dlt=1652811861767&idt=813&biw=1600&bih=1200&adxs=-9&adys=-9&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fleviatanscans.com%2Fayg&frm=20&vis=1&scr_x=0&scr_y=0&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=true&ga_cid=1837759030.1652811862&btvi=-1&topics=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

2457a48cde8c80f138de2db222d5312f30ff66c51b81baccee8f9caff6cf630e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12244
x-xss-protection: 0
google-lineitem-id: 5914036035
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138381131813
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://leviatanscans.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame BD88 6 KB
4 KB 174ms
47ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 17 May 2022 18:24:22 GMT
expires: Wed, 17 May 2023 18:24:22 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads_2022051201.js Show response
securepubads.g.doubleclick.net/gpt/ 36 KB
13 KB 40ms
39ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022051201.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

50a897de75bdd70ce9553f392452dde4204b135a36370814e5d29b9e80364ff4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 13:17:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 450387
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13426
x-xss-protection: 0
last-modified: Thu, 12 May 2022 08:35:40 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 12 May 2023 13:17:55 GMT

GET
H2 200 avcplayer.js Show response
player.avplayer.com/script/2/v/ 251 KB
61 KB 236ms
47ms Script
application/javascript 2a02:26f0:3500:c::5c7b:6837
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.avplayer.com/script/2/v/avcplayer.js
Requested by: Host: tg1.aniview.com
URL: https://tg1.aniview.com/api/adserver/spt?AV_TAGID=623c56fc50c5544cb7441ab7&AV_PUBLISHERID=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:c::5c7b:6837 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 4fb80b7bf623f709e8773d63406d7d20cbb8dda584d2259f86b7cc94050923d1

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdv3MtB8ywSkxoFTIcVTwmMCJVLnsqLiokzJPDc1lTU-XBbxh1xIFRlJmFv_ujNnAJO9Rwzbgi9de8Pj1jr87iA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
content-length: 61326
last-modified: Thu, 03 Mar 2022 17:18:44 GMT
server: UploadServer
etag: "9dff0335699f04080269947f40c366ae"
vary: Accept-Encoding
x-goog-hash: crc32c=DITkQg==, md5=nf8DNWmfBAgCaZR/QMNmrg==
content-language: en
x-goog-generation: 1646327924579580
cache-control: public, max-age=300
x-goog-stored-content-length: 61326
accept-ranges: bytes
content-type: application/javascript
expires: Tue, 17 May 2022 18:29:23 GMT

GET
H2 200 track
track1.aniview.com/ 0
71 B 313ms
105ms Image
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?pid=61bb50b4ad11e83d79154566&cid=623bc9622f94191f44179174&cb=1652811862841&r=leviatanscans.com&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&e=playerLoaded
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

POST
H3 204 AGSKWxXUjdHYuXhwNqM3rgCxLTI9nSFl0MFNgp3pzL7gUYKTLFMd9DgZWv0V_AkYCNv3LVu4i1-ZXl_lVDuN-tHgxd9zTUPJZvLT4HMNOV0sXqzbObVJi83Uj5W9iAc1XjnUMmuKiy-mx0cpuoj1nIPGXAwVanT6xNxPLcBpNfLW2rYqjf-MMfOqikTKo8g4 Show response
fundingchoicesmessages.google.com/el/ 0
28 B 52ms
52ms XHR
text/html 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxXUjdHYuXhwNqM3rgCxLTI9nSFl0MFNgp3pzL7gUYKTLFMd9DgZWv0V_AkYCNv3LVu4i1-ZXl_lVDuN-tHgxd9zTUPJZvLT4HMNOV0sXqzbObVJi83Uj5W9iAc1XjnUMmuKiy-mx0cpuoj1nIPGXAwVanT6xNxPLcBpNfLW2rYqjf-MMfOqikTKo8g4

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorIabCcpaWebSignalJs.en_GB.fz7QXx_pVf8.es5.O/d=1/rs=AJlcJMydreM0wHuzenpjoTLXkcu7vWkFAg/m=iabccpawebsignalscript

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-V12ZmE78uX1_r3ac-jFj0w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-V12ZmE78uX1_r3ac-jFj0w' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://leviatanscans.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-V12ZmE78uX1_r3ac-jFj0w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-V12ZmE78uX1_r3ac-jFj0w' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxW-1ZEgfkfkbvxAQ-MTMMUdys1pLQMkzEp9fmqZ6yARoMrpo-ESZ3HwzZ2R-N0zy9KHoqQVvUkdTtNECqiIoYw4ZhWFmPVyzIC0pWTRSrdprELYBJh2d3DatUrbr0orFRGrT56jHQHSGZ07ofWb15FC-1tsk9sWZmI11ESUwBzgDJ48D6PJuuohNJch Show response
fundingchoicesmessages.google.com/f/ 64 KB
23 KB 71ms
71ms Script
application/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxW-1ZEgfkfkbvxAQ-MTMMUdys1pLQMkzEp9fmqZ6yARoMrpo-ESZ3HwzZ2R-N0zy9KHoqQVvUkdTtNECqiIoYw4ZhWFmPVyzIC0pWTRSrdprELYBJh2d3DatUrbr0orFRGrT56jHQHSGZ07ofWb15FC-1tsk9sWZmI11ESUwBzgDJ48D6PJuuohNJch?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjUyODExODYyLDk3NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsMTBdLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxLDFdLCJodHRwczovL2xldmlhdGFuc2NhbnMuY29tL2F5ZyIsbnVsbCxbXV0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7365b57cdba2fe0b48b54256506152ada03e70fa3e671c44bb643fc840828a3e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-FqOFkOJajW6nZsJfTgZzww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-FqOFkOJajW6nZsJfTgZzww' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: script-src 'report-sample' 'nonce-FqOFkOJajW6nZsJfTgZzww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-FqOFkOJajW6nZsJfTgZzww' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorGlobalRouterHttp"
x-frame-options: SAMEORIGIN
date: Tue, 17 May 2022 18:24:23 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
report-to: {"group":"ContributorGlobalRouterHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorGlobalRouterHttp/external"}]}
content-type: application/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame F7A9 4 KB
1 KB 135ms
48ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cba47082178b1574a96fa49c257693082949237914f632073da2f476dc81e0db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 17 May 2022 17:01:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 17 May 2022 18:24:23 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 17 May 2022 18:24:23 GMT

GET
H2 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/elements/html/ Frame F7A9 19 KB
9 KB 135ms
40ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01284adf0039080c4d89732ef83440fd31b310a7bf3867b83b030f99ffd1f1c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:19:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 265
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8280
x-xss-protection: 0
server: cafe
etag: 1405619832300133377
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 May 2022 18:19:58 GMT

GET
H2 200 outbrain.js Show response
widgets.outbrain.com/ Frame 6423 199 KB
69 KB 176ms
55ms Script
application/x-javascript 23.35.237.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/outbrain.js
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.237.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-86.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: b284e6b93a42b5cc3ec4e7c3a0e5c590aea40e8242ed1dee47e6df534c15e524

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
last-modified: Tue, 17 May 2022 07:44:57 GMT
etag: "16-wWMUkWi97StPXgZSTCbn5Hhb000"
vary: Accept-Encoding
edge-cache-tag: widget-cheetah
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
x-traceid: efc16fda1758c2cf91565374228d1dfc
timing-allow-origin: *, *
content-length: 70384

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6423 121 KB
37 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/ayg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f53136d93b874d5ba193020ce13caae15abba12c500047c98985c3334a5c8c42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37626
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652269989122821"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 17 May 2022 18:24:23 GMT

GET
DATA 200
OK truncated
/ 385 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 82df16c2b9566862302bf45688a07667a9e658325d3fb54e5dcf9482306a39fa

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 216 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41c8460c9c718fb0e8c275b7baa9083f5477ec0919bab552ef952ecee74c567b

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 256 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7bb3c50cc5b07cea81e62a53039ec4aa49cd718058cbf799eef27bbdb5b958c

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 251 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a288f6d8bed5da66244881b97b6355d945f6ca755c1fc09b750724745cceae03

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 273 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f1c0e9e76f5baa28c2453d0d02b97d42e5f66283f0d3058a4ccc366e7f2411a

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 240 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eaa3d12c6890efadb732d28d679f37a9d9f513ac686e7de453e82000612a7536

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 411 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fbfd3438e10ab28f28f2e1a1fb2ab3bfa431336af08a72f597c0d4d73bfb046e

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 237 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e4446065ebfb65a302d17b88e2c7ed326d8402769eab0843833dea049a65c992

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 238 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1b26c04ff19851d0780ba6dbc37d4920b48f3eeb54963c9ea1667941e01bb7ed

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 logo-header.png
www.papayads.net/images/LOGO/ 4 KB
4 KB 37ms
37ms Image
image/png 2606:4700:20::ac43:4411
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.papayads.net/images/LOGO/logo-header.png

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/ayg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4411 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

6c0d04d68f446d70590b6038869184bccbe976ae88566b8f53449be6622c672b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6924
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3757
last-modified: Mon, 17 Jan 2022 22:52:24 GMT
server: cloudflare
etag: "61e5f328-129d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QBjzYiGIlb1wVqPJbay6UYHsdq1ZaHIM84%2BKLCfDRJBmgxO%2F7ZDwSEJECSLil3bvoVkiecDvA3HX4nA%2FGeoEZHNsWdhEeN8%2FtI1bix7mIxvSgyOK9sqJp%2BV%2FY6vfziFOQ1OedYwPeO3Tc06MUO8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
cf-polished: origSize=4765
accept-ranges: bytes
cf-ray: 70ce63c10a8871db-LHR
cf-bgj: imgq:100,h2pri

GET
DATA 200
OK truncated
/ 480 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ee9a49aae5d1fc7602361ae5c6d69fc8eb128d007b4dee67d42ce19bbf2c87e0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 AVmanager.js Show response
player.aniview.com/script/6.1/ Frame AE9F 371 KB
105 KB 153ms
41ms Script
application/javascript 2a02:26f0:3500:58c::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Requested by: Host: player.avplayer.com
URL: https://player.avplayer.com/script/2/v/avcplayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:58c::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 66ca7c348e680f7724f6078f4e097c09ee8b168427560a3092208ef38243a429

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycduBP-mqr48htCZ2KoVTrtm7quROfxwTwIzNPZrSUGtI3i2KSuQtdmK2Bo5RrP4KKXC3jPTtSa8SVvy5SYLt1-NYQA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 106574
last-modified: Tue, 17 May 2022 10:52:04 GMT
server: UploadServer
etag: "d838cff99a4b483ef2b5b5aa49125150"
vary: Accept-Encoding
x-goog-hash: crc32c=Q18rxA==, md5=2DjP+ZpLSD7ytbWqSRJRUA==
x-goog-generation: 1652784723969576
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 106574
accept-ranges: bytes
content-type: application/javascript
expires: Tue, 17 May 2022 18:29:23 GMT

GET
H2 200 localstore.js Show response
script.4dex.io/ 483 B
942 B 106ms
40ms Script
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 635174
x-amz-request-id: txc22d034c6b9948d1995ff-00627a3731
x-amz-id-2: txc22d034c6b9948d1995ff-00627a3731
last-modified: Tue, 10 May 2022 09:57:32 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HV%2Be%2Fo1UoooHheMvN590wKkUCiHOvkc3df8lojtmtSzCR6DhDK5JEETYmyOwFNYDpqwYkYJIymabKjVGkcEmW7t65x0tQ6FzE76r7gssGi4pDhiOFU8AHth3cdoKMLLUe85%2BgZNhxFb33Rz%2B"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800
x-amz-version-id: 1652176652152482
cf-ray: 70ce63c1af6be638-LHR

POST
H/1.1 400
Bad Request auction Show response
rtb.adxpremium.services/openrtb2/ 521 B
866 B 320ms
161ms XHR
text/plain 135.125.163.79
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 135.125.163.79 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3190286.ip-135-125-163.eu
Software: /
Resource Hash: 4f1eda09a033b2e2138b72154fa00c8ba52b6f54f1a2b289500221be7363eb72

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:23 GMT
x-prebid: pbs-go/unknown
vary: Origin
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://leviatanscans.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 521
expires: 0

POST /
prebid.smilewanted.com/ 0
0

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 37 B
331 B 495ms
364ms XHR
application/json 104.92.100.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=356568&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2232e38dd05399e38%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fleviatanscans.com%2Fayg%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A3%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A3%2C%22ren%22%3Afalse%2C%22version%22%3A%226.7.0-pre%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2233fe7d2d3330494%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A320%2C%22h%22%3A100%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22320x100%22%7D%7D%2C%7B%22w%22%3A320%2C%22h%22%3A50%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22320x50%22%7D%7D%2C%7B%22w%22%3A336%2C%22h%22%3A280%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22336x280%22%7D%7D%2C%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22gpid%22%3A%22%2F21797538459%2FPapayAds_LeviatanScans_TOP_Banner%23div-gpt-ad-1616326708758-0%22%7D%7D%2C%7B%22id%22%3A%2240216a4adc54c9%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A320%2C%22h%22%3A100%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22320x100%22%7D%7D%2C%7B%22w%22%3A320%2C%22h%22%3A50%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22320x50%22%7D%7D%2C%7B%22w%22%3A336%2C%22h%22%3A280%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22336x280%22%7D%7D%2C%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22gpid%22%3A%22%2F21797538459%2FPapayAds_LeviatanScans_BOTTOM_Banner%23div-gpt-ad-1616326898623-0%22%7D%7D%2C%7B%22id%22%3A%2247cc95cb3d581b9%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A320%2C%22h%22%3A100%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22320x100%22%7D%7D%2C%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22gpid%22%3A%22%2F21797538459%2FPapayAds_LeviatanScans_Sticky_Footer%23div-gpt-ad-1615738338538-0%22%7D%7D%5D%2C%22at%22%3A1%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2272cea876-8b5b-4db5-b9ff-865494e9e7cb%22%7D%5D%7D%5D%7D%7D
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.92.100.195 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-100-195.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 24f51bd1908032a537d51eb7a3c7b9495059875aef2fa8dd1c42382c9d3c3242

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:23 GMT
x-ak-initial-geo: CC:[GB], RC:[EN], CN:[EU], CIP:[5.187.21.101], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://leviatanscans.com
x-cs-client-geo: 27
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 37
x-ak-client-geo: 27
expires: Tue, 17 May 2022 18:24:23 GMT

POST
H/1.1 200
OK / Show response
ghb.adtelligent.com/v2/auction/ 823 B
589 B 95ms
95ms XHR
application/json 23.227.146.234
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/v2/auction/
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.227.146.234 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 902c37db212d82b5446cc5eda9bb6338ec87e8da816d8547867c8dc6c00515ff

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 17 May 2022 18:24:22 GMT
Content-Encoding: gzip
Server: Adtelligent
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://leviatanscans.com
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
X-Robots-Tag: noindex
Content-Length: 277

POST
H2 204 adapter Show response
useast.quantumdex.io/auction/ 0
339 B 185ms
118ms XHR
text/plain 2606:4700:10::6816:2460
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://useast.quantumdex.io/auction/adapter
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2460 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, GET
access-control-allow-origin: https://leviatanscans.com
access-control-allow-credentials: true
cf-ray: 70ce63c1fdd976ed-LHR

POST
H/1.1 204
No Content hb Show response
cpm.unibots.in/ 0
264 B 117ms
37ms XHR
text/plain 77.245.57.72
WEBAIR-INTERNET-MTL

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.unibots.in/hb?zone=154227&v=1.6
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 17 May 2022 18:24:23 GMT
Server: nginx
Age: 0
Access-Control-Allow-Origin: https://leviatanscans.com
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Connection: close
Content-Length: 0

POST
H2 200 adreq Show response
ads.servenobid.com/ 775 B
677 B 447ms
361ms XHR
application/json 52.18.151.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=6131
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.151.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-151-34.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 3e2681c1bbec399a67bb3cc49ecd03c80183d208813262543d11aac8f08f689c

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://leviatanscans.com
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 367 B
1 KB 375ms
265ms XHR
application/json 185.33.220.100
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.100 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

33cf9eb8cb0b5898801b7d7c6c28a479c6327a1d5bab99830f4988bee772a8e4

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 17 May 2022 18:24:23 GMT
X-Proxy-Origin: 5.187.21.101; 5.187.21.101; 399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 93fd2ec3-df19-47f2-9283-ec4d6a05e2fb
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://leviatanscans.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 367
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 arj Show response
adtelligent-d.openx.net/w/1.0/ 73 B
380 B 111ms
46ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adtelligent-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fleviatanscans.com%2Fayg&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=d47b0038-03b1-41e9-82da-58a0ff3df302%2Ce2f90aa2-85ef-421f-b85d-63c992060bb8%2C00b38a8b-c47a-4c14-a5a8-a94cad71bf1a&nocache=1652811863278&pubcid=72cea876-8b5b-4db5-b9ff-865494e9e7cb&schain=1.0%2C1!adtelligent.com%2C313926%2C1%2C%2C%2C&aus=1024x768%2C768x1024%2C970x250%2C970x90%2C728x90%2C480x320%2C300x600%2C320x480%2C300x250%2C336x280%2C320x100%2C320x50%7C1024x768%2C768x1024%2C970x250%2C970x90%2C728x90%2C480x320%2C300x600%2C320x480%2C300x250%2C336x280%2C320x100%2C320x50%7C970x90%2C728x90%2C320x100&divids=div-gpt-ad-1616326708758-0%2Cdiv-gpt-ad-1616326898623-0%2Cdiv-gpt-ad-1615738338538-0&aucs=%252F21797538459%252FPapayAds_LeviatanScans_TOP_Banner%2523div-gpt-ad-1616326708758-0%2C%252F21797538459%252FPapayAds_LeviatanScans_BOTTOM_Banner%2523div-gpt-ad-1616326898623-0%2C%252F21797538459%252FPapayAds_LeviatanScans_Sticky_Footer%2523div-gpt-ad-1615738338538-0&auid=541177132%2C541177132%2C541177132
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/18.1.0 /
Resource Hash: 596049db1cb81f86d1bf1ece2565e5d5116f55e4b62ac503cec0d35887c934f2

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
server: OXGW/18.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://leviatanscans.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 200 adreq Show response
ads.servenobid.com/ 775 B
678 B 201ms
119ms XHR
application/json 52.18.151.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=9849
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.151.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-151-34.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: f47e25f5f66ae29f75079ca55187a0638285cf348432b70e54964223d3bd9e73

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://leviatanscans.com
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid.1.2.aspx Show response
inv-nets.admixer.net/ 42 B
507 B 135ms
44ms XHR
text/javascript 146.0.227.109
VELIANET-AS velia...

General

Check archive.org

Show headers Download Go to

Full URL

https://inv-nets.admixer.net/prebid.1.2.aspx

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.109 , Ascension Island, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),

Reverse DNS

Software

nginx /

Resource Hash

c979ffd70003be58ccc574778b78d9303e8b5b3494a6cdeb01449d65a5a815e6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 17 May 2022 18:24:23 GMT
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: https://leviatanscans.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Keep-Alive: timeout=25
Content-Length: 42
X-Xss-Protection: 0

POST
H/1.1 200
OK / Show response
ads4.krushmedia.com/ 2 B
304 B 729ms
521ms XHR
application/json 8.2.110.139
NATCOWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://ads4.krushmedia.com/?c=rtb&m=hb
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.2.110.139 , United States, ASN46636 (NATCOWEB, US),
Reverse DNS
Software: nginx /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 17 May 2022 18:24:23 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://leviatanscans.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 22

POST
H2 200 cdb Show response
bidder.criteo.com/ 18 B
315 B 229ms
146ms XHR
application/json 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.7.0-pre&cb=8035546499

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://leviatanscans.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 44

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
205 B 557ms
322ms XHR
text/plain 145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://leviatanscans.com
date: Tue, 17 May 2022 18:24:23 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 222
vary: origin, Accept-Encoding

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 12 KB
6 KB 328ms
222ms XHR
application/json 185.33.220.100
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.100 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

1a098b8bb451bb0d7e35e1b9ea7686f0d64c77c7e4397d87cfafa0ee144e4527

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 17 May 2022 18:24:23 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 5.187.21.101; 5.187.21.101; 399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: abe017d3-6787-470f-b8ae-408fe3f3e69a
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://leviatanscans.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 25 B
650 B 464ms
154ms XHR
application/json 63.251.14.14
INTERNAP-BLOCK-4

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.7.0-pre
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN14744 (INTERNAP-BLOCK-4, US),
Reverse DNS
Software: /
Resource Hash: 6cd53f38c67af6b329f6235c8c83c2b0fb9b1fdc1c31dd8c506e5776a9591c38

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 17 May 2022 18:24:23 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://leviatanscans.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1sea1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 25

POST
H2 200 prebid Show response
mp.4dex.io/ 114 B
598 B 128ms
53ms XHR
application/json 2606:4700::6812:372
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:372 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: abc2d6da702628cd8c1e74f199305540e51948ed38b7174ef982f749b5b03247

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

cf-ray: 70ce63c21b5e068a-LHR
pragma: no-cache
date: Tue, 17 May 2022 18:24:23 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
x-warn: Preparing candidates. No matching rules and/or Bids disallowed and/or Invalid predictions
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://leviatanscans.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
server: cloudflare
expires: 0

GET
H2

200

ROS Show response
pbjs.e-planning.net/hb/1/2e43c/1/leviatanscans.com/
Redirect Chain

https://pbjs.e-planning.net/pbjs/1/2e43c/1/leviatanscans.com/ROS?rnd=0.8214990230066248&e=300x250_0%3A300x250%2C728x90%2C300x600%2C970x250%2C970x90%2C1024x768%2C768x1024%2C480x320%2C320x480%2C336x2...
https://pbjs.e-planning.net/hb/1/2e43c/1/leviatanscans.com/ROS?ct=1&r=pbjs&rnd=0.8214990230066248&e=300x250_0%3A300x250%2C728x90%2C300x600%2C970x250%2C970x90%2C1024x768%2C768x1024%2C480x320%2C320x4...

411 B
827 B

35ms
35ms

XHR
application/json

46.249.52.249
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pbjs.e-planning.net/hb/1/2e43c/1/leviatanscans.com/ROS?ct=1&r=pbjs&rnd=0.8214990230066248&e=300x250_0%3A300x250%2C728x90%2C300x600%2C970x250%2C970x90%2C1024x768%2C768x1024%2C480x320%2C320x480%2C336x280%2C320x100%2C320x50%2B300x250_1%3A300x250%2C728x90%2C300x600%2C970x250%2C970x90%2C1024x768%2C768x1024%2C480x320%2C320x480%2C336x280%2C320x100%2C320x50%2B728x90_0%3A728x90%2C970x90%2C320x100&ur=https%3A%2F%2Fleviatanscans.com%2Fayg&pbv=6.7.0-pre&ncb=1&vs=FFF&crs=UTF-8&fr=https%3A%2F%2Fleviatanscans.com%2Fayg&e_pubcid=72cea876-8b5b-4db5-b9ff-865494e9e7cb
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H2
Server: 46.249.52.249 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: 428318ec3ae0535606feb3deffff0b0abf1ca1113529a3e8a94c246d1b9c668b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
server: openresty
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin: https://leviatanscans.com
expires: Tue, 17 May 2022 18:24:23 GMT
cache-control: max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 411
x-sid: AMS-732

Redirect headers

date: Tue, 17 May 2022 18:24:23 GMT
server: openresty
location: /hb/1/2e43c/1/leviatanscans.com/ROS?ct=1&r=pbjs&rnd=0.8214990230066248&e=300x250_0%3A300x250%2C728x90%2C300x600%2C970x250%2C970x90%2C1024x768%2C768x1024%2C480x320%2C320x480%2C336x280%2C320x100%2C320x50%2B300x250_1%3A300x250%2C728x90%2C300x600%2C970x250%2C970x90%2C1024x768%2C768x1024%2C480x320%2C320x480%2C336x280%2C320x100%2C320x50%2B728x90_0%3A728x90%2C970x90%2C320x100&ur=https%3A%2F%2Fleviatanscans.com%2Fayg&pbv=6.7.0-pre&ncb=1&vs=FFF&crs=UTF-8&fr=https%3A%2F%2Fleviatanscans.com%2Fayg&e_pubcid=72cea876-8b5b-4db5-b9ff-865494e9e7cb
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin: https://leviatanscans.com
access-control-allow-credentials: true
content-type: text/html; charset=iso-8859-1
x-sid: AMS-732

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 12 KB
6 KB 215ms
114ms XHR
application/json 185.33.220.100
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.100 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

bc538eedc38bd9919874481dd7b1bfc9e95c1d848ae48a1ef6bb628ed24156c8

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 17 May 2022 18:24:23 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 5.187.21.101; 5.187.21.101; 399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: d29e7a98-87fe-4731-92e8-fe44f1b7bd51
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://leviatanscans.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
350 B 475ms
247ms XHR
text/plain 145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://leviatanscans.com
date: Tue, 17 May 2022 18:24:23 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 147
vary: origin, Accept-Encoding

POST
H/1.1 204
No Content / Show response
b1h.zemanta.com/api/bidder/prebid/bid/ 0
123 B 406ms
94ms XHR
text/plain 64.202.112.223
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://b1h.zemanta.com/api/bidder/prebid/bid/
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.223 Harrodsburg, United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://leviatanscans.com
Access-Control-Allow-Credentials: true

POST
H2 200 cdb Show response
bidder.criteo.com/ 18 B
314 B 257ms
183ms XHR
application/json 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.7.0-pre&cb=16023444047

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://leviatanscans.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 44

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
179 B 111ms
37ms XHR
text/plain 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://leviatanscans.com
date: Tue, 17 May 2022 18:24:23 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 25 B
650 B 455ms
152ms XHR
application/json 63.251.14.14
INTERNAP-BLOCK-4

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.7.0-pre
Requested by: Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN14744 (INTERNAP-BLOCK-4, US),
Reverse DNS
Software: /
Resource Hash: 4ffbc8cacaee81d4dfdd84917de8e6efc3d66043753be2e9d9273adedc99eff9

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 17 May 2022 18:24:23 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://leviatanscans.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1sea1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 25

GET
H/1.1 200
OK csyncs Show response
ghb.adtelligent.com/ 302 B
536 B 94ms
94ms XHR
application/json 23.227.146.234
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/csyncs?aid1=617707&aid2=617708&aid3=undefined
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/459114/hbw_master_313926_10240.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.227.146.234 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 57b074dee06e5cb30aa2d0b0ee0f428e422b3e60c54b4fc729416d90ada97823

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Tue, 17 May 2022 18:24:23 GMT
Content-Encoding: gzip
Server: Adtelligent
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://leviatanscans.com
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
X-Robots-Tag: noindex
Content-Length: 224

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame 3435 3 KB
1 KB 288ms
194ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3064878007&adk=4082483822&adf=57030562&pi=t.ma~as.3064878007&w=1200&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=3&bdt=685&idt=149&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C730x280%2C330x250&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2443&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=ENiZ7otpis&p=https%3A//leviatanscans.com&dtd=341

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:22:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 96
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 May 2022 18:22:47 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3435 121 KB
37 KB 64ms
63ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f53136d93b874d5ba193020ce13caae15abba12c500047c98985c3334a5c8c42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37626
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652269989122821"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 17 May 2022 18:24:23 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame 3435 15 KB
6 KB 136ms
43ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

965195159be784009cc31e4aff2505c066643cf8cdc99df7f56c2eab2abeda82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:22:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6412
x-xss-protection: 0
server: cafe
etag: 1643562372680595834
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 May 2022 18:22:35 GMT

GET
H3 200 9870904770930696653
tpc.googlesyndication.com/simgad/ Frame 8182 112 KB
112 KB 172ms
80ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9870904770930696653?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qkBWsBJC-Qs_ytV-RAuoVFSEEWaAg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3406818463&adk=3473407943&adf=1447115540&pi=t.ma~as.3406818463&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=13&bdt=685&idt=113&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2053&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=oEd2rjo5GF&p=https%3A//leviatanscans.com&dtd=329

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c8e9a0d9475b9ddd0acd8ee0ef037f76cdbdd267adf0e197f83ea08fccbf4d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 16 May 2022 10:30:29 GMT
x-content-type-options: nosniff
age: 114834
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114573
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 04:30:00 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 16 May 2023 10:30:29 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/ Frame 8182 19 KB
8 KB 142ms
51ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3406818463&adk=3473407943&adf=1447115540&pi=t.ma~as.3406818463&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=13&bdt=685&idt=113&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2053&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=oEd2rjo5GF&p=https%3A//leviatanscans.com&dtd=329

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a17fb8522bf74cf6b5cb185b7f6c7523977c79fe051071bc0e38aa1f59b8174d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:21:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 156
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7989
x-xss-protection: 0
server: cafe
etag: 11406487492938680093
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 May 2022 18:21:47 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame 8182 3 KB
1 KB 114ms
39ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3406818463&adk=3473407943&adf=1447115540&pi=t.ma~as.3406818463&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=13&bdt=685&idt=113&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2053&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=oEd2rjo5GF&p=https%3A//leviatanscans.com&dtd=329

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:22:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 96
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 May 2022 18:22:47 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8182 121 KB
37 KB 63ms
59ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3406818463&adk=3473407943&adf=1447115540&pi=t.ma~as.3406818463&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=13&bdt=685&idt=113&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2053&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=oEd2rjo5GF&p=https%3A//leviatanscans.com&dtd=329

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f53136d93b874d5ba193020ce13caae15abba12c500047c98985c3334a5c8c42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37626
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652269989122821"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 17 May 2022 18:24:23 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame 8182 15 KB
6 KB 260ms
184ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3406818463&adk=3473407943&adf=1447115540&pi=t.ma~as.3406818463&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=13&bdt=685&idt=113&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2053&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=oEd2rjo5GF&p=https%3A//leviatanscans.com&dtd=329

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

965195159be784009cc31e4aff2505c066643cf8cdc99df7f56c2eab2abeda82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:22:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6412
x-xss-protection: 0
server: cafe
etag: 1643562372680595834
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 May 2022 18:22:35 GMT

GET
H3 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame 8182 30 KB
12 KB 261ms
186ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3406818463&adk=3473407943&adf=1447115540&pi=t.ma~as.3406818463&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=13&bdt=685&idt=113&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2053&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=oEd2rjo5GF&p=https%3A//leviatanscans.com&dtd=329

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3d7c7efab021e9e62bc332cdffc52226ac5bb888cfa76bfde4a3a183159b4bce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 16 May 2022 22:19:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72320
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12360
x-xss-protection: 0
server: cafe
etag: 2640822135664651074
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 30 May 2022 22:19:03 GMT

GET
H3 200 1218995909349562240
tpc.googlesyndication.com/simgad/ Frame 5DE6 38 KB
38 KB 155ms
65ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1218995909349562240?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qlpjfqT0hze7pkLn1vEcnTsnGlYTA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=250&slotname=9245119454&adk=829915779&adf=2503946917&pi=t.ma~as.9245119454&w=330&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=330x250&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=2&bdt=685&idt=118&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=555&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=HJ5vnt9rsO&p=https%3A//leviatanscans.com&dtd=333

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f1330315b1d13bbbc12b67d53842a4c759016610c7efa38a2ea240878e1b9bc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 16 May 2022 11:58:45 GMT
x-content-type-options: nosniff
age: 109538
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39300
x-xss-protection: 0
last-modified: Wed, 29 Sep 2021 09:39:20 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 16 May 2023 11:58:45 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/ Frame 5DE6 19 KB
8 KB 129ms
40ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=250&slotname=9245119454&adk=829915779&adf=2503946917&pi=t.ma~as.9245119454&w=330&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=330x250&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=2&bdt=685&idt=118&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=555&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=HJ5vnt9rsO&p=https%3A//leviatanscans.com&dtd=333

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a17fb8522bf74cf6b5cb185b7f6c7523977c79fe051071bc0e38aa1f59b8174d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:21:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 156
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7989
x-xss-protection: 0
server: cafe
etag: 11406487492938680093
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 May 2022 18:21:47 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame 5DE6 3 KB
1 KB 263ms
190ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=250&slotname=9245119454&adk=829915779&adf=2503946917&pi=t.ma~as.9245119454&w=330&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=330x250&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=2&bdt=685&idt=118&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=555&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=HJ5vnt9rsO&p=https%3A//leviatanscans.com&dtd=333

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:22:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 96
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 May 2022 18:22:47 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5DE6 121 KB
37 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=250&slotname=9245119454&adk=829915779&adf=2503946917&pi=t.ma~as.9245119454&w=330&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=330x250&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=2&bdt=685&idt=118&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=555&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=HJ5vnt9rsO&p=https%3A//leviatanscans.com&dtd=333

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f53136d93b874d5ba193020ce13caae15abba12c500047c98985c3334a5c8c42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37626
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652269989122821"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 17 May 2022 18:24:23 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame 5DE6 15 KB
6 KB 250ms
178ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=250&slotname=9245119454&adk=829915779&adf=2503946917&pi=t.ma~as.9245119454&w=330&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=330x250&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=2&bdt=685&idt=118&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=555&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=HJ5vnt9rsO&p=https%3A//leviatanscans.com&dtd=333

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

965195159be784009cc31e4aff2505c066643cf8cdc99df7f56c2eab2abeda82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:22:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6412
x-xss-protection: 0
server: cafe
etag: 1643562372680595834
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 May 2022 18:22:35 GMT

GET
H3 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame 5DE6 30 KB
12 KB 263ms
191ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=250&slotname=9245119454&adk=829915779&adf=2503946917&pi=t.ma~as.9245119454&w=330&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=330x250&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=2&bdt=685&idt=118&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=555&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=HJ5vnt9rsO&p=https%3A//leviatanscans.com&dtd=333

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3d7c7efab021e9e62bc332cdffc52226ac5bb888cfa76bfde4a3a183159b4bce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 16 May 2022 22:19:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72320
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12360
x-xss-protection: 0
server: cafe
etag: 2640822135664651074
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 30 May 2022 22:19:03 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3435 0
0 81ms
80ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cxzw7VuiDYr3DOIaE5LcPg-Sn4Avkj9KxXK-w_YiIAcCNtwEQASAAYLsGggEXY2EtcHViLTQ4NzU5NzI0ODgwMTA4NTGgAb3UiOsDyAEJqQLOdrOe_ey0PqgDAaoEygFP0E4jyd75Z7ygLi5Yxtnbcb76KRxikA7kZ6KVpRyVtm3nK9Y4MOEM80-cMng1X77GXaWhhF8pchjX5dqps7k18f-w4NNwiGLkvU0kQ7_EbjHGuevTF4BcNxhlSwCnXImMw1GozmBdnejF8ZHsNZJ1bjPnXhmvNeW4Oaxkm47FMuSRYvd_-rgZTVLtXXuy-wr9jpOtxrISotteHMc2bm_c0l7D3EW2Xqo0n3T5a5YiT0_j6bpbBcokKfoKQVIEjXB5RkNcBVTJF1AsgAaN3vehyZykwtcBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNDg3NTk3MjQ4ODAxMDg1MRgA&sigh=pqJaZpbvjlM&uach_m=[UACH]&cid=CAQSGwCNIrLMjrjlquhBXXNtpdicCvu8xG44o5aVdxgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3064878007&adk=4082483822&adf=57030562&pi=t.ma~as.3064878007&w=1200&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=3&bdt=685&idt=149&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C730x280%2C330x250&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2443&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=ENiZ7otpis&p=https%3A//leviatanscans.com&dtd=341
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 17 May 2022 18:24:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 17 May 2022 18:24:23 GMT

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame 3435 0
0 287ms
35ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=kM6uD7_6RLAJmAKH-lcYAgAAAHBqflP7QxXKEFbog2KQ-Uw2x-DLeM_ygwASAAA&wp=YoPoVgAOIb0A-QIGAAnyA8X8gMeh9Z9o0vePVg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
server: Kestrel
server-processing-duration-in-ticks: 289825
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 1FCA 120 KB
42 KB 174ms
99ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=YoPoVgAOIb0A-QIGAAnyA8X8gMeh9Z9o0vePVg&u=%7C%2F8l6m5wX50v0H51n%2BfzCfnOO7mCEY6EdnyG08QyEDGY%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzm4RCiJiIGT5xwGwpq72AA9lgQMhjuegw_i1z1sivk7DguWQRdbyTCURx0b8AC2Dglbo7TpCaV1fMieuLSCkiWmzCqBGEl1ChYwmiDj-tjZ4Vo02QfdsJLz43PqGIuC6l9EuFfDtett0-bka6retvFsmVRSHNzHDORtkkeSKXrEpNU6IPXMIUndywFZS6R-TRO-haLcxCe4u_wBEWbW5H_UqOg1Kq0Mm8sZwoBUVNbdlUNq0UC7qgTwMaqqDh0sJj57HMMIbvXW7ZwwLptqGI6qi_KVOH_AA4SAw8a5QMu7vL17mhABZu2tOaOoJnjLRJL_iCtGngJMlV2EGi1Ioq4xC1cCu_Wavy1OHTieW9KdVhBXLoUmdIdCnrtCNfKIJLTobTfOFxzHm3bIIdzWd-KHbWeqFDCh6d-Ba1_0iESilt4kEFcL7SZn&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCyRGNVuiDYr3DOIaE5LcPg-Sn4Avkj9KxXK-w_YiIAcCNtwEQASAAYLsGggEXY2EtcHViLTQ4NzU5NzI0ODgwMTA4NTGgAb3UiOsDyAEJqQLOdrOe_ey0PqgDAaoEzQFP0E4jyd75Z7ygLi5Yxtnbcb76KRxikA7kZ6KVpRyVtm3nK9Y4MOEM80-cMng1X77GXaWhhF8pchjX5dqps7k18f-w4NNwiGLkvU0kQ7_EbjHGuevTF4BcNxhlSwCnXImMw1GozmBdnejF8ZHsNZJ1bjPnXhmvNeW4Oaxkm47FMuSRYvd_-rgZTVLtXXuy-wr9jpOtxrISotteHMc2bm_c0l7D3Ae0fzjnPYb8-GQt18yHdRFYEcCYI9QSmtyf6ezY-V1wHYVO_VW_NgGHgAaN3vehyZykwtcBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2zuEuqlIpPOKBPfvBNuRD1nyRHWw%26client%3Dca-pub-4875972488010851%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

10620094b2abaf7d0657a10696a9b2bf066c0b35a35d19c5e9d45711b8c5a1ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Tue, 17 May 2022 18:24:23 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=A3mqdorzBHNPc2VYVvX5GrRmtm4CY0E0kZZqiReTMy7-TyKDdk80ehh8wu3TmsdLCQkJFegdKAXx7oqECF-PY5SwgAg3GLbcXidxZFbUs8z8cw5_Mp-UXIXgHKQwgkfNRQLeB2hnid8-HWUP4ptPn7UQZb6Re5vOFbpjoS5ARErhAOzmJhNgvkv4mG4U_1d7vqo7ZUakPGgJ4hKbcr5cmqzCwr21B73Kwlj5NUB_H3wP_sbqtRaJng4oGcuZBg_V8TA8vVK7ySuLmsO2"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 64704667
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 8182 0
0 82ms
80ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CLgHAVuiDYpuuOMLOkwOK9YG4Cr2esLJpjseUgt4P2tkeEAEg_bzvA2C7BqAB5ribyQPIAQKpAst1JznZFmI-qAMByAPJBKoE0AFP0EK9k98IXm8SJPiSXhXwLzh7Ke603FpysKI0jTrV5x_eCyPuq7cba-x8tGTyEpCqx7zbAKm-ZxLAcEkbDocMOcgNab3B1CaRpeDzrwQCflfVqvPU50OEy2LlrT47b51AjJcicty_XyIpYTYAz-ykUSBBntjHsn2dmgWwlCIMKiMNHsdlzlh8xYbV8xEUuJP7THYl8pnhFSok5lyD8z-mgtSvpdRGLIvucozUSrwu8eaRTaLKGvGehx0ZEu1ufdgL8-CwMC6qFWxtKoOOcDvYwATMt7qZ9wOSBQQIBBgBkgUECAUYBKAGAoAH4YWpN6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEPulAdIICQiA4YAQEAEYH4AKAcgLAdgTDdAVAZgWAYAXAbIXHAoaCAASFHB1Yi00ODc1OTcyNDg4MDEwODUxGAA&sigh=6OIMjMugOLQ&uach_m=[UACH]

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3406818463&adk=3473407943&adf=1447115540&pi=t.ma~as.3406818463&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=13&bdt=685&idt=113&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2053&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=oEd2rjo5GF&p=https%3A//leviatanscans.com&dtd=329

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3406818463&adk=3473407943&adf=1447115540&pi=t.ma~as.3406818463&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=13&bdt=685&idt=113&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2053&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=oEd2rjo5GF&p=https%3A//leviatanscans.com&dtd=329
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 17 May 2022 18:24:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 17 May 2022 18:24:23 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 5DE6 0
0 82ms
80ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CX1zdVuiDYs28OLyg5LcPvuaC-AXy7KTxaZaM6bH6DtrZHhABIP287wNguwagAazyuL8ByAECqQJUJdIHcPMKPqgDAcgDyQSqBNcBT9DUsFPE-S7SpmbooncJtFkBQxemERrDDjtWJOLflNh6Q0kIc_WCOmjq2QuHAuigjDCLcwXHaAiChbDSFjydvX4nOMFSAZ06EFOLd4g1zlDxmrc_FEbAB32dAXEdEbMLitwf6hffmSNJ2lqrO6p7UuDSRQVYMD22VT1anV_zGfrm0MM_n8k1HwWfHvOmZ6zyZQjbX1YWfqa91gzIea355DDYskGR05MlbFMcS0xNr1A8x4nCnIAGwFBZozSonP1lfHOImn3rhNdC2pEESO9PxlQ3JV-R8RnABLHg1qHuA5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYCgAe8jcfAAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEENz_AdIICQiA4YAQEAEYH4AKAcgLAdgTDNAVAZgWAYAXAbIXHAoaCAASFHB1Yi00ODc1OTcyNDg4MDEwODUxGAA&sigh=YHOQEpSklMY&uach_m=[UACH]

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=250&slotname=9245119454&adk=829915779&adf=2503946917&pi=t.ma~as.9245119454&w=330&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=330x250&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=2&bdt=685&idt=118&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=555&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=HJ5vnt9rsO&p=https%3A//leviatanscans.com&dtd=333

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=250&slotname=9245119454&adk=829915779&adf=2503946917&pi=t.ma~as.9245119454&w=330&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=330x250&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=2&bdt=685&idt=118&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=555&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=HJ5vnt9rsO&p=https%3A//leviatanscans.com&dtd=333
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 17 May 2022 18:24:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 17 May 2022 18:24:23 GMT

GET
H2 200 adagio.js Show response
script.4dex.io/ 72 KB
23 KB 108ms
43ms Fetch
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b55131eaef425cb84b957a28df5881c3c83eb11ca9c01e3abccb00baf0e377b6

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 634305
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: tx34a2a24ef6744235ae4c2-00627a3809
x-amz-id-2: tx34a2a24ef6744235ae4c2-00627a3809
last-modified: Tue, 10 May 2022 09:57:31 GMT
server: cloudflare
etag: W/"2430496689c00115831347992a974246"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QVA2XT5P2yqdzhpl8QMlTvVk8apD%2FAITF%2Byy5FaVbNgSK8JrSTR4PBqBDYEO%2F%2FdPOLaJS0pnfqRw7U8mouch5G7ROgevjEl7ezuNK8mfZgYOxoiCeSb6UX3U%2F%2F16jCC6EGkzD1fUHDCb0ZBf"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1652176651393042
cf-ray: 70ce63c29945779b-LHR
access-control-allow-headers: Authorization

GET
H3 200 9870904770930696653
tpc.googlesyndication.com/simgad/ Frame C930 112 KB
112 KB 158ms
97ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9870904770930696653?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qkBWsBJC-Qs_ytV-RAuoVFSEEWaAg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=2934450161&adf=1996529579&pi=t.ma~as.8517528668&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=4&bdt=686&idt=86&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=xse1nx5sl3&p=https%3A//leviatanscans.com&dtd=290

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c8e9a0d9475b9ddd0acd8ee0ef037f76cdbdd267adf0e197f83ea08fccbf4d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 16 May 2022 10:30:29 GMT
x-content-type-options: nosniff
age: 114834
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114573
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 04:30:00 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 16 May 2023 10:30:29 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/ Frame C930 19 KB
8 KB 118ms
57ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=2934450161&adf=1996529579&pi=t.ma~as.8517528668&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=4&bdt=686&idt=86&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=xse1nx5sl3&p=https%3A//leviatanscans.com&dtd=290

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a17fb8522bf74cf6b5cb185b7f6c7523977c79fe051071bc0e38aa1f59b8174d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:21:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 156
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7989
x-xss-protection: 0
server: cafe
etag: 11406487492938680093
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 May 2022 18:21:47 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame C930 3 KB
1 KB 244ms
194ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=2934450161&adf=1996529579&pi=t.ma~as.8517528668&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=4&bdt=686&idt=86&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=xse1nx5sl3&p=https%3A//leviatanscans.com&dtd=290

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:22:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 96
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 May 2022 18:22:47 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C930 121 KB
37 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=2934450161&adf=1996529579&pi=t.ma~as.8517528668&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=4&bdt=686&idt=86&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=xse1nx5sl3&p=https%3A//leviatanscans.com&dtd=290

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f53136d93b874d5ba193020ce13caae15abba12c500047c98985c3334a5c8c42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37626
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652269989122821"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 17 May 2022 18:24:23 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame C930 15 KB
6 KB 229ms
179ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=2934450161&adf=1996529579&pi=t.ma~as.8517528668&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=4&bdt=686&idt=86&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=xse1nx5sl3&p=https%3A//leviatanscans.com&dtd=290

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

965195159be784009cc31e4aff2505c066643cf8cdc99df7f56c2eab2abeda82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:22:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6412
x-xss-protection: 0
server: cafe
etag: 1643562372680595834
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 May 2022 18:22:35 GMT

GET
H3 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame C930 30 KB
12 KB 236ms
187ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=2934450161&adf=1996529579&pi=t.ma~as.8517528668&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=4&bdt=686&idt=86&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=xse1nx5sl3&p=https%3A//leviatanscans.com&dtd=290

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3d7c7efab021e9e62bc332cdffc52226ac5bb888cfa76bfde4a3a183159b4bce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 16 May 2022 22:19:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72320
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12360
x-xss-protection: 0
server: cafe
etag: 2640822135664651074
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 30 May 2022 22:19:03 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame C930 0
0 86ms
85ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CuDvNVuiDYrLVOOuQ5LcP4MqFmAq9nrCyaY7HlILeD9rZHhABIP287wNguwagAea4m8kDyAECqQLLdSc52RZiPqgDAcgDyQSqBNYBT9C6KXPD2iGcsWp-sg0bDU_xnZr1yAjzeg2PhdPCZ7ae6Yqx-U482VqDedstQOkNZzcSM4_AfLdgMpgHtQ6cBva6HBV1IgTpL3pGzOKfAejxHA2a3NHHB1iKIOHyqnAK9LJCgagIaOqsE-wDdyDuJt_eo-nUBFg58M8p6fG5wl3Mbd-ERFy6QdqgR4QoJJ91VrpukGExYDEornwepzEcjFCdENZK_xveuxMLqkUm7RTsxE79pYqmHPXZOq22Bx36LbCCzl7ZyhVdpyZ500YzC7M-hpPzp8AEzLe6mfcDkgUECAQYAZIFBAgFGASgBgKAB-GFqTeoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCHoATSCAkIgOGAEBABGB-ACgHICwHYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItNDg3NTk3MjQ4ODAxMDg1MRgA&sigh=lzYhZqGO_A8&uach_m=[UACH]

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=2934450161&adf=1996529579&pi=t.ma~as.8517528668&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=4&bdt=686&idt=86&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=xse1nx5sl3&p=https%3A//leviatanscans.com&dtd=290

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=2934450161&adf=1996529579&pi=t.ma~as.8517528668&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=4&bdt=686&idt=86&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=xse1nx5sl3&p=https%3A//leviatanscans.com&dtd=290
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 17 May 2022 18:24:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 17 May 2022 18:24:23 GMT

GET
H/1.1 200
OK bGV2aWF0YW5zY2Fucy5jb20= Show response
tcheck.outbrainimg.com/tcheck/check/ Frame 6423 16 B
463 B 267ms
43ms XHR
application/json 23.35.229.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tcheck.outbrainimg.com/tcheck/check/bGV2aWF0YW5zY2Fucy5jb20=
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.229.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-181.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 929701ed632814943e3df803ddd9e3f179ccf889c0ad7b7f3392bd8d109b174f

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Tue, 17 May 2022 18:24:23 GMT
ETag: W/"10-us8lSJutAxKqLzf8c1+n5XstcwY"
Access-Control-Max-Age: 43200
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=8529
Access-Control-Allow-Credentials: false
Connection: keep-alive
X-TraceId: 7783c4377d8b70c52ad3a05ab85cfb22
Content-Length: 16
Expires: Tue, 17 May 2022 20:46:32 GMT

GET
H2 200 px.gif
widget-pixels.outbrain.com/widget/detect/ Frame 6423 43 B
341 B 61ms
38ms Image
image/gif 23.35.237.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget-pixels.outbrain.com/widget/detect/px.gif?ch=1
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.237.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-86.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
last-modified: Wed, 30 Sep 2020 14:22:29 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1601475749.911431"
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 43
expires: Thu, 16 Jun 2022 18:24:23 GMT

GET
H/1.1

200
OK

csync
sync.adtelligent.com/
Redirect Chain

https://a4p.adpartner.pro/ssp/match?redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307558%26extuid%3D%7Buser_id%7D
https://sync.adtelligent.com/csync?t=a&ep=307558&extuid=baf9ea40-7f07-48c0-94b7-97336ca6aa7d

0
407 B

706ms
288ms

Image
text/plain

62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?t=a&ep=307558&extuid=baf9ea40-7f07-48c0-94b7-97336ca6aa7d
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: HTTP/1.1
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Tue, 17 May 2022 18:24:23 GMT
Server: VertaMedia 1.0
Etag: dfc3bd517a3427e7
Content-Length: 0

Redirect headers

location: https://sync.adtelligent.com/csync?t=a&ep=307558&extuid=baf9ea40-7f07-48c0-94b7-97336ca6aa7d
date: Tue, 17 May 2022 18:24:23 GMT
cache-control: no-store no-transform
server: nginx
content-length: 166
content-type: text/html; charset=utf-8

GET
H2 200 track
track1.aniview.com/ 0
70 B 101ms
101ms Image
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?r=leviatanscans.com&sn=&ic=0&tgt=0&app=&wi=256&he=145&test=&d36=6.2.18&apppkg=&fv=1&proto=https&pid=61bb50b4ad11e83d79154566&cid=623bc9622f94191f44179174&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&e=inventory&vi=100&cb=1652811863493
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame ABEE 143 B
163 B 39ms
39ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=250&slotname=9245119454&adk=829915779&adf=2503946917&pi=t.ma~as.9245119454&w=330&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=330x250&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=2&bdt=685&idt=118&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=555&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=HJ5vnt9rsO&p=https%3A//leviatanscans.com&dtd=333

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=250&slotname=9245119454&adk=829915779&adf=2503946917&pi=t.ma~as.9245119454&w=330&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=330x250&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=2&bdt=685&idt=118&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=555&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=HJ5vnt9rsO&p=https%3A//leviatanscans.com&dtd=333
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 889
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Tue, 17 May 2022 18:09:34 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 / Show response
go1.aniview.com/api/adserver/tag/ 28 KB
4 KB 416ms
129ms XHR
application/json 54.145.157.73
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go1.aniview.com/api/adserver/tag/?AV_SLOTT=-2&AV_SECURED=1&AV_LANGUAGE=en&AV_URL=https%3A%2F%2Fleviatanscans.com%2Fayg&AV_PUBLISHERID=61bb50b4ad11e83d79154566&AV_CHANNELID=623bc9622f94191f44179174&tgt=0&AV_SUBID=&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=&pce=1&npx=1&AV_DETDOMAIN=leviatanscans.com&AV_DADPOS=1&AV_TAG=623c56fc50c5544cb7441ab7&AV_TEMPLATE=61bb5afd4990cb1eab7afba4&d36=6.2.18&responsive=1&sver=2&avtoken=863492&AV_WIDTH=256&AV_HEIGHT=145&AV_CCPA=1---&AV_DNT=0&cb=1652811863529
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.145.157.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-145-157-73.compute-1.amazonaws.com
Software: /
Resource Hash: 10ee07df1082f3e5dc7d3fcd15681311a2cddc6e727970ae4d37f56116a6277e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://leviatanscans.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Fri, 06 May 2022 04:37:43 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D6EA 143 B
163 B 39ms
39ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3406818463&adk=3473407943&adf=1447115540&pi=t.ma~as.3406818463&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=13&bdt=685&idt=113&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2053&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=oEd2rjo5GF&p=https%3A//leviatanscans.com&dtd=329

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3406818463&adk=3473407943&adf=1447115540&pi=t.ma~as.3406818463&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=13&bdt=685&idt=113&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2053&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=oEd2rjo5GF&p=https%3A//leviatanscans.com&dtd=329
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 889
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Tue, 17 May 2022 18:09:34 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 3435 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4397caa8ef822f0587ee06aaaa5693b1431bf58d2dff4d95054461cda1ce6d9f

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D27A 143 B
163 B 40ms
38ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=2934450161&adf=1996529579&pi=t.ma~as.8517528668&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=4&bdt=686&idt=86&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=xse1nx5sl3&p=https%3A//leviatanscans.com&dtd=290

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=2934450161&adf=1996529579&pi=t.ma~as.8517528668&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=4&bdt=686&idt=86&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=xse1nx5sl3&p=https%3A//leviatanscans.com&dtd=290
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 889
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Tue, 17 May 2022 18:09:34 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 1FCA 2 KB
1 KB 103ms
33ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YoPoVgAOIb0A-QIGAAnyA8X8gMeh9Z9o0vePVg&u=%7C%2F8l6m5wX50v0H51n%2BfzCfnOO7mCEY6EdnyG08QyEDGY%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzm4RCiJiIGT5xwGwpq72AA9lgQMhjuegw_i1z1sivk7DguWQRdbyTCURx0b8AC2Dglbo7TpCaV1fMieuLSCkiWmzCqBGEl1ChYwmiDj-tjZ4Vo02QfdsJLz43PqGIuC6l9EuFfDtett0-bka6retvFsmVRSHNzHDORtkkeSKXrEpNU6IPXMIUndywFZS6R-TRO-haLcxCe4u_wBEWbW5H_UqOg1Kq0Mm8sZwoBUVNbdlUNq0UC7qgTwMaqqDh0sJj57HMMIbvXW7ZwwLptqGI6qi_KVOH_AA4SAw8a5QMu7vL17mhABZu2tOaOoJnjLRJL_iCtGngJMlV2EGi1Ioq4xC1cCu_Wavy1OHTieW9KdVhBXLoUmdIdCnrtCNfKIJLTobTfOFxzHm3bIIdzWd-KHbWeqFDCh6d-Ba1_0iESilt4kEFcL7SZn&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCyRGNVuiDYr3DOIaE5LcPg-Sn4Avkj9KxXK-w_YiIAcCNtwEQASAAYLsGggEXY2EtcHViLTQ4NzU5NzI0ODgwMTA4NTGgAb3UiOsDyAEJqQLOdrOe_ey0PqgDAaoEzQFP0E4jyd75Z7ygLi5Yxtnbcb76KRxikA7kZ6KVpRyVtm3nK9Y4MOEM80-cMng1X77GXaWhhF8pchjX5dqps7k18f-w4NNwiGLkvU0kQ7_EbjHGuevTF4BcNxhlSwCnXImMw1GozmBdnejF8ZHsNZJ1bjPnXhmvNeW4Oaxkm47FMuSRYvd_-rgZTVLtXXuy-wr9jpOtxrISotteHMc2bm_c0l7D3Ae0fzjnPYb8-GQt18yHdRFYEcCYI9QSmtyf6ezY-V1wHYVO_VW_NgGHgAaN3vehyZykwtcBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2zuEuqlIpPOKBPfvBNuRD1nyRHWw%26client%3Dca-pub-4875972488010851%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 May 2023 18:24:23 GMT

GET
H2 200 adchoices_en.svg
static.criteo.net/flash/icon/ Frame 1FCA 2 KB
1 KB 105ms
35ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_en.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-759"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 May 2023 18:24:23 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 1FCA 308 B
636 B 87ms
34ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Fri, 12 May 2023 18:24:23 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame 1FCA 507 B
835 B 86ms
33ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Fri, 12 May 2023 18:24:23 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame 1FCA 43 B
348 B 111ms
37ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=SEJ2qVk74c99q-aNgPsZfKmv-plY1jPKp6GMh1NZSDg2J-42ym394ldfKIVs9gh2iZSbhC15GPmbYgOEYL1g31EUeAfE_SUMGxr6hPLfGlfk2g6j79Om0Sft6WX9HkBOzhc5N7dhszupk2BDa41Euv--pGjSLVhVIPGTpQQ0s0H9B5MkmVSkVJFhkKMmhmtx7CAPUkTE87NEsHa27r9YhYb3hothANsYUMpRdZBOuf0wsplJP-A-kBZR0niSU1Fzr0O0oCGlEbU8ewvwEM_6oJsy6cASuwsADeMGNJ3Zi65jDfU_titPuKeWE5UYf7-vDWjldp_rTItjilLbXtEXFCuGg3wAWFHaEEXefmEb5dbgYACkNVhFCeRk8CuZqy5zJ1r3216TPAl_qNoxT-u-5Xe_qhK10wOCXF7Cyg7L-5QWT1ITkyCyD2V261_Mlf44WzCzgw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:23 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2936819
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 1FCA 12 KB
5 KB 94ms
35ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 419661
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ivVE0J8KuT96Qlky%2BNQ50hlWe%2FL27qqozYXTWVs%2FBVbMxmR7cx9dtrPzAyhN%2B%2BYf5CgMErcW820QT9RpzLGw7yhQaP5bmtGayHXx9gn4snlS7KZ%2FM%2FIi%2BQHHE1wpc2F5k1wkxzBGj2iOFR89JPiqOlXZ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 70ce63c40fae770d-LHR
expires: Sun, 07 May 2023 18:24:23 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 1FCA 12 KB
6 KB 111ms
64ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 May 2023 18:24:23 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 1FCA 7 KB
8 KB 212ms
75ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=556&m=0&partner=52446&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F52446%2F211222%2F06d68a9820b24a6ba5b658778b03a30d_otm-logo_navy_bg-%281%29_small.png&v=3&w=196&s=r7crt-SXFtYiZBTWV3sMlQIN

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

9d6b9a1828d4f385b96567b46c734f0ee46f425c74db5c0e3a2b72ca8b2818eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29487442
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 7554
expires: Mon, 24 Apr 2023 01:21:45 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 1FCA 29 KB
29 KB 202ms
66ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=52446&q=80&r=2&u=https%3A%2F%2Fmedia.onthemarket.com%2Fproperties%2F11400270%2F1397933668%2Fimage-0-1024x1024.jpg&v=3&w=800&s=xmFbGi2TtVNrzkMgXhEftUzi&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

44d08ed32b9bc1bc925af6154a2316e8bb71c4bf29dd86c80ef705265fc2d319

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:22 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=845850
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 29196
expires: Fri, 27 May 2022 13:21:54 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 1FCA 0
128 B 113ms
37ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=A3mqdorzBHNPc2VYVvX5GrRmtm4CY0E0kZZqiReTMy7-TyKDdk80ehh8wu3TmsdLCQkJFegdKAXx7oqECF-PY5SwgAg3GLbcXidxZFbUs8z8cw5_Mp-UXIXgHKQwgkfNRQLeB2hnid8-HWUP4ptPn7UQZb6Re5vOFbpjoS5ARErhAOzmJhNgvkv4mG4U_1d7vqo7ZUakPGgJ4hKbcr5cmqzCwr21B73Kwlj5NUB_H3wP_sbqtRaJng4oGcuZBg_V8TA8vVK7ySuLmsO2&sds=2&rev=81468.6&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 17 May 2022 18:24:23 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 1FCA 2 KB
1 KB 51ms
50ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 May 2023 18:24:23 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 1FCA 2 KB
1 KB 51ms
51ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 May 2023 18:24:23 GMT

GET
H/1.1 200
OK dwce_cheq_events Show response
log.outbrainimg.com/loggerServices/ Frame 6423 4 B
325 B 410ms
96ms XHR
application/json 64.202.112.159
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://log.outbrainimg.com/loggerServices/dwce_cheq_events?timestamp=1652811863688&sessionId=037de948-eae2-4dc8-1c4f-46d330da9fdb&url=leviatanscans.com&cheqSource=1&cheqEvent=3&responseTime=292
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.159 Harrodsburg, United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 17 May 2022 18:24:24 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: d5b7d36242a3e06e0f8607d9158136e0
Content-Length: 4
Expires: 0

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205120101/ 146 KB
52 KB 78ms
77ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205120101/reactive_library_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

89c3ad3e8c3cd362f2a6a3ca4c5d33a0ef106ce34b2afc561340178e57b54e59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52982
x-xss-protection: 0
server: cafe
etag: 2180903505036129449
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 17 May 2022 18:24:23 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame ABEE
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

134ms
133ms

Document
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=250&slotname=9245119454&adk=829915779&adf=2503946917&pi=t.ma~as.9245119454&w=330&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=330x250&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=2&bdt=685&idt=118&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=555&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=HJ5vnt9rsO&p=https%3A//leviatanscans.com&dtd=333

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 17 May 2022 18:24:24 GMT
expires: Tue, 17 May 2022 18:24:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 17 May 2022 18:24:23 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 platforms Show response
odb.outbrain.com/utils/ Frame 6423 21 KB
7 KB 339ms
231ms Script
text/javascript 151.101.114.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://odb.outbrain.com/utils/platforms?contentUrl=https%3A%2F%2Fleviatanscans.com%2Fayg&idx=0&rand=29176&key=PLPAP249KACAJE3MQD1DIC47G&widgetJSId=AR_10&va=true&et=true&format=html&pdobuid=-1&adblck=true&abwl=false&px=0&py=0&vpd=0&activeTab=true&darkMode=false&settings=true&recs=true&version=2000729&sig=Wicavu0y&apv=false&osLang=en-US&winW=0&winH=0&scrW=1600&scrH=1200&dpr=1&secured=true&cmpStat=0&ccpaStat=0&iframe=true&ogn=https%3A%2F%2Fleviatanscans.com%2Fayg
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.132 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 11acba82dfb17482338d62ae1b2b917b9a051d5ab8973cdae4ddb4c21ed2e35a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
via: 1.1 varnish, 1.1 varnish
traffic-path: CHIDC2, CHI, HHN, Europe2
x-timer: S1652811864.855357,VS0,VE191
accept-ranges: bytes
x-served-by: cache-chi-kigq8000138-CHI, cache-hhn4077-HHN
vary: Accept-Encoding, User-Agent
x-cache: MISS, MISS
content-type: text/javascript; charset=UTF-8
x-cache-hits: 0, 0
x-traceid: 14d5ac94168a443fb0d4c5696f6d3a0f
content-encoding: gzip
content-length: 6584
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D6EA
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

132ms
131ms

Document
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3406818463&adk=3473407943&adf=1447115540&pi=t.ma~as.3406818463&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=13&bdt=685&idt=113&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2053&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=oEd2rjo5GF&p=https%3A//leviatanscans.com&dtd=329

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 17 May 2022 18:24:24 GMT
expires: Tue, 17 May 2022 18:24:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 17 May 2022 18:24:23 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D27A
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

93ms
89ms

Document
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=2934450161&adf=1996529579&pi=t.ma~as.8517528668&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=4&bdt=686&idt=86&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=xse1nx5sl3&p=https%3A//leviatanscans.com&dtd=290

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 17 May 2022 18:24:23 GMT
expires: Tue, 17 May 2022 18:24:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 17 May 2022 18:24:23 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame C930 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3d7f3eac6782e7549d2341f3b0464d664aacd6aa769c828ef59b038831ac18a2

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 8182 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 498be1c90d7a52c2acd8476b19d685749221a5fcdcb0a6f715c12683e9fc70b4

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 5DE6 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ad7e083534334c971dc195c8d625f4d9758c0b09849ff5a47b1bee85f8ef4b55

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame 1FCA 1003 B
420 B 128ms
48ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins:400&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f93eabed9db1894c7c76ceaaa899450f82a3f9e4a003b1753985ad35b2e86ce0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 17 May 2022 18:08:14 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 17 May 2022 18:24:23 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 17 May 2022 18:24:23 GMT

GET
H3 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
122 B 141ms
48ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=leviatanscans.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 128ms
48ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220509/r20110914/ Frame 93D5 10 KB
4 KB 38ms
38ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220509/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

42b853168bb627593eb95b83db66183f7b3bd442db24c37398f1958d1451acd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 65726
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4421
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 17 May 2022 00:08:57 GMT
etag: 1428802124239944296
expires: Tue, 31 May 2022 00:08:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/ Frame 93D5 19 KB
8 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220509/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a17fb8522bf74cf6b5cb185b7f6c7523977c79fe051071bc0e38aa1f59b8174d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:21:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 156
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7989
x-xss-protection: 0
server: cafe
etag: 11406487492938680093
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 May 2022 18:21:47 GMT

GET
H3 200 7731441082697920729
tpc.googlesyndication.com/simgad/ Frame 93D5 11 KB
11 KB 43ms
43ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7731441082697920729?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qnN1wLvr6AYz2ugvYgWKKN44tkskg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220509/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d845a019e916b6833d8a0b87c90140b9a5ab1e32ad4637df1bd63410b052bb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 07:16:07 GMT
x-content-type-options: nosniff
age: 40096
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11331
x-xss-protection: 0
last-modified: Tue, 21 Dec 2021 09:09:25 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 17 May 2023 07:16:07 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame 93D5 3 KB
1 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220509/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:22:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 96
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 May 2022 18:22:47 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 93D5 121 KB
37 KB 51ms
51ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220509/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f53136d93b874d5ba193020ce13caae15abba12c500047c98985c3334a5c8c42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37626
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652269989122821"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 17 May 2022 18:24:23 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame 93D5 15 KB
6 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220509/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

965195159be784009cc31e4aff2505c066643cf8cdc99df7f56c2eab2abeda82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:22:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6412
x-xss-protection: 0
server: cafe
etag: 1643562372680595834
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 May 2022 18:22:35 GMT

GET
H3 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame 93D5 30 KB
12 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220509/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3d7c7efab021e9e62bc332cdffc52226ac5bb888cfa76bfde4a3a183159b4bce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 16 May 2022 22:19:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72320
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12360
x-xss-protection: 0
server: cafe
etag: 2640822135664651074
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 30 May 2022 22:19:03 GMT

GET
H3 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ Frame 1FCA 8 KB
8 KB 42ms
39ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 19:24:53 GMT
x-content-type-options: nosniff
age: 514770
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 May 2023 19:24:53 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame EA15 143 B
163 B 38ms
38ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220509/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20220509/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 889
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Tue, 17 May 2022 18:09:34 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bannerad. Show response
fundingchoicesmessages.google.com/f/AGSKWxW2Lw-JlTEnu409Vu3Fq9PU-FqPkpu3X0eg_VEGUP7AOQL_lTaAZhvuhXNdp33Us-tWhVQ2kU-Yl015Rn4DXUVNsRigv9SBkb9wJZoYTmPGCfLFiMdpk7OwZkkRs2Ffuwpq99F3-oNUDUhjC6CW5o2zSSZSf... 54 B
109 B 61ms
61ms Script
application/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxW2Lw-JlTEnu409Vu3Fq9PU-FqPkpu3X0eg_VEGUP7AOQL_lTaAZhvuhXNdp33Us-tWhVQ2kU-Yl015Rn4DXUVNsRigv9SBkb9wJZoYTmPGCfLFiMdpk7OwZkkRs2Ffuwpq99F3-oNUDUhjC6CW5o2zSSZSfTCBIgbprEY0bqjqyLVG1MT-gJd4y4Mm8dyTSawrHkwJBP8-Bt3Yb8whTXjIQ055_FkZ9q4nE-Kp0wfd2Lk=/_/adv-definitions-=160x160;-300x600./728_200./bannerad.

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingDetectionClientJs.en_GB.OjQySlDOE6k.es5.O/d=1/rs=AJlcJMz11GDucmse2R7ehLvBxS_qthHAAg/m=detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0127eb06cdd473968db95b646b1f5f9a308df73a7b14932009b3d966801bff2c

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-txfYtxE3yfv0W6u4x7W4Ew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-txfYtxE3yfv0W6u4x7W4Ew' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorGlobalRouterHttp"
x-frame-options: SAMEORIGIN
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
report-to: {"group":"ContributorGlobalRouterHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorGlobalRouterHttp/external"}]}
content-type: application/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-txfYtxE3yfv0W6u4x7W4Ew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-txfYtxE3yfv0W6u4x7W4Ew' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 show_companion_ad.js Show response
pagead2.googlesyndication.com/pagead/ 21 KB
8 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_companion_ad.js?fcd=true

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

722b4b41d53c9ff767cd1d9b33ced439c2aedf3c6eb8df5a7e2ae1a29c968142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 17:51:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1992
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8257
x-xss-protection: 0
server: cafe
etag: 1533819214970646884
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Tue, 17 May 2022 18:51:11 GMT

POST
H3 204 AGSKWxV0J-u28PWXRh8wG8rj_wfZKdPGP8E-oantxHMd1TXF1dvC88hVlYkmvL2TZ3frmlh2c2r7n4WYeZEJFrVD1TIRaGnu2N-pCRQIklVCl94vRKsVEJszMfZKZP3XK5owdw4TNoWhWFwoi8lJqh4F6EyRJIWz0KqzK90814o4H81jTq5nghX4s800NXSn Show response
fundingchoicesmessages.google.com/el/ 0
28 B 53ms
52ms XHR
text/html 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxV0J-u28PWXRh8wG8rj_wfZKdPGP8E-oantxHMd1TXF1dvC88hVlYkmvL2TZ3frmlh2c2r7n4WYeZEJFrVD1TIRaGnu2N-pCRQIklVCl94vRKsVEJszMfZKZP3XK5owdw4TNoWhWFwoi8lJqh4F6EyRJIWz0KqzK90814o4H81jTq5nghX4s800NXSn

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-mSeKlnAJ8yi5WpVxKT_5BQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-mSeKlnAJ8yi5WpVxKT_5BQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://leviatanscans.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-mSeKlnAJ8yi5WpVxKT_5BQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-mSeKlnAJ8yi5WpVxKT_5BQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame EA15
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

131ms
131ms

Document
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220509/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 17 May 2022 18:24:24 GMT
expires: Tue, 17 May 2022 18:24:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 17 May 2022 18:24:24 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 g51hIJTSSbKmE1DfHFqbr9lDc41juRM9f8n7HMlSD3A.js Show response
pagead2.googlesyndication.com/bg/ Frame 3053 35 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/g51hIJTSSbKmE1DfHFqbr9lDc41juRM9f8n7HMlSD3A.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220509/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

839d612094d249b2a61350df1c5a9bafd943738d63b9133d7fc9fb1cc9520f70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 15:32:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10329
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13648
x-xss-protection: 0
last-modified: Mon, 09 May 2022 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 17 May 2023 15:32:14 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame EE98 15 KB
6 KB 186ms
55ms Document
text/html 104.102.28.254
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=160993&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1652811863869-963056969725-006807-009-008792%26biddername%3D1%26key%3D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.102.28.254 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-28-254.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=148593
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Tue, 17 May 2022 18:24:24 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Thu, 19 May 2022 11:40:57 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H2

200

cookiesyncendpoint Show response
sync.aniview.com/ Frame 04B2
Redirect Chain

https://sync.technoratimedia.com/services?srv=cs&pid=70&uid=1652811863869-963056969725-006807-009-008792&cb=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1652811863869-963056969725-0...
https://sync.aniview.com/cookiesyncendpoint?auid=1652811863869-963056969725-006807-009-008792&biddername=3&key=GDPR

0
193 B

143ms
99ms

Document
text/plain

35.172.49.77
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aniview.com/cookiesyncendpoint?auid=1652811863869-963056969725-006807-009-008792&biddername=3&key=GDPR
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.172.49.77 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-172-49-77.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

content-length: 0
date: Tue, 17 May 2022 18:24:24 GMT

Redirect headers

access-control-allow-credentials: true
access-control-allow-methods: POST,GET,HEAD,OPTIONS
access-control-allow-origin: https://leviatanscans.com/
age: 0
content-length: 0
date: Tue, 17 May 2022 18:24:24 GMT
location: https://sync.aniview.com/cookiesyncendpoint?auid=1652811863869-963056969725-006807-009-008792&biddername=3&key=GDPR
server: nginx
via: 1.1 varnish
x-varnish: 503675531

GET
H2 204 occ
ups.analytics.yahoo.com/ups/58543/ Frame 0CF4 0
0 225ms
45ms Document
text/plain 18.156.0.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ups.analytics.yahoo.com/ups/58543/occ?gdpr=1&gdpr_consent=

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.46 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 0
date: Tue, 17 May 2022 18:24:24 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server: ATS/9.1.0.46
strict-transport-security: max-age=31536000

GET
H2

200

cookiesyncendpoint Show response
sync.aniview.com/ Frame C9EB
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=aniview&redir=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1652811863869-963056969725-006807-009-008792%26biddername%3D200%26key%3D%5BRX_UUI...
https://sync.1rx.io/usersync2/rmpssp?sub=aniview&zcc=1&redir=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1652811863869-963056969725-006807-009-008792%26biddername%3D200%26key%3D%5B...
https://sync.aniview.com/cookiesyncendpoint?auid=1652811863869-963056969725-006807-009-008792&biddername=200&key=OPTOUT

0
200 B

316ms
99ms

Document
text/plain

35.172.49.77
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aniview.com/cookiesyncendpoint?auid=1652811863869-963056969725-006807-009-008792&biddername=200&key=OPTOUT
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.172.49.77 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-172-49-77.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

content-length: 0
date: Tue, 17 May 2022 18:24:24 GMT

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-type: text/html
date: Tue, 17 May 2022 18:24:24 GMT
etag: OPTOUT
expires: 0
location: https://sync.aniview.com/cookiesyncendpoint?auid=1652811863869-963056969725-006807-009-008792&biddername=200&key=OPTOUT
pragma: no-cache
server: Tengine

GET
H2 200 avpb6.15.0.js Show response
player.aniview.com/script/6.1/ Frame AE9F 344 KB
103 KB 43ms
43ms Script
application/javascript 2a02:26f0:3500:58c::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/avpb6.15.0.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:58c::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 0ad56b3e77d900587118de3adf7fcbad554c50919dad256b449f05df778dc5b1

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdvHZrtncLfJouxVZ50hHYkVVaGOp3r4B1E8ZQjEMhpbv6lxWqbHqUg9GCp0G9AbSr6GNUT_2MpzorU9pTviYRyJ3t4PHiu1
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 104578
last-modified: Tue, 17 May 2022 10:52:04 GMT
server: UploadServer
etag: "08de561827cc7b1765639a4f158d5aba"
vary: Accept-Encoding
x-goog-hash: crc32c=+WfnMA==, md5=CN5WGCfMexdlY5pPFY1aug==
x-goog-generation: 1652784723978840
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 104578
accept-ranges: bytes
content-type: application/javascript
expires: Tue, 17 May 2022 18:29:23 GMT

GET
H2 200 avpb6.15.0a3.js Show response
player.aniview.com/script/6.1/ Frame AE9F 62 KB
19 KB 74ms
74ms Script
application/javascript 2a02:26f0:3500:58c::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/avpb6.15.0a3.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:58c::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 3880842442b1facf6f4bd2601dcc31216ee2c3c0f4b2c01cb6fb4c6bb05221f6

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycduenMWLvLEk7EEUTp3dv6IcnNClpeWyosbh1EDR-WayC1Zslobls6HScmN36FjrSpbZ77wnl6GueW5vIX2-VdUOLA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 18706
last-modified: Tue, 17 May 2022 10:52:04 GMT
server: UploadServer
etag: "7cfd529086ffb68ba45ddcf7d8b8097a"
vary: Accept-Encoding
x-goog-hash: crc32c=9cQdsg==, md5=fP1SkIb/toukXdz32LgJeg==
x-goog-generation: 1652784723974182
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 18706
accept-ranges: bytes
content-type: application/javascript
expires: Tue, 17 May 2022 18:29:23 GMT

GET
H2 200 adv Show response
grid.bidswitch.net/ 521 B
705 B 487ms
147ms Fetch
text/xml 18.198.218.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://grid.bidswitch.net/adv?auid=349576&u=https%3A%2F%2Fleviatanscans.com%2Fayg&r=1652811863&gdpr=1&gdpr_consent=&bf=0.9&cbb=2811863956
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.218.238 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-218-238.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 8f5f2153ad5cb09d36ecbcbfd7b568be6ab58dddcc7434e68a2be3e002b0de47

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-origin: https://leviatanscans.com
date: Tue, 17 May 2022 18:24:24 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 521
content-type: text/xml; charset=UTF-8;

GET
H2 200 adv Show response
grid.bidswitch.net/ 521 B
704 B 544ms
204ms Fetch
text/xml 18.198.218.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://grid.bidswitch.net/adv?auid=349576&u=https%3A%2F%2Fleviatanscans.com%2Fayg&r=1652811863&gdpr=1&gdpr_consent=&bf=0.9&cbb=2811863957
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.218.238 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-218-238.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 3f0f75e4fbf033e656ee456d241053b59f6b2a7a8b8f01f632047a92cecb3bc9

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-origin: https://leviatanscans.com
date: Tue, 17 May 2022 18:24:24 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 521
content-type: text/xml; charset=UTF-8;

GET
H2 200 adServe.do Show response
web.ssp.yahoo.com/admax/ 240 B
543 B 222ms
87ms Fetch
text/xml 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://web.ssp.yahoo.com/admax/adServe.do?dcn=8a969d1e018080181a0418856e520015&pos=8a969d1e018080181a041886254f0017&secure=1&euconsent=&gdpr=1&us_privacy=1---&d(id24)=&ht=181&wd=320&reserve=2&req(url)=leviatanscans.com&cbb=2811863957
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.46 /
Resource Hash: 1dbfeb07cd50a1857b9576b5415f8a4c6ef010279666f39448fa0aa125d433b7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:24 GMT
server: ATS/9.1.0.46
age: 0
access-control-allow-methods: GET,POST
content-type: text/xml;charset=utf-8
access-control-allow-origin: https://leviatanscans.com
access-control-expose-headers: X-Nexage-AdTid
cache-control: no-store, no-cache, must-revalidate, max-age=0, no-transform, post-check=0, pre-check=0
access-control-allow-credentials: true
content-length: 240
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 track
track1.aniview.com/ 0
70 B 102ms
102ms Image
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181&nid=61bb50b4ad11e83d79154566&ncid=623bc9622f94191f44179174&e=request&cb=1652811863958&asid=62457fc863ca6c69597261c5%2C62457fcf7f49601ccc6a7705%2C62457fcb7dfbbf02e518b9c4%2C623bbc253e12796d047e0d27%2C623bbc276cdc074d293b9edf%2C623ca8717a71506f771fd32e%2C623bb8fc0aa6d158fd63a998%2C623bbc29cdecc256fd1d3554&ofpr=%2C%2C%2C%2C%2C%2C%2C&fpo=%2C%2C%2C%2C%2C%2C%2C
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 track
track1.aniview.com/ 0
70 B 103ms
102ms Image
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181&&copid=61bb50b4ad11e83d79154566&nid=59c9148628a0612da3689288&cocid=623bc9622f94191f44179174&ncid=6214bbfb8bd713665a5ac236&coasid=6214bc6bc50a3f486c1eac66&e=request&cb=1652811863958&asid=6244269544091e0175019a48%2C620fa299d744e674bc7ffc75%2C624d91d8613eb977d53858df%2C624ee68ffa277b62f84bced4%2C6279004289d1f17ed70bc627%2C62541a3642d163448b6f4e65&ofpr=%2C1%2C%2C%2C0.9%2C&fpo=%2C%2C%2C%2C%2C
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

POST
H3 204 AGSKWxV0J-u28PWXRh8wG8rj_wfZKdPGP8E-oantxHMd1TXF1dvC88hVlYkmvL2TZ3frmlh2c2r7n4WYeZEJFrVD1TIRaGnu2N-pCRQIklVCl94vRKsVEJszMfZKZP3XK5owdw4TNoWhWFwoi8lJqh4F6EyRJIWz0KqzK90814o4H81jTq5nghX4s800NXSn Show response
fundingchoicesmessages.google.com/el/ 0
29 B 54ms
54ms XHR
text/html 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7ziwK4jGqFyVorZAAAUwnw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-7ziwK4jGqFyVorZAAAUwnw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
access-control-allow-origin: https://leviatanscans.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorLoggingHttp"
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
report-to: {"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-7ziwK4jGqFyVorZAAAUwnw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-7ziwK4jGqFyVorZAAAUwnw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxV0J-u28PWXRh8wG8rj_wfZKdPGP8E-oantxHMd1TXF1dvC88hVlYkmvL2TZ3frmlh2c2r7n4WYeZEJFrVD1TIRaGnu2N-pCRQIklVCl94vRKsVEJszMfZKZP3XK5owdw4TNoWhWFwoi8lJqh4F6EyRJIWz0KqzK90814o4H81jTq5nghX4s800NXSn Show response
fundingchoicesmessages.google.com/el/ 0
28 B 52ms
51ms XHR
text/html 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-xcA5tsZJcONBd-dfIj_OYg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-xcA5tsZJcONBd-dfIj_OYg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://leviatanscans.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-xcA5tsZJcONBd-dfIj_OYg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-xcA5tsZJcONBd-dfIj_OYg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxXMt9vnfl8JS-MYDTUfKrMdM-Dsym57vVjVlkMXxYtxH7s1bWvybVo_cLBqhkqcq_t4O-iIWG7ZFxw4uJB3OEppfkiHrY2eQN5fkXAbuZVs8Y75CiplTZvDAx2sDhGSTd7BzYLzv5O3D6ye84s3qjQd-FhyKkhMxLxb4iK1pjOR0hzrwf5YAn_U7k-Z Show response
fundingchoicesmessages.google.com/f/ 41 KB
15 KB 75ms
74ms Script
application/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXMt9vnfl8JS-MYDTUfKrMdM-Dsym57vVjVlkMXxYtxH7s1bWvybVo_cLBqhkqcq_t4O-iIWG7ZFxw4uJB3OEppfkiHrY2eQN5fkXAbuZVs8Y75CiplTZvDAx2sDhGSTd7BzYLzv5O3D6ye84s3qjQd-FhyKkhMxLxb4iK1pjOR0hzrwf5YAn_U7k-Z?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjUyODExODYzLDk4MzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsMTAsNl0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLDEsMSxudWxsLG51bGwsMV0sImh0dHBzOi8vbGV2aWF0YW5zY2Fucy5jb20vYXlnIixudWxsLFtdXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6a4392634f493b4f5e97c3c3d167b1c3dc8421cdd6066d219c62cbbcf02320fc

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-vP6jhKLlmcJnQAEuwlOWqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-vP6jhKLlmcJnQAEuwlOWqA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorGlobalRouterHttp"
x-frame-options: SAMEORIGIN
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
report-to: {"group":"ContributorGlobalRouterHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorGlobalRouterHttp/external"}]}
content-type: application/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-vP6jhKLlmcJnQAEuwlOWqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-vP6jhKLlmcJnQAEuwlOWqA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxV0J-u28PWXRh8wG8rj_wfZKdPGP8E-oantxHMd1TXF1dvC88hVlYkmvL2TZ3frmlh2c2r7n4WYeZEJFrVD1TIRaGnu2N-pCRQIklVCl94vRKsVEJszMfZKZP3XK5owdw4TNoWhWFwoi8lJqh4F6EyRJIWz0KqzK90814o4H81jTq5nghX4s800NXSn Show response
fundingchoicesmessages.google.com/el/ 0
28 B 54ms
53ms XHR
text/html 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-KmuuxRmetVjO_KQl4qsGhg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-KmuuxRmetVjO_KQl4qsGhg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://leviatanscans.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-KmuuxRmetVjO_KQl4qsGhg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-KmuuxRmetVjO_KQl4qsGhg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 g51hIJTSSbKmE1DfHFqbr9lDc41juRM9f8n7HMlSD3A.js Show response
pagead2.googlesyndication.com/bg/ Frame 8D30 35 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/g51hIJTSSbKmE1DfHFqbr9lDc41juRM9f8n7HMlSD3A.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=8517528668&adk=2934450161&adf=1996529579&pi=t.ma~as.8517528668&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=4&bdt=686&idt=86&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=xse1nx5sl3&p=https%3A//leviatanscans.com&dtd=290

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

839d612094d249b2a61350df1c5a9bafd943738d63b9133d7fc9fb1cc9520f70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 15:32:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10330
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13648
x-xss-protection: 0
last-modified: Mon, 09 May 2022 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 17 May 2023 15:32:14 GMT

GET
H2 200 integrator.js Show response
adservice.google.fr/adsid/ 107 B
792 B 135ms
48ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 May 2022 18:24:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 50ms
48ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 May 2022 18:24:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 87 KB
21 KB 531ms
530ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3889823887939924&correlator=1483702708457627&eid=31067384%2C31067485%2C31067168%2C31065401%2C44752585%2C31061690%2C31062931%2C44755509&output=ldjh&gdfp_req=1&vrg=2022051201&ptt=17&impl=fifs&us_privacy=1---&iu_parts=21797538459%2CPapayAds_LeviatanScans_TOP_Banner%2CPapayAds_LeviatanScans_BOTTOM_Banner%2CPapayAds_LeviatanScans_Sticky_Footer&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=320x50%7C1024x768%7C768x1024%7C970x250%7C970x90%7C728x90%7C480x320%7C300x600%7C320x480%7C300x250%7C336x280%7C320x100%7C320x50%2C320x50%7C1024x768%7C768x1024%7C970x250%7C970x90%7C728x90%7C480x320%7C300x600%7C320x480%7C300x250%7C336x280%7C320x100%7C320x50%2C970x90%7C728x90%7C320x100&fluid=height%2Cheight%2C0&ifi=9&adks=53301667%2C3069339535%2C2691573345&sfv=1-0-38&ecs=20220517&fsapi=false&prev_scp=test%3Drefresh%26hb_rfBid%3D0%26excl_cat%3DPREPOST%7Ctest%3Drefresh%26hb_rfBid%3D0%26excl_cat%3DPREPOST%7Ctest%3Drefresh%26hb_rfBid%3D0%26excl_cat%3DPREPOST&eri=1&sc=1&cookie=ID%3D25f3f37077aa7fc6-22ddaa1697cd00ce%3AT%3D1652811862%3AS%3DALNI_MbGjMAXxaLBCD4AFxlCImATFm-pZw&abxe=1&dt=1652811864054&lmt=1652811865&dlt=1652811861767&idt=813&biw=1600&bih=1200&adxs=245%2C245%2C315&adys=592%2C2333%2C1110&ucis=2%7C3%7C4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fleviatanscans.com%2Fayg&frm=20&vis=1&scr_x=0&scr_y=0&psz=730x0%7C730x0%7C970x-1&msz=730x0%7C730x0%7C970x-1&fws=4%2C4%2C516&ohw=1600%2C1600%2C1600&psts=AGkb-H9CV2Xf8YgKcsmb7LDUAnH3z6VkPuUaxYKD8pVfpqJW3qNRbzO1oPIc6ca_zLBPJ4QAtv--i5rp1AL0Ron6szfD4tOerCQi_wc&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=true&ga_cid=1837759030.1652811862&btvi=0%7C1%7C0&topics=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

454b0afdf103919d6977c3af4e3b7acfab697a78f59e39bc7c13fc1e90b8bcdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21610
x-xss-protection: 0
google-lineitem-id: -1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://leviatanscans.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 PBJS
c2shb.pubgw.yahoo.com/admax/bid/partners/ Frame 0
0 159ms
52ms Preflight 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/admax/bid/partners/PBJS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.46 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://leviatanscans.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://leviatanscans.com
access-control-max-age: 600
age: 0
content-length: 0
date: Tue, 17 May 2022 18:24:24 GMT
server: ATS/9.1.0.46

POST
H2 204 PBJS Show response
c2shb.pubgw.yahoo.com/admax/bid/partners/ 0
110 B 90ms
86ms XHR
text/plain 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/admax/bid/partners/PBJS
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.46 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
x-openrtb-version: 2.5
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://leviatanscans.com
date: Tue, 17 May 2022 18:24:24 GMT
access-control-allow-credentials: true
server: ATS/9.1.0.46
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
205 B 116ms
116ms XHR
text/plain 145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://leviatanscans.com
date: Tue, 17 May 2022 18:24:23 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 14
vary: origin, Accept-Encoding

POST
H3 204 AGSKWxV-lVvvY3MTvgF4X4aLAcg08g0qQK4ymvq-FuFpumhDXxLOQIBacJTTl8sq4KfcNnJ0c9RljBw7K1e5mJTSE50IlBjJLrZaCssmw-cN7j8cbL_iPC1ezGiRK3pro_WUG60kDkgQ2QhPTe8qTMZL_fwZ8owFXx6NC6iTBZWYHLmRgIQAwO16wan21-I9 Show response
fundingchoicesmessages.google.com/el/ 0
28 B 51ms
50ms XHR
text/html 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxV-lVvvY3MTvgF4X4aLAcg08g0qQK4ymvq-FuFpumhDXxLOQIBacJTTl8sq4KfcNnJ0c9RljBw7K1e5mJTSE50IlBjJLrZaCssmw-cN7j8cbL_iPC1ezGiRK3pro_WUG60kDkgQ2QhPTe8qTMZL_fwZ8owFXx6NC6iTBZWYHLmRgIQAwO16wan21-I9

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingCookieRefreshClientJs.en_GB.tYCAw7LvZ4g.es5.O/d=1/rs=AJlcJMyjn0Raou5KXflBdfQm3CWbz5WyhQ/m=cookie_refresh

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-qQpU90VKa8XMd-MQhk4zyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-qQpU90VKa8XMd-MQhk4zyQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://leviatanscans.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-qQpU90VKa8XMd-MQhk4zyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-qQpU90VKa8XMd-MQhk4zyQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK l Show response
mcdp-chidc2.outbrain.com/ Frame 6423 2 B
292 B 488ms
112ms Fetch
text/plain 64.74.236.255
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://mcdp-chidc2.outbrain.com/l?token=524c48fd1b59ae0160b94a2524b0fefa_178469_1652811863977&tm=726&eT=0&widgetWidth=0&widgetHeight=0&widgetX=0&widgetY=0&wRV=2000729&pVis=0&lsd=-1&eIdx=&cnsnt=no_consent&cheq=0&rtt=394&oo=true&ab=1&wl=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.74.236.255 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: chi.outbrain.com
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-origin: *
Date: Tue, 17 May 2022 18:24:24 GMT
content-encoding: gzip
X-TraceId: e2920217ad9147ab9c311767063730a7
Content-Type: text/plain; charset=UTF-8
Content-Length: 28
access-control-expose-headers: content-range

GET
H2 200 ob_logo.svg
widgets.outbrain.com/images/widgetIcons/ Frame 6423 12 KB
12 KB 44ms
44ms Image
image/svg+xml 23.35.237.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.outbrain.com/images/widgetIcons/ob_logo.svg
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.237.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-86.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 02b5318a75e50e48ccddd6eac9eef067a275adc244f3c3f6186ed6b382d3f971

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Sun, 01 May 2022 07:29:08 GMT
server: AkamaiNetStorage
etag: "65df986ae65cffdf92a926e7c42a25a8:1651391311.776385"
access-control-allow-methods: GET,POST
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 12268
expires: Thu, 16 Jun 2022 18:24:24 GMT

GET
H3 200 g51hIJTSSbKmE1DfHFqbr9lDc41juRM9f8n7HMlSD3A.js Show response
pagead2.googlesyndication.com/bg/ Frame DA6A 35 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/g51hIJTSSbKmE1DfHFqbr9lDc41juRM9f8n7HMlSD3A.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=280&slotname=3406818463&adk=3473407943&adf=1447115540&pi=t.ma~as.3406818463&w=730&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=13&bdt=685&idt=113&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2053&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=oEd2rjo5GF&p=https%3A//leviatanscans.com&dtd=329

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

839d612094d249b2a61350df1c5a9bafd943738d63b9133d7fc9fb1cc9520f70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 15:32:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10330
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13648
x-xss-protection: 0
last-modified: Mon, 09 May 2022 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 17 May 2023 15:32:14 GMT

GET
H3 200 g51hIJTSSbKmE1DfHFqbr9lDc41juRM9f8n7HMlSD3A.js Show response
pagead2.googlesyndication.com/bg/ Frame 0381 35 KB
13 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/g51hIJTSSbKmE1DfHFqbr9lDc41juRM9f8n7HMlSD3A.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-4875972488010851&output=html&h=250&slotname=9245119454&adk=829915779&adf=2503946917&pi=t.ma~as.9245119454&w=330&fwrn=4&fwrnh=100&lmt=1652811865&rafmt=1&psa=0&format=330x250&url=https%3A%2F%2Fleviatanscans.com%2Fayg&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652811862452&bpp=2&bdt=685&idt=118&shv=r20220509&mjsv=m202205120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C730x280&prev_slotnames=www.leviatanscans.com&nras=1&correlator=4407568677578&frm=20&pv=1&ga_vid=547592442.1652811862&ga_sid=1652811862&ga_hid=1057778784&ga_fc=1&ga_cid=1837759030.1652811862&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=555&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31061690%2C31062931&oid=2&pvsid=3889823887939924&pem=581&tmod=1198795238&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CopeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=HJ5vnt9rsO&p=https%3A//leviatanscans.com&dtd=333

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

839d612094d249b2a61350df1c5a9bafd943738d63b9133d7fc9fb1cc9520f70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 15:32:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10330
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13648
x-xss-protection: 0
last-modified: Mon, 09 May 2022 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 17 May 2023 15:32:14 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame EE98 0
42 B 805ms
161ms Script
text/plain 192.82.242.209
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=50231781&p=160993&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=160993&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1652811863869-963056969725-006807-009-008792%26biddername%3D1%26key%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.82.242.209 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
content-length: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 148ms
69ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220509&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

821696d4189194f931737c0b3c3c9036343730cb24a59ed8a15fea3b83070bf2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 May 2022 18:24:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10652
x-xss-protection: 0

GET
H2 200 track
track1.aniview.com/ 0
70 B 101ms
100ms Image
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181&nid=61bb50b4ad11e83d79154566&ncid=623bc9622f94191f44179174&e=bid&cb=1652811864516&asid=62457fc863ca6c69597261c5%2C62457fcf7f49601ccc6a7705%2C62457fcb7dfbbf02e518b9c4%2C623bbc253e12796d047e0d27%2C623bbc276cdc074d293b9edf%2C623ca8717a71506f771fd32e%2C623bb8fc0aa6d158fd63a998%2C623bbc29cdecc256fd1d3554&ofpr=%2C%2C%2C%2C%2C%2C%2C&fpo=%2C%2C%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 track
track1.aniview.com/ 0
70 B 100ms
100ms Image
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181&&copid=61bb50b4ad11e83d79154566&nid=59c9148628a0612da3689288&cocid=623bc9622f94191f44179174&ncid=6214bbfb8bd713665a5ac236&coasid=6214bc6bc50a3f486c1eac66&e=bid&cb=1652811864516&asid=6244269544091e0175019a48&ofpr=&fpo=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame AE9F 377 KB
127 KB 147ms
48ms Script
text/javascript 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c92ee2460b4063f46ccd0ad0e0a68d212c6b756c4a0ef3a7fdf0afe0989781b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128852
x-xss-protection: 0
expires: Tue, 17 May 2022 18:24:24 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 61ms
61ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 17 May 2022 18:24:24 GMT

GET
H3 200 container.html Show response
cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 56A1 6 KB
3 KB 125ms
45ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 17 May 2022 18:24:22 GMT
expires: Wed, 17 May 2023 18:24:22 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E8C2 6 KB
3 KB 115ms
40ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 17 May 2022 18:24:22 GMT
expires: Wed, 17 May 2023 18:24:22 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 714D 6 KB
3 KB 116ms
43ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 17 May 2022 18:24:22 GMT
expires: Wed, 17 May 2023 18:24:22 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5DE6 42 B
64 B 74ms
74ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssIYHjDsYJODGckQ5pEE09cZF9Ot_cRhaLgpCE6RieMaNDLcohU_t6AwQLQKG7sJ8W7g_yTSut6YbJ58C6mN73cjpsQDQwnG2kohf_QJjqJqN6zjb-w0osijP7J&sai=AMfl-YTu9eyHmgVxBcfueb9OfeR73pnzovHYuMUCrZImDrEvixyQqSHW739--0-F71F63J6-SdtPrDR_VWuG&sig=Cg0ArKJSzEuSM5_-WUs5EAE&id=lidar2&mcvt=1019&p=0,15,250,315&mtos=1019,1019,1019,1019,1019&tos=1019,0,0,0,0&v=20220511&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=829915779&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1652811862786&rpt=811&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B678 13 KB
5 KB 40ms
40ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 1521
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 17 May 2022 17:59:03 GMT
expires: Wed, 17 May 2023 17:59:03 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame C6AC 783 B
535 B 49ms
48ms Document
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3db2afb2d2cfef4d21e7c775ce50ea302e5b3d74bf41da85b9e731b535016877

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-va9OVufdk0V5Kfgcz5opUQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-va9OVufdk0V5Kfgcz5opUQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 17 May 2022 18:24:24 GMT
expires: Tue, 17 May 2022 18:24:24 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C930 42 B
64 B 74ms
74ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvH2W5U8LjY-PDGYWN2qrUrbMHUdfDpN_bZLI-N-n5H_o5wdQpoDxboS2JgOuM747KK8ZmF4fKIfbilb1ymZ9Ze_AgKEfqUo9_DoFhoXYkA2z1bpgRVsFZhLK2L&sai=AMfl-YQyup1h15MTRr1RRZeEVGLs6wtCEfDRkHrdm2qMLl239wJFMlqNePnW7srf3gyQqO3BfTVUDVgtAKZa&sig=Cg0ArKJSzJqcMGqCTLBtEAE&id=lidar2&mcvt=1006&p=0,0,188,730&mtos=1006,1006,1006,1006,1006&tos=1006,0,0,0,0&v=20220511&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=2934450161&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1652811862743&rpt=940&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 87D0VuGGyd8o4x1zT1VlOmQj8xrGMl1xcSeEyGhgSwY.js Show response
pagead2.googlesyndication.com/bg/ Frame B678 35 KB
13 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/87D0VuGGyd8o4x1zT1VlOmQj8xrGMl1xcSeEyGhgSwY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f3b0f456e186c9df28e31d734f55653a6423f31ac6325d71712784c868604b06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 16 May 2022 17:58:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 87962
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13472
x-xss-protection: 0
last-modified: Mon, 02 May 2022 13:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 16 May 2023 17:58:22 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C6AC 0
0 79ms
79ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220509&jk=3889823887939924&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame E8C2 0
0 81ms
81ms Fetch
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CTGn8WOiDYqydCIGWgQerkKqYBMme0rFctZjj1pMBwI23ARABIABglQKCARdjYS1wdWItNzEzMDUyMjU1ODI1MTIwMaAB1bbS6gPIAQmpAmta3VZCrrE-4AIAqAMBqgSFAk_QdQW_hh2nSVIlbF3zxG1r1NdccTlgQEurVIAjbnCEKr-CCVwjOhlPk_JkHzmzp7DkdlIYuvI8mfIVh6kI2zg3DX6tY1r5L6SypSdTpENVtR1_D1fek4fn4IsVZtKK4eqvMq5tjphaZAhGVgrMCd8qaPq8j3iGNpKrhUgIl7Shs-uQuXpO404nedqZq-9cPfoW825XXMuesR0hu46kbacYL2FvV6NvkqYQQt6t48Y1_slIxd2oiMzWXkWlfxdw3Tr_4DrNLKuv7P73ZweIETLbQUX9OSEeWpVooMDiQDhWa7-wcoticGq1wOIJ05Wq24b-81K-Il_J_BdEkah1Tk4wmBctQuAEAYAGi76M3cCuk9raAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTcxMzA1MjI1NTgyNTEyMDEYq5Fw&sigh=vBuwbkAhqfA&uach_m=[UACH]&cid=CAQSOwCNIrLMqC6JL6Jdd7jhC1-JQfvHj7g7RRuMwFDApI-dvZWEDg6EwTfjbIbQJK_Cpk6u8dAC8rY-aAFDGAE
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl.eu.criteo.com/google/auction/ Frame E8C2 0
0 103ms
34ms Fetch 2a02:2638:1::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=kODuEuWyMMQEkAOdg2ICAgAAAG_Qz7VuKofXEFfog2JjFIT85F9h8ozkfAASAAA&wp=YoPoWAACDqwK4EsBAAqIK2imhG1ScHJJESnbAg

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/ayg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:23 GMT
server: Kestrel
server-processing-duration-in-ticks: 245788
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 4009 141 KB
46 KB 171ms
169ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=YoPoWAACDqwK4EsBAAqIK2imhG1ScHJJESnbAg&u=%7CH%2Fudr%2FBqJnzddeTZFFVnNd0Z8kav6%2Bc%2BrsO7x737BVo%3D%7C&c1=0n2XosTo5clc2Y5hvSIf5mYMGd9qs4qlgkCe6-ijoCRMK1mCmTgIbqIDMD2xRulRs1WR3SMSMjCjPcKo2Ky-sWAAgnR155fpZaW0UpgRNfFYv-A6W_zmlvG9wHJt5FPMfNfl6IvItqReK_SJG43nL4Pf_7NaQHUb8Hmx3iNkELobq8lKiqBFxHcDw1TpfpbYDEiEr4ZZ3Gs0sHqEhnS8rqBUjnTT0VSVXvLk4sIPwUc7bcn8nL32TSyoLv2XxTl-eXxGV_0fEQ6jZdAxOkyddtDCWb3XJ3R9g9glp4Q8VE5whz15ZhCrmuOTsssJmQpyWSB7xtvwR02dsXoreoS7QU0MOW_bZdBxPWXHbmy59a2884fZPbNqFlOUnl92bbNet0NympFPBiKjT2wb9O7F2woV-o3TZq2dIDATYlvuW7xjquW0A_JWSNVwrVR98PK0_K2ptQiDl7w8VTvhKSo4lkmgcBdsR_fjO1MOVpbk7XteofTGapnUEg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-aOSWOiDYqydCIGWgQerkKqYBMme0rFctZjj1pMBwI23ARABIABglQKCARdjYS1wdWItNzEzMDUyMjU1ODI1MTIwMaAB1bbS6gPIAQmpAmta3VZCrrE-4AIAqAMBqgSIAk_QdQW_hh2nSVIlbF3zxG1r1NdccTlgQEurVIAjbnCEKr-CCVwjOhlPk_JkHzmzp7DkdlIYuvI8mfIVh6kI2zg3DX6tY1r5L6SypSdTpENVtR1_D1fek4fn4IsVZtKK4eqvMq5tjphaZAhGVgrMCd8qaPq8j3iGNpKrhUgIl7Shs-uQuXpO404nedqZq-9cPfoW825XXMuesR0hu46kbacYL2FvV6NvkqYQQt6t48Y1_slIxd2oiMzWXkWlfxdw3Tr_4DrNLKuv7P73ZweIETLbQUX9OSEeWpVooMDiQDgUaZ4i9QT-Y9Up1EHZ7jNS0pL0RViQOt19NCriYxdrYla1MpM-_R3NYuAEAYAGi76M3cCuk9raAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3hZdhjfx4QCdDLzpWSaJMOgCjqYA%26client%3Dca-pub-7130522558251201%26adurl%3D

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ffbfd8f1aebb8e1f2ab2bd88ec07e5d113c515ad11233492317e8dcbef87c797

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Tue, 17 May 2022 18:24:24 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=f2UauIrzBHNPc2VYd8IrbKdDgbEAMxj4Y_saXOhsxl0PdKr9UZEmWX_4GCL1Zoq57UGGSrEZOb4vePMBvERax0jQLnWuha3lpL6PCzeRR0aHkOmoX73fl6ocon-DklVTH4knl23l4V23yC4-Yvcy9JVA6V8S_uuG4L-oz7b-m2hqcq_t-bzxfgz5IdHhdlTOT4-Fnn68ifgbmb3e2uYHQQUIn0be9b4_qUL2N-5SxZ94xPjjuYkJX9bGiX85PbA7chRw1A"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 109993196
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame E8C2 3 KB
1 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/window_focus_fy2019.js

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:22:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 97
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 May 2022 18:22:47 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame CB21 1 KB
749 B 41ms
40ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 45040
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 17 May 2022 05:53:44 GMT
etag: 48472445140208031
expires: Wed, 18 May 2022 05:53:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E8C2 121 KB
37 KB 118ms
117ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f53136d93b874d5ba193020ce13caae15abba12c500047c98985c3334a5c8c42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37626
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652269989122821"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 17 May 2022 18:24:24 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame E8C2 15 KB
6 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

965195159be784009cc31e4aff2505c066643cf8cdc99df7f56c2eab2abeda82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:22:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 109
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6412
x-xss-protection: 0
server: cafe
etag: 1643562372680595834
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 May 2022 18:22:35 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame E8C2 0
0 49ms
48ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTaqqkViD756Ubav22ZQ4jtYalRjKeSLlA0qgUhTILSbgYrAvInoU6mFn6tnkZPM1sw1T7KuCTCehfQ_SNL2h22zmuiZw
Requested by: Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame E8C2 22 KB
7 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 15 May 2022 15:40:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 182652
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 15 May 2023 15:40:12 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 714D 0
0 80ms
80ms Fetch
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cwr6wWOiDYtGeCIGWgQerkKqYBMme0rFc1Z2R93DAjbcBEAEgAGCVAoIBF2NhLXB1Yi04NTg0Mzg0NTE2NTUwMTAwoAHVttLqA8gBCakCa1rdVkKusT7gAgCoAwGqBP4BT9BHYI0zRmywRY0VCbKmKdHkYd4eLVT7fqWuUaaPUQ07me5lKFAcg-f64HhnS_AKNeW7wsJ6I8ImNYEKg70nqaj1ItTT9s4ctACcgvpHFcindiDI-jUid7krKsFJkvr6q4e4Bc1MJGfjq4y3URAcX3ZFmohxGvNSbGMNpl9pma4PuZj6EH3MU3CJavbF46rVCc_sLcS_Hk-Sw2pJskrvhnkv4i_jC7fZ83tFk_byzjjwujj7ePtH314uhoPQNf-T_Zc57UPU5hgVHCt4tbC85hQuJFU7D_12oF8IS0dLGtJkCatYMBCy1XRXyKvVTqGRiNpr_VmK8TbyCExHLtfgBAGABrn6je7ojPjawwGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAYAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi04NTg0Mzg0NTE2NTUwMTAwGKuRcA&sigh=v_FzqapQ57g&uach_m=[UACH]&cid=CAQSOwCNIrLMqC6JL6Jdd7jhC1-JQfvHj7g7RRuMwFDApI-dvZWEDg6EwTfjbIbQJK_Cpk6u8dAC8rY-aAFDGAE
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl.eu.criteo.com/google/auction/ Frame 714D 0
0 97ms
34ms Fetch 2a02:2638:1::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=kPSWEujMCcoHWp2DYgICAAAACMWleVMhPiAQV-iDYiEL6ah9VffXhteuABIAAA&wp=YoPoWAACD1EK4EsBAAqIK9WSE9tQoQaQJLi2Qw

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/ayg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
server: Kestrel
server-processing-duration-in-ticks: 163808
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 727F 176 KB
54 KB 129ms
125ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=YoPoWAACD1EK4EsBAAqIK9WSE9tQoQaQJLi2Qw&u=%7CH%2Fudr%2FBqJny9uHVNN9iAencr4h6dRyV0Wd4sqKpvSyY%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9WJFnYIjd6QuwnXZqEaa1gUNh9XpcFaLgYAMdHUQKUvDTjI51INLdRCtFN-3CSgzfR7p-o4F1qZDpl6ydNq-Z1lPG9TQELik0f-QF3H_oFq0TWrhFNtVK2JyGEHX5oqgOEgnIK2QpFr4q_37Z7SRiQtHE6Q7e8YowcJOby0QAD-coIfsfAaSfKEskcUGvYUIqo53wkENy28xIfDoMi_WxG1Hjh7q7WvaEOqj4tVo9UFhssy_k9vM0BYxfhBO_Fti_U9OQsaXYncaTfZfcdkyKyBy2heYx9Dl7uR5_OwCRhSykPLk00C-XmC671pX6hMCyDzStAxOS-D-LlooJk2AFOIgA15UAyIGO6Y53XYVvmJsg7LrxK6NhrzEKl5X1bNn23CjXRav15jeKpCCsSEf6GUtu8rIrlSecP8OA37RUCOn4&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC3GtTWOiDYtGeCIGWgQerkKqYBMme0rFc1Z2R93DAjbcBEAEgAGCVAoIBF2NhLXB1Yi04NTg0Mzg0NTE2NTUwMTAwoAHVttLqA8gBCakCa1rdVkKusT7gAgCoAwGqBIECT9BHYI0zRmywRY0VCbKmKdHkYd4eLVT7fqWuUaaPUQ07me5lKFAcg-f64HhnS_AKNeW7wsJ6I8ImNYEKg70nqaj1ItTT9s4ctACcgvpHFcindiDI-jUid7krKsFJkvr6q4e4Bc1MJGfjq4y3URAcX3ZFmohxGvNSbGMNpl9pma4PuZj6EH3MU3CJavbF46rVCc_sLcS_Hk-Sw2pJskrvhnkv4i_jC7fZ83tFk_byzjjwujj7ePtH314uhoPQNf-T_Zc57UPU5hgVHCt4tbC85hQuJFU7D_124l0p2cDEhsHblb_74C0ULX1Dwh3fYLkTPBJWW6s17xrqjebDPWjbB-bgBAGABrn6je7ojPjawwGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0qNP5fC17CNumbtrrK4y-rNiQxaQ%26client%3Dca-pub-8584384516550100%26adurl%3D

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ecef0c0b515a4548e99c4636b57a9391253e9027dd0f21f277eafbebff2ed4df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Tue, 17 May 2022 18:24:23 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=_zzvzorzBHNPc2VYECZjiCWYEhkSHoPWDWcsY8XwVIlhpeNuL6VbL_gSqJAtBi971ZpfyDWORaDTVI7XwwLab5gmHFbqdaPWfA8x1GkaJmK-Wzz3KeMBAUGC_875BSlJmKNSLVVTAYWOZVFHaLx1HZRK0qQfNeU8f4iLr4Lz1w4skUpQAuXWKOcOlaKsvMNG_KoQzrBDW9pR3D9UMBDuTK4xaB9sevBquOdf8Qx3tKXX_ej3wd_C6t5myTuS1peGd2ULfg"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 90799524
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame 714D 3 KB
1 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/window_focus_fy2019.js

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:22:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 97
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 May 2022 18:22:47 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9542 1 KB
749 B 42ms
40ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 45040
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 17 May 2022 05:53:44 GMT
etag: 48472445140208031
expires: Wed, 18 May 2022 05:53:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 714D 121 KB
37 KB 126ms
125ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f53136d93b874d5ba193020ce13caae15abba12c500047c98985c3334a5c8c42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37626
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652269989122821"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 17 May 2022 18:24:24 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame 714D 15 KB
6 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

965195159be784009cc31e4aff2505c066643cf8cdc99df7f56c2eab2abeda82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:22:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 109
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6412
x-xss-protection: 0
server: cafe
etag: 1643562372680595834
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 May 2022 18:22:35 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 714D 0
0 52ms
51ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSq7xKt-NmSYelEmp-LrtjoGu1ET7QevckqG2LKSs1wE6TM75DFHSLvjkl9jGrkWR2_ut64HEr3vqQGxpae0zqEBrVyEQ
Requested by: Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 714D 22 KB
7 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 15 May 2022 15:40:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 182652
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 15 May 2023 15:40:12 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 443D 0
0 77ms
77ms Fetch
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CUXBOWOiDYoucCIGWgQerkKqYBMme0rFc1Z2R93DAjbcBEAEgAGCVAoIBF2NhLXB1Yi0zOTk0NDY0MTQwNDMxNjAzoAHVttLqA8gBCakCa1rdVkKusT7gAgCoAwGqBPwBT9C9tQMxiU6rMTyPqUDCaaK9pbT_rTkycAxtvwHxg916OVUwdtC81Cca7hsgzrWXzmOfF2-4oiKQ6Kn-JEmsFUsDocOLnr2UFKTvN9qsTkFBQB8xsV9GObr2p6g3Uzfysw-T4wtvlJKxhXUF1gntKzg4LMLE4fHIUXL6viTb4-WKeYxxuDrJZVycuACi4le0ZDZK24x9OJs29x8Omte3jV7QZcTUNWIR5HZ2HQ9GaLkLY2Nbub0ABeVLk1O_N4-eL6AMKXnyoBMfgXWwAW53ewBu9PtHEigBxwphcveRQc_BRP15ti8e9mhLsNo8xIvJ8aB6siesDyKpBlL64AQBgAbzoaOX0Oyz7n2gBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAYAKAfoLAggBgAwB0BUBgBcBshccChoSFHB1Yi0zOTk0NDY0MTQwNDMxNjAzGKuRcA&sigh=_k7-ugRPaDQ&uach_m=[UACH]&cid=CAQSOwCNIrLMqC6JL6Jdd7jhC1-JQfvHj7g7RRuMwFDApI-dvZWEDg6EwTfjbIbQJK_Cpk6u8dAC8rY-aAFDGAE
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl.eu.criteo.com/google/auction/ Frame 443D 0
0 85ms
34ms Fetch 2a02:2638:1::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=kr-yEt2BMKwC-gGdg2ICAgAAAFwSW9BNt8mz7VoEgRBX6INiKZjGu0uB19opKBYAEgAA&wp=YoPoWAACDgsK4EsBAAqIK3dagTMRijz8ZxI2bA

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/ayg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
server: Kestrel
server-processing-duration-in-ticks: 297454
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame AFB6 47 KB
18 KB 41ms
40ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=YoPoWAACDgsK4EsBAAqIK3dagTMRijz8ZxI2bA&u=%7CH%2Fudr%2FBqJnwefUpAleY3nSDR3%2F%2BAL1rlMH7M7x%2FX7L4%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzm4RCiJiIGT5xwGwpq72AA9lgQMhjuegw_i1z1sivk7Dkf3965Oj6pIy1pLVOsYrbonYUYAxlqMeclno8pSZAKGDq861CQvEt67w2gKcVchupdXjmKIQz91Mo_56LU-z-LMaLyfdVQIdXkluoVFrFVdMZgoIJoHXccpMXVSq3o9R0_DmdsWXpa0TQJOJQM-FHGTEAZPxIZnNAcoHDUBLxnN3oceoM-te-V4aZGVAGkD2hueRXMGH0ls95oS-5YCDA1ZdGwf-nAncL59XP3VCJLdpG9k42_NNBk8duiSdU6EmGU1pqR7X1SpPI9BUdiV1capc1TZmolqv3vvnKYX3l0trIh7RBdTAwu6jXXqgzrzJ1MIHsY7dv6kxwc0P0HKLWXWfmMSl0fvAZbcKCFcZnQtjo_1g7ssFDTLpbzVspu1VnLe7esA9KRr&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP9PZWOiDYoucCIGWgQerkKqYBMme0rFc1Z2R93DAjbcBEAEgAGCVAoIBF2NhLXB1Yi0zOTk0NDY0MTQwNDMxNjAzoAHVttLqA8gBCakCa1rdVkKusT7gAgCoAwGqBP8BT9C9tQMxiU6rMTyPqUDCaaK9pbT_rTkycAxtvwHxg916OVUwdtC81Cca7hsgzrWXzmOfF2-4oiKQ6Kn-JEmsFUsDocOLnr2UFKTvN9qsTkFBQB8xsV9GObr2p6g3Uzfysw-T4wtvlJKxhXUF1gntKzg4LMLE4fHIUXL6viTb4-WKeYxxuDrJZVycuACi4le0ZDZK24x9OJs29x8Omte3jV7QZcTUNWIR5HZ2HQ9GaLkLY2Nbub0ABeVLk1O_N4-eL6AMKXnyoBMfgXWwAW53ewBu9PtHEmoD5pjm_WuC_lPV5y1EENcX4mL9uvQkRj8BzAaIDTmAF6cDgkFFo3Za4AQBgAbzoaOX0Oyz7n2gBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0vt4_djumDEQSTxV0Ka1R9vW7Q0Q%26client%3Dca-pub-3994464140431603%26adurl%3D

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/ayg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

79fb583750253f16f5b61da1776fc8c42de42b9ea7ce91dc345cf6b4f77bcae2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Tue, 17 May 2022 18:24:24 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=hMPp_IrzBHNPc2VYJuz6oQ_L0EAdyvZ5PDhnkj-xLDfCwnGgOT9_AgHrxLVgwrTQenWkxgmMVgkILQodRzGNabqviHr3J1hmhjx2JVm3CaIDjPuIJguZy5v7sop7fau5FfB0lGmAZ_10BdZIu97yv__TK8m_TH01adf_hcgrpffOXOqjxPdsIq36IceBm9ZSbzCG8w5a6MSMfhBMJU16HJtexAt4Z5sBJA0zod4LOHxWdWI7OLhCw9DOB56CbOgpkxsBG0zfnH6ploeR"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 4670765
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame 443D 3 KB
1 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/window_focus_fy2019.js

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/ayg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:22:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 97
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 May 2022 18:22:47 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame BA1B 1 KB
749 B 41ms
40ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/ayg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 45040
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 17 May 2022 05:53:44 GMT
etag: 48472445140208031
expires: Wed, 18 May 2022 05:53:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 443D 121 KB
37 KB 112ms
112ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/ayg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f53136d93b874d5ba193020ce13caae15abba12c500047c98985c3334a5c8c42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37626
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652269989122821"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 17 May 2022 18:24:24 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame 443D 15 KB
6 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/ayg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

965195159be784009cc31e4aff2505c066643cf8cdc99df7f56c2eab2abeda82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:22:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 109
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6412
x-xss-protection: 0
server: cafe
etag: 1643562372680595834
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 31 May 2022 18:22:35 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 443D 0
0 48ms
47ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTYA0kFtFh7Ti68u2u8tii17Af3c8t5ZcPtVpgm3kwmtN8-qUBYjCpowhxKcN5KBX2vZ0IyWf5CJk2jeBpJDnmRbolGOA
Requested by: Host: leviatanscans.com
URL: https://leviatanscans.com/ayg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 443D 22 KB
7 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: leviatanscans.com
URL: https://leviatanscans.com/ayg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 15 May 2022 15:40:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 182652
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 15 May 2023 15:40:12 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame AFB6 2 KB
1 KB 34ms
33ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YoPoWAACDgsK4EsBAAqIK3dagTMRijz8ZxI2bA&u=%7CH%2Fudr%2FBqJnwefUpAleY3nSDR3%2F%2BAL1rlMH7M7x%2FX7L4%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzm4RCiJiIGT5xwGwpq72AA9lgQMhjuegw_i1z1sivk7Dkf3965Oj6pIy1pLVOsYrbonYUYAxlqMeclno8pSZAKGDq861CQvEt67w2gKcVchupdXjmKIQz91Mo_56LU-z-LMaLyfdVQIdXkluoVFrFVdMZgoIJoHXccpMXVSq3o9R0_DmdsWXpa0TQJOJQM-FHGTEAZPxIZnNAcoHDUBLxnN3oceoM-te-V4aZGVAGkD2hueRXMGH0ls95oS-5YCDA1ZdGwf-nAncL59XP3VCJLdpG9k42_NNBk8duiSdU6EmGU1pqR7X1SpPI9BUdiV1capc1TZmolqv3vvnKYX3l0trIh7RBdTAwu6jXXqgzrzJ1MIHsY7dv6kxwc0P0HKLWXWfmMSl0fvAZbcKCFcZnQtjo_1g7ssFDTLpbzVspu1VnLe7esA9KRr&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP9PZWOiDYoucCIGWgQerkKqYBMme0rFc1Z2R93DAjbcBEAEgAGCVAoIBF2NhLXB1Yi0zOTk0NDY0MTQwNDMxNjAzoAHVttLqA8gBCakCa1rdVkKusT7gAgCoAwGqBP8BT9C9tQMxiU6rMTyPqUDCaaK9pbT_rTkycAxtvwHxg916OVUwdtC81Cca7hsgzrWXzmOfF2-4oiKQ6Kn-JEmsFUsDocOLnr2UFKTvN9qsTkFBQB8xsV9GObr2p6g3Uzfysw-T4wtvlJKxhXUF1gntKzg4LMLE4fHIUXL6viTb4-WKeYxxuDrJZVycuACi4le0ZDZK24x9OJs29x8Omte3jV7QZcTUNWIR5HZ2HQ9GaLkLY2Nbub0ABeVLk1O_N4-eL6AMKXnyoBMfgXWwAW53ewBu9PtHEmoD5pjm_WuC_lPV5y1EENcX4mL9uvQkRj8BzAaIDTmAF6cDgkFFo3Za4AQBgAbzoaOX0Oyz7n2gBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0vt4_djumDEQSTxV0Ka1R9vW7Q0Q%26client%3Dca-pub-3994464140431603%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 May 2023 18:24:24 GMT

GET
H2 200 adchoices_en.svg
static.criteo.net/flash/icon/ Frame AFB6 2 KB
1 KB 44ms
44ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_en.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-759"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 May 2023 18:24:24 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame AFB6 308 B
636 B 33ms
33ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Fri, 12 May 2023 18:24:24 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame AFB6 507 B
835 B 70ms
69ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Fri, 12 May 2023 18:24:24 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame AFB6 43 B
347 B 36ms
36ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=udz5VJLM8cielCDEiaOKWkyZkqU8k3NKsq1kW8Vcjk5bNffdXFU9K6WQdjqFrAA2kByXx32UcdW7UeZu7yCD92tcGsSnQ9bY3INa0dMEMWoy9NE_ul6uRfJHFm3ADevY8J-14_PqM_LZK-nyfCyUbZpITWQRqjRHxZn_SINtn2wqdy8yROKG6yC85Bxt3pL5A7PlmLDaFinI22pPxBx4RdmG-JuNvB2jWAZomc6pplq9cHWmD3-xCaLoi_iY-4JG2ZXL0ThKy6I9gsA_gmFmNrTQnArkXuORENSwcQ7m8qUgMIY2ALMT0kiuTNAZIBy0vtHWHG1k2zBgyAhyO27eDapoJT_mElDK0dFaXJmyuFifMD4vsqr8f4CDD-7HTKiR0t9uj8zZFBcPLkaIgJZqQ0Gf1Wk6dUSYDzUyPBGo3QpAlrhc60nVsn17T6lvH1BR0IxOQ8H2vHfb2_YqTyCzMeSjtsI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:24 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3096737
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 fc91354f0ebf4923b829904e1af0a332_image_ad_300x250.gif
static.criteo.net/design/dt/70777/220127/ Frame AFB6 51 KB
51 KB 35ms
34ms Image
image/gif 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/70777/220127/fc91354f0ebf4923b829904e1af0a332_image_ad_300x250.gif

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

4ddb98bef9732a8caf32acb37b5799bd27556ca0f2a26b9b6e17b6d0d77b66b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Thu, 27 Jan 2022 15:42:08 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "61f2bd50-cc4b"
strict-transport-security: max-age=31536000; preload;
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 52299
expires: Fri, 12 May 2023 18:24:24 GMT

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 042B 634 KB
205 KB 120ms
41ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100569
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame AE9F 44 KB
17 KB 157ms
48ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 17 May 2022 18:24:25 GMT

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame FF96 634 KB
205 KB 125ms
59ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100569
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 9A20 634 KB
205 KB 133ms
74ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100569
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 2DEA 634 KB
205 KB 94ms
44ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100569
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 2928 634 KB
205 KB 131ms
89ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100569
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dpixel
cms.quantserve.com/ Frame CB21 35 B
463 B 128ms
42ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEGcMzLcHfHXuE6OZ5H4mkyw&google_cver=1&google_push=AYg5qPI6U1ESS6W_XpYgD-J8pA2VnXiuoVshM7rHjorUhxI52CudwoMtFQKQvE1t7FjkuHHWLonJCwF1UgA6DEtAGCJa8SSjKaH-

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:25 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CB21
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPL1E4X6QmW-NJhvRkmPH9OpIrs53BrlpdG_5Wl...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WW9Qb1dRQUFCVEUwVHdQNQ&google_push=AYg5qPL1E4X6QmW-NJhvRkmPH9OpIrs53BrlpdG_5WljiVcw_kEu2mroJSSv-trzTuKXrqHLB-8pxNDP6LvUMUEaiQvzXUnWrYkb

170 B
188 B

50ms
49ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WW9Qb1dRQUFCVEUwVHdQNQ&google_push=AYg5qPL1E4X6QmW-NJhvRkmPH9OpIrs53BrlpdG_5WljiVcw_kEu2mroJSSv-trzTuKXrqHLB-8pxNDP6LvUMUEaiQvzXUnWrYkb

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WW9Qb1dRQUFCVEUwVHdQNQ&google_push=AYg5qPL1E4X6QmW-NJhvRkmPH9OpIrs53BrlpdG_5WljiVcw_kEu2mroJSSv-trzTuKXrqHLB-8pxNDP6LvUMUEaiQvzXUnWrYkb
Date: Tue, 17 May 2022 18:24:25 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CB21
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEJwPXXmNB27R9cFdxJjpPKE&google_cver=1&google_push=AYg5qPKcmgqkBnGWm6ZzGs3kr4_QjJ_Xf4WWsO8WPj_ehIDe6wYTgLkQm1-yfxmviqGc_OFkXmdqnL4CdhosGv7HBUSPy1GQyq8Y
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKcmgqkBnGWm6ZzGs3kr4_QjJ_Xf4WWsO8WPj_ehIDe6wYTgLkQm1-yfxmviqGc_OFkXmdqnL4CdhosGv7HBUSPy1GQyq8Y&google_hm=Q0FFU0VKd1BYWG1OQjI3U...

170 B
188 B

49ms
49ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKcmgqkBnGWm6ZzGs3kr4_QjJ_Xf4WWsO8WPj_ehIDe6wYTgLkQm1-yfxmviqGc_OFkXmdqnL4CdhosGv7HBUSPy1GQyq8Y&google_hm=Q0FFU0VKd1BYWG1OQjI3UjljRmR4SmpwUEtF

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 17 May 2022 18:24:24 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKcmgqkBnGWm6ZzGs3kr4_QjJ_Xf4WWsO8WPj_ehIDe6wYTgLkQm1-yfxmviqGc_OFkXmdqnL4CdhosGv7HBUSPy1GQyq8Y&google_hm=Q0FFU0VKd1BYWG1OQjI3UjljRmR4SmpwUEtF
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame CB21 43 B
356 B 113ms
38ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEMdNrKlppDu59RtVdrDxECc&google_push=AYg5qPLDuZslVDLFntacdZpxSSOEHKkExvhtQBKgGvX8G7vC8sO7XLw4joj6ycoF_kM6AFaak0dhEU4q2t_pK-vHtWCPxxdFNH4&google_cver=1
Requested by: Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:25 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame CB21 43 B
350 B 94ms
32ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEC2ePnyigYyNUB_hePQzgXU&google_cver=1&google_push=AYg5qPLH7kG2pn1DygtI8B5DNUzvMWgef-4ngX3VesL98vMOyxDzbBT8qlNdOanQmmHXKeAnR1NSCUWflfiI_QidFm7YMEfAsdqb
Requested by: Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:24 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 7hueabfe494mupttpm3a24eirhr1cuds

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CB21
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=PDZU6j7kSCmm_7odHhrmyA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

48ms
48ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=PDZU6j7kSCmm_7odHhrmyA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLmnmqNCtmTBHe9Lzgc-wgHPqhQyQLNCHZUJlMptMoLFMRbALnkG8iZdGOhWtG8LAfeVBbvXXSEX-REB-IHCz6uGs0q6qcR

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=PDZU6j7kSCmm_7odHhrmyA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLmnmqNCtmTBHe9Lzgc-wgHPqhQyQLNCHZUJlMptMoLFMRbALnkG8iZdGOhWtG8LAfeVBbvXXSEX-REB-IHCz6uGs0q6qcR
date: Tue, 17 May 2022 18:24:24 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET googleredir
googlecm.hit.gemius.pl/ Frame CB21 0
0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame CB21 0
40 B 152ms
57ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IV-kOPD4lAXP08BSCelZyQQSd9DHYi4lc5KF_HodapLecD36-PnFjbX_TUDWILqEggFopNpA

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 dpixel
cms.quantserve.com/ Frame 9542 35 B
463 B 125ms
42ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEGcMzLcHfHXuE6OZ5H4mkyw&google_cver=1&google_push=AYg5qPJ0UbbIrh-ihMrEgef_nrjfHZkotY2tlZELn6QTIA5GGVrycl-pjlaUBGBJ9VuD5skjg-b3uV5_K1reS9MApONvkN3s6zzh

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:25 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9542
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELlI7lKERSuaAH_th3E6IuU&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELlI7lKERSuaAH_th3E6IuU&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=VnNOd0I4eVkxTlIxUlQ1&google_gid=CAESELlI7lKERSuaAH_th3E6IuU&google_cver=1&google_push=AYg5qPKz6_TmBX4Iy-1kV8kRsThL_zuhwloURYkftmpKtNE...

170 B
188 B

49ms
48ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=VnNOd0I4eVkxTlIxUlQ1&google_gid=CAESELlI7lKERSuaAH_th3E6IuU&google_cver=1&google_push=AYg5qPKz6_TmBX4Iy-1kV8kRsThL_zuhwloURYkftmpKtNE25yMYNgjv_08lJ4E8R3U8I9xxB1_948fUG7JlZY3OKru6tWbx85Fu

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 17 May 2022 18:24:24 GMT
Server: PingMatch/68b9f5e#68b9f5e54dfc641b3d4f527e43216a87a5c6cf08 i-0d838a898723b026e@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=VnNOd0I4eVkxTlIxUlQ1&google_gid=CAESELlI7lKERSuaAH_th3E6IuU&google_cver=1&google_push=AYg5qPKz6_TmBX4Iy-1kV8kRsThL_zuhwloURYkftmpKtNE25yMYNgjv_08lJ4E8R3U8I9xxB1_948fUG7JlZY3OKru6tWbx85Fu
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9542
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEIMaub3XuWEq8z80WTQ6c_Q&google_cver=1&google_push=AYg5qPKolJOVvlub11TvNfoFsH6L-3FjnrGZFJI08epaWbEmzkWy2N37FoCc-lnqObRaVrV-LhcDuxJyzm1aPUhh...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPKolJOVvlub11TvNfoFsH6L-3FjnrGZFJI08epaWbEmzkWy2N37FoCc-lnqObRaVrV-LhcDuxJyzm1aPUhhscj2m_9fB1nE

170 B
188 B

51ms
51ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPKolJOVvlub11TvNfoFsH6L-3FjnrGZFJI08epaWbEmzkWy2N37FoCc-lnqObRaVrV-LhcDuxJyzm1aPUhhscj2m_9fB1nE

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 17 May 2022 18:24:25 GMT
Server: MT3 4409 ba5503e master hkg-pixel-x5 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPKolJOVvlub11TvNfoFsH6L-3FjnrGZFJI08epaWbEmzkWy2N37FoCc-lnqObRaVrV-LhcDuxJyzm1aPUhhscj2m_9fB1nE
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 17 May 2022 18:24:24 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9542
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEMWZUfN51zgMsGlqaAdZQ60&google_cver=1&google_push=AYg5qPJNt1twNj03m1UQQUMjZjVqaTw0eHQWZq14wKwA3r5AlCbKM35jUfIoryO1acS8kJX_i8DjgNDvZxcwdX-18DWcvN_...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPJNt1twNj03m1UQQUMjZjVqaTw0eHQWZq14wKwA3r5AlCbKM35jUfIoryO1acS8kJX_i8DjgNDvZxcwdX-18DWcvN_3qEKz&google_hm=MTY0NDEzMjY0OTAwNTE5Nz...

170 B
188 B

131ms
49ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPJNt1twNj03m1UQQUMjZjVqaTw0eHQWZq14wKwA3r5AlCbKM35jUfIoryO1acS8kJX_i8DjgNDvZxcwdX-18DWcvN_3qEKz&google_hm=MTY0NDEzMjY0OTAwNTE5NzY2Nw%3D%3D

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 17 May 2022 18:24:25 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPJNt1twNj03m1UQQUMjZjVqaTw0eHQWZq14wKwA3r5AlCbKM35jUfIoryO1acS8kJX_i8DjgNDvZxcwdX-18DWcvN_3qEKz&google_hm=MTY0NDEzMjY0OTAwNTE5NzY2Nw%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9542
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEKbmewbOsINbk2258giuy-Q&google_cver=1&google_push=AYg5qPJCVT9ZGvjJ98zQAEBENqPNDBS4y-iscH7ZvTMGG6UKyuMKcHx4JCgRlJPLI0Xb7eGc60shmVB4fWQCG3YUbwUS3nI...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEKbmewbOsINbk2258giuy-Q&google_cver=1&google_push=AYg5qPJCVT9ZGvjJ98zQAEBENqPNDBS4y-iscH7ZvTMGG6UKyuMKcHx4JCgRlJPLI0Xb7eGc60shmVB4fWQCG3YUbwUS3...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPJCVT9ZGvjJ98zQAEBENqPNDBS4y-iscH7ZvTMGG6UKyuMKcHx4JCgRlJPLI0Xb7eGc60shmVB4fWQCG3YUbwUS3nIBa2vR

170 B
188 B

49ms
49ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPJCVT9ZGvjJ98zQAEBENqPNDBS4y-iscH7ZvTMGG6UKyuMKcHx4JCgRlJPLI0Xb7eGc60shmVB4fWQCG3YUbwUS3nIBa2vR

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPJCVT9ZGvjJ98zQAEBENqPNDBS4y-iscH7ZvTMGG6UKyuMKcHx4JCgRlJPLI0Xb7eGc60shmVB4fWQCG3YUbwUS3nIBa2vR
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H/1.1 200
OK us
sync.go.sonobi.com/ Frame 9542 0
478 B 150ms
34ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAYg5qPLye30OIWTFt7BiF2UicvGAkYIm-ZbcE6S1H3p8JVPfPLWUEf97pzzDe6qbSixy4gT5RjFbFgyQJRr8LnVWMFNv5beGXuQ%26google_hm%3D%5BUID%5D&google_gid=CAESEDgJvux9iUG5QeLbBCpJrBk&google_cver=1

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 17 May 2022 18:24:25 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9542
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEEX5XBzByOWA4ha9_oeG7i4&google_cver=1&google_push=AYg5qPJ2c_hhkZGVmZuCR00rauvX_FMCpDY0JKUz_-8URx_gWre_-Xx9wofOj6AEA86wRx5cT5...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEEX5XBzByOWA4ha9_oeG7i4&google_cver=1&google_push=AYg5qPJ2c_hhkZGVmZuCR00rauvX_FMCpDY0JKUz_-8URx_gWre_-Xx9wofOj6AEA86wRx5cT5...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1VdDRaTWQxRTJ1RVhDa0Q5ZDIyV25aUVFpUVJxWE8xRX5B&google_push=AYg5qPJ2c_hhkZGVmZuCR00rauvX_FMCpDY0JKUz_-8URx_gWre_-Xx9w...

170 B
188 B

82ms
50ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1VdDRaTWQxRTJ1RVhDa0Q5ZDIyV25aUVFpUVJxWE8xRX5B&google_push=AYg5qPJ2c_hhkZGVmZuCR00rauvX_FMCpDY0JKUz_-8URx_gWre_-Xx9wofOj6AEA86wRx5cT5zvTaVP59KnZU2MjurCaY1BYHCBlg

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1VdDRaTWQxRTJ1RVhDa0Q5ZDIyV25aUVFpUVJxWE8xRX5B&google_push=AYg5qPJ2c_hhkZGVmZuCR00rauvX_FMCpDY0JKUz_-8URx_gWre_-Xx9wofOj6AEA86wRx5cT5zvTaVP59KnZU2MjurCaY1BYHCBlg
date: Tue, 17 May 2022 18:24:25 GMT
server: ATS/9.1.0.46
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 9542 0
232 B 148ms
56ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IfqM0eWlfeSmsS7AI_RPqJ7FWgcThZ6y1rbK4FSpfODTOYyxyAGhBb5IH1S07oWxkSOkBVMg

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 86D0 37 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 54EA 37 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame C6CD 37 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 1BC9 37 KB
13 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 27EE 37 KB
13 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame AFB6 0
127 B 35ms
34ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=hMPp_IrzBHNPc2VYJuz6oQ_L0EAdyvZ5PDhnkj-xLDfCwnGgOT9_AgHrxLVgwrTQenWkxgmMVgkILQodRzGNabqviHr3J1hmhjx2JVm3CaIDjPuIJguZy5v7sop7fau5FfB0lGmAZ_10BdZIu97yv__TK8m_TH01adf_hcgrpffOXOqjxPdsIq36IceBm9ZSbzCG8w5a6MSMfhBMJU16HJtexAt4Z5sBJA0zod4LOHxWdWI7OLhCw9DOB56CbOgpkxsBG0zfnH6ploeR&sds=2&rev=81468.6&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 17 May 2022 18:24:24 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame AFB6 2 KB
1 KB 34ms
33ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 May 2023 18:24:24 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame AFB6 2 KB
1 KB 35ms
34ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 May 2023 18:24:24 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame BA1B 35 B
462 B 72ms
43ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEGcMzLcHfHXuE6OZ5H4mkyw&google_cver=1&google_push=AYg5qPJOBvvNle--wYA7qOTcYx1Qb2rkGIuyVJvJeCymMQcckzywntCWI-53gCo2w4I0sLqa3idEOoBuxtv4OCdLre17JffRJlhmsg

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:25 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BA1B
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPJaAJOQBezkxviXY3TWb7MfzTacm4WbArpnyLI5GKwrv-qr8DsVvkeOeG9cO5Kx5Ta7t3l9OxVZW4dwq-0y16C5XnAigQPxUw&google_gid=CAESEPIE58QlIzOGXOpIj8aZffE&g...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCNnQj5QGEgUI6AcQAEIASnJnb29nbGVfcHVzaD1BWWc1cVBKYUFKT1FCZXpreHZpWFkzVFdiN01melRhY200V2JBcnBueUxJNUdLd3J2LXFyOERzVnZrZU9lRzljTzVLeDVUYTd0M2w5T3hWWlc0ZHdxLT...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwVXc4SHFwLXpwYjFwdVoxUDhEZjRPOGZhOXRra1RmWmtfLWU3aHVVSVhrOA==&google_push

170 B
188 B

49ms
49ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwVXc4SHFwLXpwYjFwdVoxUDhEZjRPOGZhOXRra1RmWmtfLWU3aHVVSVhrOA==&google_push

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 17 May 2022 18:24:25 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwVXc4SHFwLXpwYjFwdVoxUDhEZjRPOGZhOXRra1RmWmtfLWU3aHVVSVhrOA==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 dds
rtb.openx.net/sync/ Frame BA1B 43 B
135 B 37ms
32ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEC2ePnyigYyNUB_hePQzgXU&google_cver=1&google_push=AYg5qPIhve_9tBGEEn-5l-ih14FrCRQ1Yx1AOnMrIAGZgDBonvxmCmbRfglZ-X42WoC7FH1AkYOZcDg707tgs5_U_eYPDKuu3hCrow
Requested by: Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:24 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 4dt73rsu171f6p7lun55qflgoi55qjah

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BA1B
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=HionzC4LQTO88TV-ma19Bg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

57ms
57ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=HionzC4LQTO88TV-ma19Bg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKFdwI0sOFIvXDq_2TVQw8nLGLNrCjDEnTtlFNH-usTzfTLu-hiaH2BinWSQg36zImvUjEJSfa9gRDiJnN4dlTcAwxWP8Clqw

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=HionzC4LQTO88TV-ma19Bg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKFdwI0sOFIvXDq_2TVQw8nLGLNrCjDEnTtlFNH-usTzfTLu-hiaH2BinWSQg36zImvUjEJSfa9gRDiJnN4dlTcAwxWP8Clqw
date: Tue, 17 May 2022 18:24:25 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BA1B
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEL8szwh_j1FJARskPL-P6vI&google_cver=1&google_push=AYg5qPIiA7YCNKg5_c5zYS3dLZJOJFtJ8wHka27p4JI7Sq8jrMCKYOLPbKOWVl4GtOCRhYedvO4...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDNBSElENlUtWC03WTc0&google_push=AYg5qPIiA7YCNKg5_c5zYS3dLZJOJFtJ8wHka27p4JI7Sq8jrMCKYOLPbKOWVl4GtOCRhYedvO4i4N-RGHuY8W24SbHe2I_Oy-QxrQ

170 B
188 B

49ms
49ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDNBSElENlUtWC03WTc0&google_push=AYg5qPIiA7YCNKg5_c5zYS3dLZJOJFtJ8wHka27p4JI7Sq8jrMCKYOLPbKOWVl4GtOCRhYedvO4i4N-RGHuY8W24SbHe2I_Oy-QxrQ

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDNBSElENlUtWC03WTc0&google_push=AYg5qPIiA7YCNKg5_c5zYS3dLZJOJFtJ8wHka27p4JI7Sq8jrMCKYOLPbKOWVl4GtOCRhYedvO4i4N-RGHuY8W24SbHe2I_Oy-QxrQ
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BA1B
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEAvRTqjG0Eez3MutPU1gapI&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEAvRTqjG0Eez3MutPU1gapI&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YoPoWSWwY4nINB7r-pyDOwAAAU4AAAIB&google_push=AYg5qPKyZg6hTi3eBMlig5EP1Ui6R66KWlAGEeIJu51hgfCUriXwgAK9I3zhE54wX68Ud9foP7UpITms8-trPaL_hj...

170 B
188 B

48ms
48ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YoPoWSWwY4nINB7r-pyDOwAAAU4AAAIB&google_push=AYg5qPKyZg6hTi3eBMlig5EP1Ui6R66KWlAGEeIJu51hgfCUriXwgAK9I3zhE54wX68Ud9foP7UpITms8-trPaL_hjePR_fsA0_4Lw&google_cver=1&google_gid=CAESEAvRTqjG0Eez3MutPU1gapI

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 17 May 2022 18:24:25 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YoPoWSWwY4nINB7r-pyDOwAAAU4AAAIB&google_push=AYg5qPKyZg6hTi3eBMlig5EP1Ui6R66KWlAGEeIJu51hgfCUriXwgAK9I3zhE54wX68Ud9foP7UpITms8-trPaL_hjePR_fsA0_4Lw&google_cver=1&google_gid=CAESEAvRTqjG0Eez3MutPU1gapI
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 462
Expires: Tue, 17 May 2022 18:24:25 GMT

GET googleredir
googlecm.hit.gemius.pl/ Frame BA1B 0
0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame BA1B 0
40 B 96ms
58ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LhYfdkCcLwH1p6ivCN8FdRf9vDh1b20lftzrVeu5n4DPNEF90lurMLd7gSfPLN48UUirY4LA

Requested by

Host: cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
URL: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame AE9F 107 B
122 B 47ms
47ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 May 2022 18:24:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 443D 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6fe188a4c3903cc6d44a93725ecd1f642d405975f72b37762267dcdf57024b87

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 727F 2 KB
1 KB 33ms
33ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YoPoWAACD1EK4EsBAAqIK9WSE9tQoQaQJLi2Qw&u=%7CH%2Fudr%2FBqJny9uHVNN9iAencr4h6dRyV0Wd4sqKpvSyY%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNsuno7AgpGzlOrtZY6p-JqzBn5aYBwP9WJFnYIjd6QuwnXZqEaa1gUNh9XpcFaLgYAMdHUQKUvDTjI51INLdRCtFN-3CSgzfR7p-o4F1qZDpl6ydNq-Z1lPG9TQELik0f-QF3H_oFq0TWrhFNtVK2JyGEHX5oqgOEgnIK2QpFr4q_37Z7SRiQtHE6Q7e8YowcJOby0QAD-coIfsfAaSfKEskcUGvYUIqo53wkENy28xIfDoMi_WxG1Hjh7q7WvaEOqj4tVo9UFhssy_k9vM0BYxfhBO_Fti_U9OQsaXYncaTfZfcdkyKyBy2heYx9Dl7uR5_OwCRhSykPLk00C-XmC671pX6hMCyDzStAxOS-D-LlooJk2AFOIgA15UAyIGO6Y53XYVvmJsg7LrxK6NhrzEKl5X1bNn23CjXRav15jeKpCCsSEf6GUtu8rIrlSecP8OA37RUCOn4&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC3GtTWOiDYtGeCIGWgQerkKqYBMme0rFc1Z2R93DAjbcBEAEgAGCVAoIBF2NhLXB1Yi04NTg0Mzg0NTE2NTUwMTAwoAHVttLqA8gBCakCa1rdVkKusT7gAgCoAwGqBIECT9BHYI0zRmywRY0VCbKmKdHkYd4eLVT7fqWuUaaPUQ07me5lKFAcg-f64HhnS_AKNeW7wsJ6I8ImNYEKg70nqaj1ItTT9s4ctACcgvpHFcindiDI-jUid7krKsFJkvr6q4e4Bc1MJGfjq4y3URAcX3ZFmohxGvNSbGMNpl9pma4PuZj6EH3MU3CJavbF46rVCc_sLcS_Hk-Sw2pJskrvhnkv4i_jC7fZ83tFk_byzjjwujj7ePtH314uhoPQNf-T_Zc57UPU5hgVHCt4tbC85hQuJFU7D_124l0p2cDEhsHblb_74C0ULX1Dwh3fYLkTPBJWW6s17xrqjebDPWjbB-bgBAGABrn6je7ojPjawwGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0qNP5fC17CNumbtrrK4y-rNiQxaQ%26client%3Dca-pub-8584384516550100%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 May 2023 18:24:25 GMT

GET
H2 200 adchoices_en.svg
static.criteo.net/flash/icon/ Frame 727F 2 KB
1 KB 34ms
33ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_en.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-759"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 May 2023 18:24:25 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 727F 308 B
636 B 34ms
33ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Fri, 12 May 2023 18:24:25 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame 727F 507 B
835 B 39ms
38ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Fri, 12 May 2023 18:24:25 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame 727F 43 B
347 B 38ms
38ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=EJmWuFX2PTtDhyMyyQk995Tk98GVMekeByIiFZB3jjwKg9qOV7PdcHraL3OjCev1rTAKkv58IVp9LTlRCigtc7kQ2zYzLvVUkg8p6t9X6EFK9y2sq6uXQnqe8FIKrjK2faFDPCBiR2oHLpr2DvK1nNWWehuH2BRNVWKI_kValLV1TYymU8j1fmCJy9oYMjO3UCawDiZ-gWibjFmfBNpex1BZA-rdbGmV6AQmGBy_tC53NNW790fyW3u7JNkp4bg0RWsFHOmXlRUn0L99_O4QgXMfPd1XE3ut82BMftIXb-js1PD3a95NeRhEHIjRGSuEl2XJO6CyMwAU62vERXOy7zfzVQE4dirbbSObk6DaRO17xtWRkwKWy1k36WpSIWB1_255sOk8lOzguTiGfO1F35r1EEPhqpwDOPHOenRDmDEdrmOCSRqHT5683rsFLXvSv8iMUw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:24 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2737737
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 4009 2 KB
1 KB 36ms
36ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YoPoWAACDqwK4EsBAAqIK2imhG1ScHJJESnbAg&u=%7CH%2Fudr%2FBqJnzddeTZFFVnNd0Z8kav6%2Bc%2BrsO7x737BVo%3D%7C&c1=0n2XosTo5clc2Y5hvSIf5mYMGd9qs4qlgkCe6-ijoCRMK1mCmTgIbqIDMD2xRulRs1WR3SMSMjCjPcKo2Ky-sWAAgnR155fpZaW0UpgRNfFYv-A6W_zmlvG9wHJt5FPMfNfl6IvItqReK_SJG43nL4Pf_7NaQHUb8Hmx3iNkELobq8lKiqBFxHcDw1TpfpbYDEiEr4ZZ3Gs0sHqEhnS8rqBUjnTT0VSVXvLk4sIPwUc7bcn8nL32TSyoLv2XxTl-eXxGV_0fEQ6jZdAxOkyddtDCWb3XJ3R9g9glp4Q8VE5whz15ZhCrmuOTsssJmQpyWSB7xtvwR02dsXoreoS7QU0MOW_bZdBxPWXHbmy59a2884fZPbNqFlOUnl92bbNet0NympFPBiKjT2wb9O7F2woV-o3TZq2dIDATYlvuW7xjquW0A_JWSNVwrVR98PK0_K2ptQiDl7w8VTvhKSo4lkmgcBdsR_fjO1MOVpbk7XteofTGapnUEg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-aOSWOiDYqydCIGWgQerkKqYBMme0rFctZjj1pMBwI23ARABIABglQKCARdjYS1wdWItNzEzMDUyMjU1ODI1MTIwMaAB1bbS6gPIAQmpAmta3VZCrrE-4AIAqAMBqgSIAk_QdQW_hh2nSVIlbF3zxG1r1NdccTlgQEurVIAjbnCEKr-CCVwjOhlPk_JkHzmzp7DkdlIYuvI8mfIVh6kI2zg3DX6tY1r5L6SypSdTpENVtR1_D1fek4fn4IsVZtKK4eqvMq5tjphaZAhGVgrMCd8qaPq8j3iGNpKrhUgIl7Shs-uQuXpO404nedqZq-9cPfoW825XXMuesR0hu46kbacYL2FvV6NvkqYQQt6t48Y1_slIxd2oiMzWXkWlfxdw3Tr_4DrNLKuv7P73ZweIETLbQUX9OSEeWpVooMDiQDgUaZ4i9QT-Y9Up1EHZ7jNS0pL0RViQOt19NCriYxdrYla1MpM-_R3NYuAEAYAGi76M3cCuk9raAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3hZdhjfx4QCdDLzpWSaJMOgCjqYA%26client%3Dca-pub-7130522558251201%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 May 2023 18:24:25 GMT

GET
H2 200 adchoices_en.svg
static.criteo.net/flash/icon/ Frame 4009 2 KB
1 KB 37ms
36ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_en.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-759"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 May 2023 18:24:25 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 4009 308 B
636 B 34ms
33ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Fri, 12 May 2023 18:24:25 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame 4009 507 B
835 B 36ms
35ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Fri, 12 May 2023 18:24:25 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame 4009 43 B
347 B 39ms
38ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=NGpsRU9pY7iQzQqpcpEhNm9yhpgaMQKuZ1i3Q-47jAab-F0KLRNuk7b59jQMrgNqXeoL5ma1ZpyeEKtc1zRi7nWe1-KYFhcWpqpqahpZFYzjiMOajC-VOVHjPu0WcfpNS-5kiPm7mXYWGe5vQxZylDulbVl6xWYuWi266ByGPw3CCKp1N-goiswjEkdZ0ib8je6yNF7wPnFs-HM0lORfFCd9DPytgCpjcKHBB_0qT5Ws303FtWWDajHSNZOm0OY93K_YFLqOq-92M1YRfRCPJOBh9O3mWxA-XVN7h846UeYdNre8JjiAJyE934YAz7S9U_g20Qn5kJ6xwnEJgoK0vBsaOLlaQ8_m-V2UrVuuHqxm8J2sggpELNYtBQ95yJDjC-mvVboy-uTix6Qau1d-QvQXhg7u-X-qT7t-NBRw1zxDx4J9fZOXy4CbReGhSORtcg-Kfw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:24 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3421467
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame B678 0
9 B 39ms
39ms Image
text/plain 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?hU517A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
DATA 200
OK truncated
/ Frame E8C2 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b3954db5bae81e4190c9ee8bac12ef6e126bc072f1b5d64337a974659f00c5fe

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 714D 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9035c124a94dcc39096e0dfcaad6d78e94615a125aa1b727d010a97212d4dc5c

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

POST
H/1.1 204
No Content multitracking Show response
ghb.adtelligent.com/adunit/ 0
228 B 194ms
194ms XHR
text/plain 23.227.146.234
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/adunit/multitracking
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/459114/hbw_master_313926_10240.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.227.146.234 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://leviatanscans.com
Date: Tue, 17 May 2022 18:24:24 GMT
Access-Control-Allow-Credentials: true
Server: Adtelligent
Connection: Keep-Alive
X-Robots-Tag: noindex

GET
H3

200

logo-banners.svg
www.papayads.net/images/LOGO/
Redirect Chain

https://papayads.net/images/LOGO/logo-banners.svg
https://www.papayads.net/images/LOGO/logo-banners.svg

90 KB
18 KB

37ms
36ms

Image
image/svg+xml

2606:4700:20::ac43:4411
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.papayads.net/images/LOGO/logo-banners.svg

Requested by

Host: www.papayads.net
URL: https://www.papayads.net/clnt/leviatanscans/v2/adtags.css

Protocol

Server

2606:4700:20::ac43:4411 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

94c3b7aef4f2ff7f46aa44ee6959cd1420a433a41e70bd8d901322c895752468

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.papayads.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6916
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 17 Jan 2022 22:52:28 GMT
server: cloudflare
etag: W/"61e5f32c-16733"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uwdAhZunjn7n4OomwPplKn%2BNOQNXs9GUAFcLMdtvhS2dC8fHz%2BwYMmireMeeDFnD4AO49F0SrCPWceHjnPb85cccOPqB2PR8H8hM65CtWRxaGvyh8b52iJOon4EzxQp17f0%2FSxSTtdLb67OmWBA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 70ce63cefbb771db-LHR

Redirect headers

date: Tue, 17 May 2022 18:24:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 600
x-powered-by: PleskLin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CZ5ZdfdI5A0oxuv5XrCY0GR0zrFKW06%2BKpA60Dw94MLAVhdc6XE%2F3GmLBZ2IKS%2FXFQ6%2BOeXkMtRnVM1PifGS4QmKQmqKxPC6T8JSkfcWCFl8s4gbpmsJBt6Y6W0GvxDFkzUIBi3B%2BAlOMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
location: https://www.papayads.net/images/LOGO/logo-banners.svg
cache-control: max-age=14400
strict-transport-security: max-age=15768000; includeSubDomains
cf-ray: 70ce63cdea0071db-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 4009 12 KB
5 KB 69ms
38ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1015404
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5OYTz5zZuWsugRNIKysLSGY1lmGVIzQiI7kd9ZZWbQZLoBW38NIA7vOcGRWElIdyO5TDAfGa8%2FL%2FQ%2Fs3%2FA4IMEWHFQNBdXE96dSwDlBhZjc1c9XQXGhGWbLZSDD752PU9vd4nNyvHRCr2bUFVb4EWv2z"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 70ce63ce29f3742f-LHR
expires: Sun, 07 May 2023 18:24:25 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 4009 12 KB
6 KB 34ms
34ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 May 2023 18:24:25 GMT

GET
H2 200 b113c14be1be4dbda4ef71cee8de4dfc_casanspro_regular.woff
static.criteo.net/design/dt/ Frame 4009 56 KB
56 KB 132ms
65ms Font
application/octet-stream 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/b113c14be1be4dbda4ef71cee8de4dfc_casanspro_regular.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

ba98e735ce0f8021ed850e1cfd1e5f20049e17ac90b3bea352b04324d045c233

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
content-encoding: gzip
last-modified: Thu, 24 May 2018 07:59:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5b0670fe-dec4"
strict-transport-security: max-age=31536000; preload;
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 May 2023 18:24:25 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 4009 9 KB
10 KB 35ms
34ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=116&m=0&partner=942&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F942%2F210816%2F232132f7860e42a1936cac015f404380_ca_logo-01.png&v=3&w=1156&s=xoI0ww7gy9Jt-FQfGGS6EROY

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

0f5ec163b733fcc46389ed29b73fe528caae588c83c7d1716720dacbe9ab27b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=28819192
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 9627
expires: Sun, 16 Apr 2023 07:44:18 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 4009 13 KB
13 KB 42ms
41ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=942&q=80&r=0&u=https%3A%2F%2Fwww.c-and-a.com%2Fproductimages%2Fc_scale%2Cc_scale%2Cif_ih_gt_iw%2Cw_400%2Cq_95%2Ce_sharpen%3A70%2Fif_iw_gt_ih%2Ch_400%2Cq_95%2Ce_sharpen%3A70%2Fv1638174444%2F2159963-1-01.jpg&v=3&w=400&s=Um7AwE6ILz1R81D6YydhlKUy&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

06a366a1149a8beed91b902f50763b6b195e220d2887e81e07cfdfb42a376309

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30226247
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 13156
expires: Tue, 02 May 2023 14:35:12 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 4009 4 KB
5 KB 42ms
41ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=942&q=80&r=0&u=https%3A%2F%2Fwww.c-and-a.com%2Fproductimages%2Fc_scale%2Cc_scale%2Cif_ih_gt_iw%2Cw_400%2Cq_95%2Ce_sharpen%3A70%2Fif_iw_gt_ih%2Ch_400%2Cq_95%2Ce_sharpen%3A70%2Fv1643026110%2F2135563-1-01.jpg&v=3&w=400&s=K1VhQ2a8oSrTLzd8wwjvwMAV&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

adc57765182c59aa6a46c69637e667f13a5a4ad348173f1dda1f37d2a16899cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29359656
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 4402
expires: Sat, 22 Apr 2023 13:52:01 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 4009 7 KB
7 KB 45ms
44ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=942&q=80&r=0&u=https%3A%2F%2Fwww.c-and-a.com%2Fproductimages%2Fc_scale%2Cc_scale%2Cif_ih_gt_iw%2Cw_400%2Cq_95%2Ce_sharpen%3A70%2Fif_iw_gt_ih%2Ch_400%2Cq_95%2Ce_sharpen%3A70%2Fv1624950982%2F2156038-5-01.jpg&v=3&w=400&s=CGycHjYroG5gsCJCjLBe6nvd&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

503a045218d3b107ab8e26718b14257ed4093fb86bee7e9fc715eb22b00a2593

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30040267
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 6892
expires: Sun, 30 Apr 2023 10:55:32 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 4009 8 KB
8 KB 42ms
41ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=942&q=80&r=0&u=https%3A%2F%2Fwww.c-and-a.com%2Fproductimages%2Fc_scale%2Cc_scale%2Cif_ih_gt_iw%2Cw_400%2Cq_95%2Ce_sharpen%3A70%2Fif_iw_gt_ih%2Ch_400%2Cq_95%2Ce_sharpen%3A70%2Fv1641902469%2F2163703-3-08.jpg&v=3&w=400&s=TPmacznTN8kea7Cr7M3r4OIj&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

bd6dda3af54f48092c5fd6d813a20db9139a6ef3c17bb37cbbb98c488426913c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30040471
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 7966
expires: Sun, 30 Apr 2023 10:58:57 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 4009 4 KB
4 KB 98ms
97ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=942&q=80&r=0&u=https%3A%2F%2Fwww.c-and-a.com%2Fproductimages%2Fc_scale%2Cc_scale%2Cif_ih_gt_iw%2Cw_400%2Cq_95%2Ce_sharpen%3A70%2Fif_iw_gt_ih%2Ch_400%2Cq_95%2Ce_sharpen%3A70%2Fv1632317197%2F2145541-1-01.jpg&v=3&w=400&s=oY6REc1OmGWnyz1sk50xuJnD&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e78f35df00efa381a2d6861c8d2497a13df9cde7cec6769588a11d81fbec8dfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30390133
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 4084
expires: Thu, 04 May 2023 12:06:38 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 4009 14 KB
14 KB 48ms
47ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=942&q=80&r=0&u=https%3A%2F%2Fwww.c-and-a.com%2Fproductimages%2Fc_scale%2Cc_scale%2Cif_ih_gt_iw%2Cw_400%2Cq_95%2Ce_sharpen%3A70%2Fif_iw_gt_ih%2Ch_400%2Cq_95%2Ce_sharpen%3A70%2Fv1643036755%2F2154181-1-08.jpg&v=3&w=400&s=sdPXUdspjsSLNO8Yaire-l0o&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

c41c6fdb2b2d755e2841a668b97bc32b789f075888a32ec6bba3b6cd2d64394d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30049492
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 14420
expires: Sun, 30 Apr 2023 13:29:17 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 4009 0
127 B 34ms
34ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=f2UauIrzBHNPc2VYd8IrbKdDgbEAMxj4Y_saXOhsxl0PdKr9UZEmWX_4GCL1Zoq57UGGSrEZOb4vePMBvERax0jQLnWuha3lpL6PCzeRR0aHkOmoX73fl6ocon-DklVTH4knl23l4V23yC4-Yvcy9JVA6V8S_uuG4L-oz7b-m2hqcq_t-bzxfgz5IdHhdlTOT4-Fnn68ifgbmb3e2uYHQQUIn0be9b4_qUL2N-5SxZ94xPjjuYkJX9bGiX85PbA7chRw1A&sds=2&rev=81468.6&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 17 May 2022 18:24:25 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 4009 2 KB
1 KB 36ms
36ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 May 2023 18:24:25 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 4009 2 KB
1 KB 33ms
33ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 May 2023 18:24:25 GMT

GET
H3 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 727F 12 KB
5 KB 34ms
33ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1015404
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ut3gy1v%2BNdSOU2Vd6hMtMaadXkZ8JfQz8nZHws9ZVdx%2Flp9%2FI4xtgxJjXt1beTCUbNFcGXrYXbC03D1xoz2vXAs2%2FUfIkGbGZR4RSZYIJowqAoDIuA7AjoFdSh%2FTogGDDUQk4A5fh0btCHeDQNRkRS5g"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 70ce63ce9a8f742f-LHR
expires: Sun, 07 May 2023 18:24:25 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 727F 12 KB
6 KB 36ms
35ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 May 2023 18:24:25 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 727F 6 KB
7 KB 54ms
53ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=176&m=0&partner=35641&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F35643%2F200515%2F787697b7fe984fe49ac189fc092e0972_my-protein-logo-2000x2000-white.png&v=3&w=256&s=WbWVQgDWLQrNPEsdT6lMzAnL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

bf5fe6c5afd02930d64c1ee2bfb855cd4d52072f72511b941f366af1e9318c40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=28885831
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 6465
expires: Mon, 17 Apr 2023 02:14:56 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 727F 26 KB
26 KB 35ms
34ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=1200&m=0&partner=35641&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F35641%2F211229%2Fc090e6ee9cd0448997139c3d7d99a32d_img_horizontal_1.png&v=3&w=1200&s=j03aiPlbzd5huTF9xusbhz0-

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

f359ce241c87d02ff076f9162c0b4b3467c56255517018a2930941de7ad09e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30104992
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 26788
expires: Mon, 01 May 2023 04:54:17 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 727F 28 KB
28 KB 45ms
44ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F10529513-9104913772545574.png&v=3&w=400&s=rxy0lshPmYwmWj5GwZSMQQkR&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

b04fcca2f773793b6f7daf1dd57463e353a3012cc55662a5024d4a21c459dccd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=28399713
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 28420
expires: Tue, 11 Apr 2023 11:12:58 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 727F 14 KB
14 KB 40ms
40ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F12513712-1444865536884498.jpg&v=3&w=400&s=FymcfniUDDIEqrFOTu0UZ4vo&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

6652f91debdc5c13949459d4cf26f1f7451b073c923d0e4665091d0935e78039

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30195484
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 13972
expires: Tue, 02 May 2023 06:02:29 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 727F 6 KB
6 KB 50ms
50ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F10529740-6484889442818601.jpg&v=3&w=400&s=mPBCarx96GcwONQs0lhW0f24&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

1e9128de5f89cf19cdc26f5ce0a75065e481dce50e0f264162aa67568c17e4d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=24521298
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 5842
expires: Sat, 25 Feb 2023 13:52:44 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 727F 5 KB
5 KB 63ms
59ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2Fproductimg%2F960%2F960%2F11271258-9694670427986283.jpg&v=3&w=400&s=8BUm9rjMU1sdtU2Tw64j08MX&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e41fe25c4cad8930ddf6f8c798e72d77b350b2ace6fdf9cf7d203c5f037339de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=16502539
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 5176
expires: Thu, 24 Nov 2022 18:26:44 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 727F 5 KB
5 KB 67ms
64ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F11653759-1784861951256310.jpg&v=3&w=400&s=3Al0C7NxcI8A4s0sXNn1XLrH&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

5955c7aa7ad3e75362055d74597c84a28066b0f653315a72b94a43262847c352

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=17420216
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 5202
expires: Mon, 05 Dec 2022 09:21:21 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 727F 7 KB
7 KB 63ms
60ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F10575261-1384904413566195.jpg&v=3&w=400&s=zSAPaVmSD77nXDaEbSPRv4vY&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

53b12b25f0f6b13a43b08fbd96d2c9bfc0c668b775dbc30c84911f5a64a43764

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29943454
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 6762
expires: Sat, 29 Apr 2023 08:02:00 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 727F 42 KB
42 KB 74ms
71ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F12360403-2104793048574246.png&v=3&w=400&s=9_Ct2FfieBa9zXKatwqg6PrA&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

df04d59c89f40be58c072e4113b5ef075673c947a655fea11400b3cc25b44d47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=12668964
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 42502
expires: Tue, 11 Oct 2022 09:33:50 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 727F 20 KB
20 KB 67ms
64ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F11147246-1304918438843248.jpg&v=3&w=400&s=x1QsZ66fYQN0n_kzWyms2kXy&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

f6b74f889513d7a2de71597dd2b3094f883d00bac1289d776cc30d4672be2daf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=28982994
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 20232
expires: Tue, 18 Apr 2023 05:14:19 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 727F 8 KB
8 KB 97ms
94ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F12513712-2034820511854433.jpg&v=3&w=400&s=CXStOUc84nLTWPTo4fnRo9p-&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

cba43d4d86811c781e4820c2151876a73aba2899d0e4fe1c58bb90980bb06286

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30192731
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 7774
expires: Tue, 02 May 2023 05:16:36 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 727F 20 KB
20 KB 71ms
68ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F13308983-1774937165082345.jpg&v=3&w=400&s=DbHwQBrkb6rRh36eiiJ0PlbX&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

8bed61e1221b8cff4aed0750210db216f6d2de5fb31628088374975882257a0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=24472791
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 20056
expires: Sat, 25 Feb 2023 00:24:16 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 727F 16 KB
17 KB 84ms
82ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F11214983-1834824868870437.jpg&v=3&w=400&s=-1RtxYllxa0aPB85mD25A7Cf&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e86716d805a037b21b66684f25ce5f4b92fb5d9768323537dc4d67e0195e8a6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29789383
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 16762
expires: Thu, 27 Apr 2023 13:14:09 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 727F 5 KB
6 KB 70ms
68ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F11776868-2774835585006253.jpg&v=3&w=400&s=ZnAKhBFPfBfCr56znpGYUdym&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

36e78f0c23f2ae3fae3b749a11f235b416de71bfd74d6805db09a400289d9c5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=16241594
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 5450
expires: Mon, 21 Nov 2022 17:57:39 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 727F 7 KB
8 KB 107ms
104ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F10636962-1944860398631123.jpg&v=3&w=400&s=CQbBTH5ypL6DQLLewKxv_3_t&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

553e30cc53e93e69f087bc068599eba35328299c4af3a7685ff39577c4a35316

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=25699596
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 7440
expires: Sat, 11 Mar 2023 05:11:01 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 727F 5 KB
5 KB 97ms
94ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F12081400-3324792209622461.jpg&v=3&w=400&s=XD3vS4sWzM5zFRBQMu2fKf6n&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

033a474f3f3d411b511e2f7e6256485b7528acba1605f66bc68fa59a47a61616

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30205141
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 5238
expires: Tue, 02 May 2023 08:43:26 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 727F 5 KB
5 KB 99ms
97ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F13149460-1334918749936450.jpg&v=3&w=400&s=wxXpUkh_lzGqUjNom_YFXIES&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

63fa618acbd7a6c82c7cb2d6c68db77c612bc69cd92765588e082e819077cd40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=23065532
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 5002
expires: Wed, 08 Feb 2023 17:29:57 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 727F 17 KB
17 KB 101ms
99ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F12116520-1074724043094773.jpg&v=3&w=400&s=8003EREfCULUuuxOBLD_gJVn&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

b695656c762becaf0e873d50639b876ce6cc774aac637e6d4aaa18093266a4f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30209101
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 17630
expires: Tue, 02 May 2023 09:49:26 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 727F 8 KB
8 KB 99ms
97ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F11311254-2954907331505362.jpg&v=3&w=400&s=VyEfHxEgG_fHIWhaRszypB-1&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

c5b2a7936797bafdc55711aa8a1a31d9114c69689fbdfff18c9472ee93429e3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=14536515
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 7726
expires: Wed, 02 Nov 2022 00:19:41 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 727F 7 KB
7 KB 97ms
95ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F10615610-1844860398544480.jpg&v=3&w=400&s=Qc9VtesN7Vp_-HVHyqojkTzT&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

2339063f773f71e29b5e547d05eb56ccf913addac2fa2f77d9723522e4692b91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=14235516
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 6844
expires: Sat, 29 Oct 2022 12:43:01 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 727F 5 KB
5 KB 99ms
97ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2Fproductimg%2F960%2F960%2F10530050-9574620647469231.jpg&v=3&w=400&s=x7rB_BiZ3Ntr85TDQHY32CHP&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

9d47816d0f275c8c2e3ab4fc230ce61d1372fc6b2202e7299c1bcc04f47b9b8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=25293320
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 5200
expires: Mon, 06 Mar 2023 12:19:45 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 727F 5 KB
5 KB 105ms
103ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F10530657-1444924184327073.jpg&v=3&w=400&s=MEStyYpMxF7e7-aWEcpkS_qs&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

74de4d96a9227b0959f62e505d2594fc5bc2c641c0b61588f017019c7248ea3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=20248711
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 5026
expires: Sat, 07 Jan 2023 03:02:56 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 727F 8 KB
8 KB 106ms
104ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F10529329-5784860398509689.jpg&v=3&w=400&s=7qED9ADqJ1d1H4c1Z47LQyiX&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

48328e939097ecbf9eed702abb97c7e8f71db03a6e64e16beb5a7a9bf24bb0e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:24 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30029657
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 8110
expires: Sun, 30 Apr 2023 07:58:43 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 727F 0
127 B 35ms
34ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=_zzvzorzBHNPc2VYECZjiCWYEhkSHoPWDWcsY8XwVIlhpeNuL6VbL_gSqJAtBi971ZpfyDWORaDTVI7XwwLab5gmHFbqdaPWfA8x1GkaJmK-Wzz3KeMBAUGC_875BSlJmKNSLVVTAYWOZVFHaLx1HZRK0qQfNeU8f4iLr4Lz1w4skUpQAuXWKOcOlaKsvMNG_KoQzrBDW9pR3D9UMBDuTK4xaB9sevBquOdf8Qx3tKXX_ej3wd_C6t5myTuS1peGd2ULfg&sds=2&rev=81468.6&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 17 May 2022 18:24:24 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 727F 2 KB
1 KB 34ms
33ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 May 2023 18:24:25 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 727F 2 KB
1 KB 49ms
48ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 12 May 2023 18:24:25 GMT

GET
H2 200 publishertag.prebid.117.js Show response
static.criteo.net/js/ld/ 87 KB
28 KB 39ms
39ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.117.js

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
content-encoding: gzip
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
server: nginx
etag: W/"61cc54f6-15c19"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 18 May 2022 18:24:25 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 9A20 156 B
185 B 336ms
334ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21849154601%2C21797538459%2FAd.Plus-Video-3&description_url=leviatanscans.com&env=vp&correlator=745383330441441&tfcd=0&npa=0&gdfp_req=1&vpa=0&vpmute=1&output=xml_vast4&sz=400x300%7C640x480%7C1x1&unviewed_position_start=1&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=3497501453&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811865652&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=357689894567300&ged=ve4_td3_tt1_pd3_la3000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 727F 5 KB
689 B 49ms
48ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400%7CRoboto:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek,latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ffdf271feaccd2c05358962c7ba2b546c72331276dddb6bf6bae694fc0f7992b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 17 May 2022 17:09:22 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 17 May 2022 18:24:25 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 17 May 2022 18:24:25 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 2928 156 B
185 B 283ms
283ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F170737076%2FVideo%2Faniview.com%2Fleviatanscans.com&description_url=https%3A%2F%2Fleviatanscans.com&env=vp&correlator=845983583702666&tfcd=0&npa=0&gdfp_req=1&output=xml_vast4&sz=640x480&max_ad_duration=30000&unviewed_position_start=1&cust_params=posA%3D3&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=1341103776&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811865658&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=3047400910192886&ged=ve4_td3_tt1_pd3_la3000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 042B 156 B
185 B 332ms
331ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21939239661%2C22707355082%2Fapl%2Fandreamcmvideoactivity%2Fvast2&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3341961298057664&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=725699189&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811865668&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=3866927853606195&ged=ve4_td3_tt1_pd3_la3000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 7654 14 KB
6 KB 106ms
36ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=leviatanscans.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

9f75d4ba3fd309652e5518806c8527a4673b5852b88d66794f9e76e4577a8f1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-length: 6041
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 17 May 2022 18:24:25 GMT
server-processing-duration-in-ticks: 2208
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 87 KB
28 KB 51ms
51ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

0413c66952464f1ecd016f7bcaab521634a380fc3f9b1b907caa11cb70c2ebc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
content-encoding: gzip
last-modified: Tue, 03 May 2022 11:21:00 GMT
server: nginx
etag: W/"6271101c-15b58"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 18 May 2022 18:24:25 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 2DEA 156 B
185 B 341ms
341ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21939239661%2C22707355082%2Fapl%2Fandreamcmvideoactivity%2Fvast1&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=1256688473130590&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=3107428379&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811865688&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=1871825974863716&ged=ve4_td3_tt1_pd3_la3000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame FF96 156 B
516 B 240ms
240ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21939239661%2C22707355082%2Fapl%2Fandreamcmvideoactivity%2Fvast1.5&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3960129249397329&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=4087381445&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811865693&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=3664304871121572&ged=ve4_td3_tt1_pd3_la3000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 727F 15 KB
15 KB 40ms
40ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Titillium+Web:400%7CRoboto:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek,latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 16 May 2022 19:07:55 GMT
x-content-type-options: nosniff
age: 83790
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 16 May 2023 19:07:55 GMT

GET
H3 200 NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2
fonts.gstatic.com/s/titilliumweb/v15/ Frame 727F 12 KB
12 KB 40ms
39ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v15/NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

557f6d0883db85be712c3a77baa38875ddf99ecbdfd6fec98e5c0b1f7a0e1532

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 19:24:55 GMT
x-content-type-options: nosniff
age: 514770
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12372
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:19:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 May 2023 19:24:55 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 727F 15 KB
16 KB 51ms
50ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 16 May 2022 12:29:20 GMT
x-content-type-options: nosniff
age: 107705
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 16 May 2023 12:29:20 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 86ms
86ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220509&jk=3889823887939924&bg=!LyylLGjNAAZX5TVhd-U7ACkAdvg8WlB64lva8zM1ZizrfOzjjFA0bYL4zR99BejlkNYOfPkiXlsgNgIAAAFcUgAAAAhoAQeZAqV1eRZnROdYgj5Fj6p-qJ8pzUQs6y09Wu9jqRoXi0UmRrROdBbJFt5B14aQLGUNFgIf1ild5VeIMN6K0NB1lEOmRzYpOXREymMJJc4b1VS6HbZsF7rWk3iWTw3Zpuwss6Je-_fw4AYaNP6iicYViL_6ULHwKcu2GHHJ2uBa_cj9DYRawsExoXlM4OG4JU7BHdrzZ8g_CIIbfo_gZ_ZgOJoGgzXwGwmaM-sIRuIGrRfTDIourJbs5rjmLnpgKkpzLRM9JPqCMDo16o57nZp83wVI2egUQlcqTvXqoDtatg5nxYJfR9NNy5Bc-ad9ucDa4FzJLrHti0caepkxIK2-hjVkhWkWd7JYOv2aDu0WC1uaMVk_Z50V4-Iqx8wTB-hER40QMm8_7JBwXa7OAgl4KOfq7N4mG3QdUe4QZQF7DaYScuFoQIum9sf1byzPiXRPdtOFbqcIpCyLwWiJXSPDa13YPL_XHqeBtCb7hrf6AtTrEOIPAVXz43-f4OhHaRYJZk1jDRkWRNeG_LtzUGFn04bgbEGRje6AfJet6I_enWiFBdUAUgUpa-1lxPUGJi1ctHgdoE6wOHGItTA3GZOoIlKpze5Sw9_0uCwzzu9bzs-Avz4Xzvzza8oa5_C-ybF3E47yuUXRPZZ2n3awSoBYZ_pNxE6HN7HHKK5E9kzfp26sFvRrKE8OCktLbvkpWdV9BjtIgB6bhv-R3ybxThnwJqJZpwKz60jqiIJZSgvAE-P6R-xn4sudZ6IEiNZKBDz5K41SCROmk966__rHJvH6nr8I1j-CI0sN8dxvB92PdmMJERwT_cFDWKXQNJZptSDAraD83E8gM1sKo0IKgj3DXF5XmgE-KSt6_fVBSUdpno9dmsPqy4kOyX2ueGdtawVZT5BQL090Gg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H2

200

sid Show response
mug.criteo.com/ Frame 7654
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=leviatanscans.com&sn=ChromeSyncframe&so=0&topUrl=leviatanscans.com&cw=1&lsw=1&topicsavail=0
https://mug.criteo.com/sid?cpp=DQk0f3xWU2xEdGF4M2lvbi8zQXJNWGd1VWptT090bk5mMkNTdXBMUnRsL2l5YzVYMWgyUmJUVnRiQXZXRDg4cjRObUdidTUvcm16TVRrSitKUEFEWmZkZ0x3ZUk1RHBtR2hBVlRPZTl4cmsyNnZ2OTdXcXBQc0dIM3FHVF...

460 B
657 B

137ms
41ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=DQk0f3xWU2xEdGF4M2lvbi8zQXJNWGd1VWptT090bk5mMkNTdXBMUnRsL2l5YzVYMWgyUmJUVnRiQXZXRDg4cjRObUdidTUvcm16TVRrSitKUEFEWmZkZ0x3ZUk1RHBtR2hBVlRPZTl4cmsyNnZ2OTdXcXBQc0dIM3FHVFZMNFlEVk8vRStmMDhGc29DL01Vb3I5QitodmtKTFJ3Z2Q2VFYydTB4Y0RyUkJMYnY1M2hYQ2JFTmJld2Z2WDZzd1VvTzlNaUZQRnJ4NmVYRGpUcExnS0F1R0tlSll6LytkbDJxQnA5cXdobnZvbzljVXdLYW1pMDQwbnZzNFZIM0RBQzVObTB0Zmx2VGQzWGNXZlRjTU83VXJ2R0JaQT09fA&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

354c415490d5531e0531928f79cba1d842e27354154ac39ab55cd0303ccf10c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:25 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 5256
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:25 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=DQk0f3xWU2xEdGF4M2lvbi8zQXJNWGd1VWptT090bk5mMkNTdXBMUnRsL2l5YzVYMWgyUmJUVnRiQXZXRDg4cjRObUdidTUvcm16TVRrSitKUEFEWmZkZ0x3ZUk1RHBtR2hBVlRPZTl4cmsyNnZ2OTdXcXBQc0dIM3FHVFZMNFlEVk8vRStmMDhGc29DL01Vb3I5QitodmtKTFJ3Z2Q2VFYydTB4Y0RyUkJMYnY1M2hYQ2JFTmJld2Z2WDZzd1VvTzlNaUZQRnJ4NmVYRGpUcExnS0F1R0tlSll6LytkbDJxQnA5cXdobnZvbzljVXdLYW1pMDQwbnZzNFZIM0RBQzVObTB0Zmx2VGQzWGNXZlRjTU83VXJ2R0JaQT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1415
content-length: 541
expires: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 0A1F 634 KB
205 KB 39ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100570
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame CEFC 37 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame AE9F 107 B
122 B 47ms
47ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 May 2022 18:24:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

POST
H2 200 track Show response
track1.aniview.com/ 0
94 B 301ms
101ms XHR
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 17 May 2022 18:24:26 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame A14A 634 KB
205 KB 38ms
37ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100571
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame C48F 37 KB
13 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame AFB6 0
127 B 34ms
34ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 17 May 2022 18:24:25 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 443D 42 B
64 B 73ms
73ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvSdXNMER6TEv39yfizYBc_QX65wfzrouYI6CnCUmaJbwFIaAF_SOufgRXYByYsaG1LXA2irS9_lNX7FH52oYKK&sig=Cg0ArKJSzJaT4nGV_lhuEAE&cid=CAASF-Ro9FJ-hAN2V5T3rIBf6r2W8eHFjlG0&id=lidar2&mcvt=1031&p=592,442,842,742&mtos=1031,1031,1031,1031,1031&tos=1031,0,0,0,0&v=20220511&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=53301667&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1652811864763&rpt=248&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 714D 42 B
64 B 72ms
72ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstgsVMRi4hMIL2SLXTp4tsawJ3oGR5QSpNVv6Rl0FpobfUTh5VMCJhTXOf1i-AGxWfNMHn-16uSexQhXC7OEk3J&sig=Cg0ArKJSzEkvEN6hFs8fEAE&cid=CAASF-RovB9iigEevoHrj-cVYb_TYE_opmII&id=lidar2&mcvt=1032&p=1110,315,1200,1285&mtos=1032,1032,1032,1032,1032&tos=1032,0,0,0,0&v=20220511&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2691573345&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1652811864611&rpt=387&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 6CE1 634 KB
205 KB 39ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100571
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 906A 634 KB
205 KB 40ms
37ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100571
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame D502 37 KB
13 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame EE1B 37 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame AE9F 107 B
122 B 48ms
48ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 May 2022 18:24:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 0A1F 156 B
142 B 202ms
200ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7047%2C21797538459%2Fapl%2Fandreamcmvideoactivity%2Fvast2&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3934400843867054&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=967874920&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811866296&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=1750308832389461&ged=ve4_td3_tt1_pd3_la3000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame A14A 156 B
142 B 187ms
187ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7047%2C21797538459%2Fapl%2Fandreamcmvideoactivity%2Fvast1.5&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2276103016223004&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=2106832491&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811866399&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=3548645084636094&ged=ve4_td3_tt1_pd3_la3000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 6CE1 156 B
142 B 290ms
290ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21849154601%2C21797538459%2FAd.Plus-Video-1.5&description_url=leviatanscans.com&env=vp&correlator=702588625325112&tfcd=0&npa=0&gdfp_req=1&vpa=0&vpmute=1&output=xml_vast4&sz=400x300%7C640x480%7C1x1&unviewed_position_start=1&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=1017441567&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811866430&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=1553147729889808&ged=ve4_td3_tt1_pd3_la3000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 906A 156 B
142 B 169ms
168ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7047%2C21797538459%2Fapl%2Fandreamcmvideoactivity%2Fvast1&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=4150449780118239&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=2684965823&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811866434&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=1180455652836481&ged=ve4_td3_tt1_pd3_la3000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 727F 0
127 B 35ms
34ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 17 May 2022 18:24:25 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

POST
H2 200 track Show response
track1.aniview.com/ 0
93 B 101ms
101ms XHR
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 17 May 2022 18:24:26 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 adv Show response
grid.bidswitch.net/ 521 B
704 B 138ms
138ms Fetch
text/xml 18.198.218.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://grid.bidswitch.net/adv?auid=349576&u=https%3A%2F%2Fleviatanscans.com%2Fayg&r=1652811863&gdpr=1&gdpr_consent=&bf=0.9&cbb=2811866784
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.218.238 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-218-238.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: f7b2ed50f1f309918afed3374fbaa94d11d2bdc6e36727598ac6466d56ace54d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-origin: https://leviatanscans.com
date: Tue, 17 May 2022 18:24:26 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 521
content-type: text/xml; charset=UTF-8;

GET
H2 200 track
track1.aniview.com/ 0
70 B 101ms
100ms Image
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181&nid=61bb50b4ad11e83d79154566&ncid=623bc9622f94191f44179174&e=request&cb=1652811866785&asid=62457fc863ca6c69597261c5%2C62457fcf7f49601ccc6a7705%2C62457fcb7dfbbf02e518b9c4%2C623bbc253e12796d047e0d27%2C623ca8717a71506f771fd32e%2C623bbc276cdc074d293b9edf%2C623bb8fc0aa6d158fd63a998%2C623bbc29cdecc256fd1d3554&ofpr=%2C%2C%2C%2C%2C%2C%2C&fpo=%2C%2C%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:26 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 track
track1.aniview.com/ 0
70 B 102ms
101ms Image
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181&&copid=61bb50b4ad11e83d79154566&nid=59c9148628a0612da3689288&cocid=623bc9622f94191f44179174&ncid=6214bbfb8bd713665a5ac236&coasid=6214bc6bc50a3f486c1eac66&e=request&cb=1652811866785&asid=624d91d8613eb977d53858df%2C620fa299d744e674bc7ffc75&ofpr=%2C1&fpo=%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:26 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
229 B 162ms
162ms XHR
text/plain 145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://leviatanscans.com
date: Tue, 17 May 2022 18:24:26 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 62
vary: origin, Accept-Encoding

GET
H2 200 track
track1.aniview.com/ 0
70 B 103ms
103ms Image
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181&nid=61bb50b4ad11e83d79154566&ncid=623bc9622f94191f44179174&e=bid&cb=1652811866968&asid=62457fc863ca6c69597261c5%2C62457fcf7f49601ccc6a7705%2C62457fcb7dfbbf02e518b9c4%2C623bbc253e12796d047e0d27%2C623ca8717a71506f771fd32e%2C623bbc276cdc074d293b9edf%2C623bb8fc0aa6d158fd63a998%2C623bbc29cdecc256fd1d3554&ofpr=%2C%2C%2C%2C%2C%2C%2C&fpo=%2C%2C%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:27 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame D400 634 KB
205 KB 39ms
39ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100572
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 6656 634 KB
205 KB 39ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100572
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 7F0E 634 KB
205 KB 44ms
43ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100572
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame E83C 634 KB
205 KB 40ms
39ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100572
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame CFD3 634 KB
205 KB 38ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100572
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame B504 37 KB
13 KB 46ms
46ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame AE9F 107 B
122 B 49ms
49ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 May 2022 18:24:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 109ms
34ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fleviatanscans.com%2F&domain=leviatanscans.com&cw=1&pbt=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://leviatanscans.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://leviatanscans.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Tue, 17 May 2022 18:24:27 GMT
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 1589
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fleviatanscans.com%2F&domain=leviatanscans.com&cw=1&pbt=1&lsw=1
https://mug.criteo.com/sid?cpp=lr62QXxBZmgxMkxMek9QYkxFSVlhT0tKNUJ2dXpMQkZLRzF0aTRJdUdkYXRhT29EQTFsNU82aHFaa0F1QW9CNGtNZm1UY1pkeW1jMjcxdzFVQm56bmJ6YmNNa2gyc3BRY0huOTVzV0U2eDBXaFkvcUYycUZuUlNZMXZGK2...

441 B
684 B

37ms
37ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=lr62QXxBZmgxMkxMek9QYkxFSVlhT0tKNUJ2dXpMQkZLRzF0aTRJdUdkYXRhT29EQTFsNU82aHFaa0F1QW9CNGtNZm1UY1pkeW1jMjcxdzFVQm56bmJ6YmNNa2gyc3BRY0huOTVzV0U2eDBXaFkvcUYycUZuUlNZMXZGK2xQNEp1NCsyUVZ3WVl0NlRwWk82RXRqTkUzQ3NzSGRNaEFOY1ZadUVLU3RZZEdSb01sV3NwT3ExdXp5bDFiZU4wc0pPZzhncGRUSXhHUTBhU2JnS2c2VitpNUpZSnJHLzV2WjB3bnJIZVhpZGc4WUplOERxSnJFTjhYWVpPSWhTNjFKNVM4WC81bkdwY1d1TjNod0JicDk5TUErKzZ6UT09fA&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

a2fa2b713df791359589a9ab671a0ed13a83997e0759ebc5996adc0b18a722b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:26 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3766
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 17 May 2022 18:24:26 GMT
location: https://mug.criteo.com/sid?cpp=lr62QXxBZmgxMkxMek9QYkxFSVlhT0tKNUJ2dXpMQkZLRzF0aTRJdUdkYXRhT29EQTFsNU82aHFaa0F1QW9CNGtNZm1UY1pkeW1jMjcxdzFVQm56bmJ6YmNNa2gyc3BRY0huOTVzV0U2eDBXaFkvcUYycUZuUlNZMXZGK2xQNEp1NCsyUVZ3WVl0NlRwWk82RXRqTkUzQ3NzSGRNaEFOY1ZadUVLU3RZZEdSb01sV3NwT3ExdXp5bDFiZU4wc0pPZzhncGRUSXhHUTBhU2JnS2c2VitpNUpZSnJHLzV2WjB3bnJIZVhpZGc4WUplOERxSnJFTjhYWVpPSWhTNjFKNVM4WC81bkdwY1d1TjNod0JicDk5TUErKzZ6UT09fA&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://leviatanscans.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1655
content-length: 541
expires: 0

POST
H/1.1 200 692.json Show response
id5-sync.com/g/v2/ 213 B
624 B 127ms
42ms XHR
application/json 141.95.98.66
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/692.json

Requested by

Host: player.adtcdn.com
URL: https://player.adtcdn.com/prebidlink/459114/hb_313926_10240.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.66 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216537.ip-141-95-98.eu

Software

Resource Hash

3419b8ceb6afd9f8aa7ddc99052782ab8a6366a6060d7b8ca126857dbd66ad04

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://leviatanscans.com
date: Tue, 17 May 2022 18:24:27 GMT
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json;charset=UTF-8

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame FF8B 37 KB
13 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 7B7F 37 KB
13 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 52D7 37 KB
13 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 888F 37 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 104ms
35ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Tue, 17 May 2022 18:24:27 GMT
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 1239
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame D400 156 B
142 B 312ms
312ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21939239661%2C22707355082%2Fapl%2Fandreamcmvideoactivity%2Fvast2&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3766153641580309&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=2748347829&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811867525&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=81556570839058&ged=ve4_td5_tt3_pd5_la5000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts2_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:27 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 6656 156 B
142 B 207ms
206ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21939239661%2C22707355082%2Fapl%2Fandreamcmvideoactivity%2Fvast1.5&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=1213194766123869&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=3543588167&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811867535&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=2764395511945651&ged=ve4_td5_tt3_pd5_la5000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:27 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 7F0E 156 B
142 B 243ms
243ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21849154601%2C21797538459%2FAd.Plus-Video-3&description_url=leviatanscans.com&env=vp&correlator=1854737508353485&tfcd=0&npa=0&gdfp_req=1&vpa=0&vpmute=1&output=xml_vast4&sz=400x300%7C640x480%7C1x1&unviewed_position_start=1&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=1573361880&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811867540&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=388001481315433&ged=ve4_td5_tt3_pd5_la5000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:27 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame E83C 156 B
142 B 200ms
199ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21939239661%2C22707355082%2Fapl%2Fandreamcmvideoactivity%2Fvast1&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=870396235183192&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=1771935644&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811867543&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=929632021202511&ged=ve4_td5_tt3_pd5_la5000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:27 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame CFD3 156 B
142 B 188ms
188ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7047%2C21797538459%2Fapl%2Fandreamcmvideoactivity%2Fvast2&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2392305011685038&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=3633787753&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811867550&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=4439614848159051&ged=ve4_td5_tt3_pd5_la5000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:27 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 892D 634 KB
205 KB 39ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100572
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 8EBE 634 KB
205 KB 38ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100572
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame FF05 634 KB
205 KB 38ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100572
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 7C95 37 KB
13 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

POST
H2 200 track Show response
track1.aniview.com/ 0
93 B 138ms
136ms XHR
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 17 May 2022 18:24:27 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame AE9F 107 B
122 B 48ms
47ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 May 2022 18:24:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame B76E 37 KB
13 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 75D8 37 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 892D 156 B
142 B 186ms
185ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7047%2C21797538459%2Fapl%2Fandreamcmvideoactivity%2Fvast1.5&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=987053771868141&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=2513261443&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811868140&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=3356324111153090&ged=ve4_td5_tt3_pd5_la5000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:28 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 8EBE 156 B
142 B 200ms
199ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21849154601%2C21797538459%2FAd.Plus-Video-1.5&description_url=leviatanscans.com&env=vp&correlator=1198928071292936&tfcd=0&npa=0&gdfp_req=1&vpa=0&vpmute=1&output=xml_vast4&sz=400x300%7C640x480%7C1x1&unviewed_position_start=1&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=3428051335&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811868147&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=1885675999067178&ged=ve4_td5_tt3_pd5_la5000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:28 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame FF05 156 B
142 B 181ms
181ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7047%2C21797538459%2Fapl%2Fandreamcmvideoactivity%2Fvast1&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2381161066935461&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=684940979&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811868151&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=2697490769117893&ged=ve4_td5_tt3_pd5_la5000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:28 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adv Show response
grid.bidswitch.net/ 521 B
704 B 159ms
158ms Fetch
text/xml 18.198.218.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://grid.bidswitch.net/adv?auid=349576&u=https%3A%2F%2Fleviatanscans.com%2Fayg&r=1652811863&gdpr=1&gdpr_consent=&bf=0.9&cbb=2811868357
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.218.238 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-218-238.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 49242b996859ed26638af733509c54ca4762d500831167b139da0eff9078bc7e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-origin: https://leviatanscans.com
date: Tue, 17 May 2022 18:24:28 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 521
content-type: text/xml; charset=UTF-8;

GET
H2 200 track
track1.aniview.com/ 0
70 B 101ms
101ms Image
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181&nid=61bb50b4ad11e83d79154566&ncid=623bc9622f94191f44179174&e=request&cb=1652811868357&asid=62457fc863ca6c69597261c5%2C62457fcb7dfbbf02e518b9c4%2C62457fcf7f49601ccc6a7705%2C623bbc253e12796d047e0d27%2C623ca8717a71506f771fd32e%2C623bbc276cdc074d293b9edf%2C623bb8fc0aa6d158fd63a998%2C623bbc29cdecc256fd1d3554&ofpr=%2C%2C%2C%2C%2C%2C%2C&fpo=%2C%2C%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:28 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 track
track1.aniview.com/ 0
70 B 102ms
102ms Image
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181&&copid=61bb50b4ad11e83d79154566&nid=59c9148628a0612da3689288&cocid=623bc9622f94191f44179174&ncid=6214bbfb8bd713665a5ac236&coasid=6214bc6bc50a3f486c1eac66&e=request&cb=1652811868357&asid=620fa299d744e674bc7ffc75%2C624d91d8613eb977d53858df&ofpr=1%2C&fpo=%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:28 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
229 B 175ms
174ms XHR
text/plain 145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://leviatanscans.com
date: Tue, 17 May 2022 18:24:28 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 75
vary: origin, Accept-Encoding

GET
H2 200 track
track1.aniview.com/ 0
70 B 102ms
102ms Image
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181&nid=61bb50b4ad11e83d79154566&ncid=623bc9622f94191f44179174&e=bid&cb=1652811868566&asid=62457fc863ca6c69597261c5%2C62457fcb7dfbbf02e518b9c4%2C62457fcf7f49601ccc6a7705%2C623bbc253e12796d047e0d27%2C623ca8717a71506f771fd32e%2C623bbc276cdc074d293b9edf%2C623bb8fc0aa6d158fd63a998%2C623bbc29cdecc256fd1d3554&ofpr=%2C%2C%2C%2C%2C%2C%2C&fpo=%2C%2C%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:28 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 1FF3 634 KB
205 KB 39ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100573
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame D98A 634 KB
205 KB 38ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100573
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame DD8A 634 KB
205 KB 47ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100573
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 10E5 634 KB
205 KB 48ms
40ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100573
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 track Show response
track1.aniview.com/ 0
93 B 111ms
109ms XHR
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 17 May 2022 18:24:28 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 891C 634 KB
205 KB 47ms
41ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100573
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 44AD 37 KB
13 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame BB30 37 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame AE9F 107 B
122 B 47ms
47ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 May 2022 18:24:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 4533 37 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame A10C 37 KB
13 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 9AAC 37 KB
13 KB 46ms
46ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 1FF3 156 B
142 B 351ms
351ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21939239661%2C22707355082%2Fapl%2Fandreamcmvideoactivity%2Fvast2&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=4484069076615506&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=2567139961&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811869196&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=208129169473801&ged=ve4_td6_tt4_pd6_la6000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts1_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:29 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame D98A 156 B
142 B 286ms
285ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21939239661%2C22707355082%2Fapl%2Fandreamcmvideoactivity%2Fvast1.5&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=221591535815217&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=1791224435&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811869221&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=1208628987982294&ged=ve4_td6_tt4_pd6_la6000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:29 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame DD8A 156 B
142 B 195ms
195ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21849154601%2C21797538459%2FAd.Plus-Video-3&description_url=leviatanscans.com&env=vp&correlator=2368521940375857&tfcd=0&npa=0&gdfp_req=1&vpa=0&vpmute=1&output=xml_vast4&sz=400x300%7C640x480%7C1x1&unviewed_position_start=1&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=3162777833&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811869233&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=565925898684698&ged=ve4_td6_tt4_pd6_la6000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:29 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 10E5 156 B
142 B 283ms
282ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21939239661%2C22707355082%2Fapl%2Fandreamcmvideoactivity%2Fvast1&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2271983182195787&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=2990323162&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811869237&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=386876312270008&ged=ve4_td6_tt4_pd6_la6000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:29 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 891C 156 B
142 B 193ms
193ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7047%2C21797538459%2Fapl%2Fandreamcmvideoactivity%2Fvast2&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3603288078475045&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=2979563495&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811869240&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=492372039181264&ged=ve4_td6_tt4_pd6_la6000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:29 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 564A 634 KB
205 KB 38ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100574
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 1B18 634 KB
205 KB 38ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100574
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 9C22 37 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame AE9F 107 B
122 B 48ms
48ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 May 2022 18:24:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 12CA 37 KB
13 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 9142 634 KB
205 KB 39ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100574
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame A05E 37 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame AE9F 107 B
122 B 48ms
47ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 May 2022 18:24:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 564A 156 B
142 B 199ms
199ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7047%2C21797538459%2Fapl%2Fandreamcmvideoactivity%2Fvast1.5&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=962903801525260&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=2567139961&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811869808&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=1551904461422737&ged=ve4_td7_tt5_pd7_la7000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts1_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:29 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 1B18 156 B
142 B 292ms
292ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21849154601%2C21797538459%2FAd.Plus-Video-1.5&description_url=leviatanscans.com&env=vp&correlator=1506487607221878&tfcd=0&npa=0&gdfp_req=1&vpa=0&vpmute=1&output=xml_vast4&sz=400x300%7C640x480%7C1x1&unviewed_position_start=1&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=1791224435&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811869871&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=3623532723227635&ged=ve4_td7_tt5_pd7_la7000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:30 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 9142 156 B
142 B 186ms
185ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7047%2C21797538459%2Fapl%2Fandreamcmvideoactivity%2Fvast1&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2215516977760207&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=684940979&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811869889&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=2963805087406594&ged=ve4_td7_tt5_pd7_la7000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:30 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 track Show response
track1.aniview.com/ 0
93 B 102ms
101ms XHR
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 17 May 2022 18:24:30 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 adv Show response
grid.bidswitch.net/ 521 B
704 B 136ms
135ms Fetch
text/xml 18.198.218.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://grid.bidswitch.net/adv?auid=349576&u=https%3A%2F%2Fleviatanscans.com%2Fayg&r=1652811863&gdpr=1&gdpr_consent=&bf=0.9&cbb=2811870215
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.218.238 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-218-238.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 715394d386c1ea514490b365ea759182b2d3af1ca01a6c74082a9e9e41a92947

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-origin: https://leviatanscans.com
date: Tue, 17 May 2022 18:24:30 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 521
content-type: text/xml; charset=UTF-8;

GET
H2 200 track
track1.aniview.com/ 0
70 B 101ms
100ms Image
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181&nid=61bb50b4ad11e83d79154566&ncid=623bc9622f94191f44179174&e=request&cb=1652811870216&asid=62457fc863ca6c69597261c5%2C62457fcb7dfbbf02e518b9c4%2C62457fcf7f49601ccc6a7705%2C623bbc253e12796d047e0d27%2C623ca8717a71506f771fd32e%2C623bbc276cdc074d293b9edf%2C623bb8fc0aa6d158fd63a998%2C623bbc29cdecc256fd1d3554&ofpr=%2C%2C%2C%2C%2C%2C%2C&fpo=%2C%2C%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:30 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 track
track1.aniview.com/ 0
70 B 107ms
107ms Image
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181&&copid=61bb50b4ad11e83d79154566&nid=59c9148628a0612da3689288&cocid=623bc9622f94191f44179174&ncid=6214bbfb8bd713665a5ac236&coasid=6214bc6bc50a3f486c1eac66&e=request&cb=1652811870216&asid=624d91d8613eb977d53858df%2C620fa299d744e674bc7ffc75&ofpr=%2C1&fpo=%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:30 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
229 B 152ms
152ms XHR
text/plain 145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://leviatanscans.com
date: Tue, 17 May 2022 18:24:30 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 51
vary: origin, Accept-Encoding

GET
H2 200 track
track1.aniview.com/ 0
70 B 103ms
103ms Image
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181&nid=61bb50b4ad11e83d79154566&ncid=623bc9622f94191f44179174&e=bid&cb=1652811870400&asid=62457fc863ca6c69597261c5%2C62457fcb7dfbbf02e518b9c4%2C62457fcf7f49601ccc6a7705%2C623bbc253e12796d047e0d27%2C623ca8717a71506f771fd32e%2C623bbc276cdc074d293b9edf%2C623bb8fc0aa6d158fd63a998%2C623bbc29cdecc256fd1d3554&ofpr=%2C%2C%2C%2C%2C%2C%2C&fpo=%2C%2C%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:30 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 5295 634 KB
205 KB 38ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100575
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 8363 634 KB
205 KB 39ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100575
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame E8E7 634 KB
205 KB 41ms
40ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100575
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 33EE 634 KB
205 KB 39ms
37ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100575
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 7002 634 KB
205 KB 38ms
37ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100575
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame C295 37 KB
13 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame AE9F 107 B
122 B 47ms
46ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 May 2022 18:24:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 1326 37 KB
13 KB 42ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 1E09 37 KB
13 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 9AD4 37 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame AB36 37 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 5295 156 B
142 B 213ms
212ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21939239661%2C22707355082%2Fapl%2Fandreamcmvideoactivity%2Fvast2&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=480325920111154&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=684940979&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811871020&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=1464804834965397&ged=ve4_td8_tt6_pd8_la8000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts1_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 1FCA 0
127 B 341ms
341ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 17 May 2022 18:24:31 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 8363 156 B
142 B 244ms
244ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21939239661%2C22707355082%2Fapl%2Fandreamcmvideoactivity%2Fvast1.5&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=1276275219347654&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=2567139961&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811871028&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=2902628257581841&ged=ve4_td8_tt6_pd8_la8000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame E8E7 156 B
142 B 253ms
253ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21849154601%2C21797538459%2FAd.Plus-Video-3&description_url=leviatanscans.com&env=vp&correlator=304704437991861&tfcd=0&npa=0&gdfp_req=1&vpa=0&vpmute=1&output=xml_vast4&sz=400x300%7C640x480%7C1x1&unviewed_position_start=1&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=1791224435&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811871033&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=3290155476242696&ged=ve4_td8_tt6_pd8_la8000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 33EE 156 B
142 B 217ms
216ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21939239661%2C22707355082%2Fapl%2Fandreamcmvideoactivity%2Fvast1&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3344742237927911&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=3162777833&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811871037&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=3996988216119985&ged=ve4_td8_tt6_pd8_la8000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 7002 156 B
142 B 204ms
204ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7047%2C21797538459%2Fapl%2Fandreamcmvideoactivity%2Fvast2&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=1270386492223239&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=2990323162&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811871042&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=3264040060640287&ged=ve4_td8_tt6_pd8_la8000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 6C6A 634 KB
205 KB 40ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100576
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 4E89 37 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

POST
H2 200 track Show response
track1.aniview.com/ 0
93 B 115ms
115ms XHR
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 17 May 2022 18:24:31 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 77BE 634 KB
205 KB 38ms
37ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100576
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame AE9F 107 B
122 B 48ms
47ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 May 2022 18:24:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 3C70 37 KB
13 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 62CF 634 KB
205 KB 38ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100576
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 85C9 37 KB
13 KB 43ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 6C6A 156 B
142 B 267ms
266ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7047%2C21797538459%2Fapl%2Fandreamcmvideoactivity%2Fvast1.5&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=4067137145498751&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=684940979&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811871630&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=3036886885687268&ged=ve4_td9_tt7_pd9_la9000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts1_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 77BE 156 B
142 B 279ms
278ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21849154601%2C21797538459%2FAd.Plus-Video-1.5&description_url=leviatanscans.com&env=vp&correlator=2233804801983812&tfcd=0&npa=0&gdfp_req=1&vpa=0&vpmute=1&output=xml_vast4&sz=400x300%7C640x480%7C1x1&unviewed_position_start=1&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=2567139961&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811871656&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=3912866213789786&ged=ve4_td9_tt7_pd9_la9000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 62CF 156 B
142 B 187ms
187ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7047%2C21797538459%2Fapl%2Fandreamcmvideoactivity%2Fvast1&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=4111200453278849&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=684940979&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811871664&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=2165541367586665&ged=ve4_td9_tt7_pd9_la9000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adv Show response
grid.bidswitch.net/ 521 B
704 B 157ms
157ms Fetch
text/xml 18.198.218.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://grid.bidswitch.net/adv?auid=349576&u=https%3A%2F%2Fleviatanscans.com%2Fayg&r=1652811863&gdpr=1&gdpr_consent=&bf=0.9&cbb=2811871999
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.218.238 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-218-238.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: ad6c479be2d4b755cc4ea94ef064471037e31a6eff63b8267d296f808f1bee83

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-origin: https://leviatanscans.com
date: Tue, 17 May 2022 18:24:32 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 521
content-type: text/xml; charset=UTF-8;

GET
H2 200 track
track1.aniview.com/ 0
70 B 101ms
101ms Image
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181&nid=61bb50b4ad11e83d79154566&ncid=623bc9622f94191f44179174&e=request&cb=1652811871999&asid=62457fc863ca6c69597261c5%2C62457fcf7f49601ccc6a7705%2C62457fcb7dfbbf02e518b9c4%2C623bbc253e12796d047e0d27%2C623ca8717a71506f771fd32e%2C623bbc276cdc074d293b9edf%2C623bb8fc0aa6d158fd63a998%2C623bbc29cdecc256fd1d3554&ofpr=%2C%2C%2C%2C%2C%2C%2C&fpo=%2C%2C%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:32 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 track
track1.aniview.com/ 0
70 B 102ms
101ms Image
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181&&copid=61bb50b4ad11e83d79154566&nid=59c9148628a0612da3689288&cocid=623bc9622f94191f44179174&ncid=6214bbfb8bd713665a5ac236&coasid=6214bc6bc50a3f486c1eac66&e=request&cb=1652811871999&asid=624d91d8613eb977d53858df%2C620fa299d744e674bc7ffc75&ofpr=%2C1&fpo=%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:32 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
229 B 159ms
158ms XHR
text/plain 145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://leviatanscans.com
date: Tue, 17 May 2022 18:24:31 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 59
vary: origin, Accept-Encoding

GET
H2 200 track
track1.aniview.com/ 0
70 B 101ms
101ms Image
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181&nid=61bb50b4ad11e83d79154566&ncid=623bc9622f94191f44179174&e=bid&cb=1652811872200&asid=62457fc863ca6c69597261c5%2C62457fcf7f49601ccc6a7705%2C62457fcb7dfbbf02e518b9c4%2C623bbc253e12796d047e0d27%2C623ca8717a71506f771fd32e%2C623bbc276cdc074d293b9edf%2C623bb8fc0aa6d158fd63a998%2C623bbc29cdecc256fd1d3554&ofpr=%2C%2C%2C%2C%2C%2C%2C&fpo=%2C%2C%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:32 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame AFB6 0
127 B 34ms
34ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 17 May 2022 18:24:31 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 3E00 634 KB
205 KB 40ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100577
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame EFDC 634 KB
205 KB 38ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100577
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 track Show response
track1.aniview.com/ 0
93 B 103ms
103ms XHR
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 17 May 2022 18:24:32 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 5A0B 634 KB
205 KB 38ms
37ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100577
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 228E 634 KB
205 KB 39ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100577
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame F557 634 KB
205 KB 40ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100577
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 97E6 37 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame AE9F 107 B
122 B 50ms
49ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 May 2022 18:24:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame E813 37 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame CBAE 37 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 6D8C 37 KB
13 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 8EFD 37 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 3E00 156 B
142 B 260ms
260ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21939239661%2C22707355082%2Fapl%2Fandreamcmvideoactivity%2Fvast2&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=1214520773951346&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=684940979&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811872797&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=1190415570616045&ged=ve4_td10_tt8_pd10_la10000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts1_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame EFDC 156 B
142 B 263ms
263ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21939239661%2C22707355082%2Fapl%2Fandreamcmvideoactivity%2Fvast1.5&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3177093632479230&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=2567139961&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811872802&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=2314947690235975&ged=ve4_td10_tt8_pd10_la10000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 5A0B 156 B
142 B 269ms
268ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21849154601%2C21797538459%2FAd.Plus-Video-3&description_url=leviatanscans.com&env=vp&correlator=2178415798006301&tfcd=0&npa=0&gdfp_req=1&vpa=0&vpmute=1&output=xml_vast4&sz=400x300%7C640x480%7C1x1&unviewed_position_start=1&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=1791224435&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811872810&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=2206566621586085&ged=ve4_td10_tt8_pd10_la10000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 228E 156 B
142 B 345ms
345ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21939239661%2C22707355082%2Fapl%2Fandreamcmvideoactivity%2Fvast1&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=1894068362313161&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=3162777833&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811872814&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=3616582172104201&ged=ve4_td10_tt8_pd10_la10000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame F557 156 B
142 B 190ms
190ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7047%2C21797538459%2Fapl%2Fandreamcmvideoactivity%2Fvast2&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2916513427744396&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=2990323162&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811872817&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=2057742137870703&ged=ve4_td10_tt8_pd10_la10000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:32 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 4009 0
127 B 35ms
35ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 17 May 2022 18:24:32 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

POST
H2 200 all
csm.eu.criteo.net/ Frame 727F 0
127 B 36ms
35ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 17 May 2022 18:24:32 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame C8CE 634 KB
205 KB 39ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100578
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 663D 37 KB
13 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame AE9F 107 B
122 B 48ms
48ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 May 2022 18:24:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 127E 634 KB
205 KB 40ms
39ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100578
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 87DE 634 KB
205 KB 42ms
39ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100578
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame E3E6 37 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 61AD 37 KB
13 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame C8CE 156 B
142 B 190ms
190ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7047%2C21797538459%2Fapl%2Fandreamcmvideoactivity%2Fvast1.5&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2043271612651958&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=2513261443&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811873353&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=1243505423541308&ged=ve4_td10_tt8_pd10_la10000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 127E 156 B
142 B 200ms
199ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21849154601%2C21797538459%2FAd.Plus-Video-1.5&description_url=leviatanscans.com&env=vp&correlator=84696714998572&tfcd=0&npa=0&gdfp_req=1&vpa=0&vpmute=1&output=xml_vast4&sz=400x300%7C640x480%7C1x1&unviewed_position_start=1&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=2513261443&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811873470&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=2282450569915022&ged=ve4_td10_tt8_pd10_la10000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 87DE 156 B
142 B 192ms
192ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7047%2C21797538459%2Fapl%2Fandreamcmvideoactivity%2Fvast1&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=881225691652564&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=3428051335&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811873481&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=518868256263283&ged=ve4_td10_tt8_pd10_la10000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 track Show response
track1.aniview.com/ 0
93 B 106ms
106ms XHR
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 17 May 2022 18:24:33 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 adv Show response
grid.bidswitch.net/ 521 B
704 B 73ms
73ms Fetch
text/xml 18.198.218.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://grid.bidswitch.net/adv?auid=349576&u=https%3A%2F%2Fleviatanscans.com%2Fayg&r=1652811863&gdpr=1&gdpr_consent=&bf=0.9&cbb=2811873686
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.218.238 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-218-238.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: a58adf21966a1a3b9d72d848f887b2b05215dd9876c6afd9411d54d05675f9c4

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-origin: https://leviatanscans.com
date: Tue, 17 May 2022 18:24:33 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 521
content-type: text/xml; charset=UTF-8;

GET
H2 200 track
track1.aniview.com/ 0
70 B 100ms
100ms Image
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181&nid=61bb50b4ad11e83d79154566&ncid=623bc9622f94191f44179174&e=request&cb=1652811873686&asid=62457fc863ca6c69597261c5%2C62457fcb7dfbbf02e518b9c4%2C62457fcf7f49601ccc6a7705%2C623bbc253e12796d047e0d27%2C623ca8717a71506f771fd32e%2C623bbc276cdc074d293b9edf%2C623bb8fc0aa6d158fd63a998%2C623bbc29cdecc256fd1d3554&ofpr=%2C%2C%2C%2C%2C%2C%2C&fpo=%2C%2C%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:33 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 track
track1.aniview.com/ 0
70 B 100ms
100ms Image
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181&&copid=61bb50b4ad11e83d79154566&nid=59c9148628a0612da3689288&cocid=623bc9622f94191f44179174&ncid=6214bbfb8bd713665a5ac236&coasid=6214bc6bc50a3f486c1eac66&e=request&cb=1652811873686&asid=624d91d8613eb977d53858df%2C620fa299d744e674bc7ffc75&ofpr=%2C1&fpo=%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:33 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
229 B 141ms
141ms XHR
text/plain 145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://leviatanscans.com
date: Tue, 17 May 2022 18:24:33 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 40
vary: origin, Accept-Encoding

GET
H2 200 track
track1.aniview.com/ 0
70 B 102ms
101ms Image
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181&nid=61bb50b4ad11e83d79154566&ncid=623bc9622f94191f44179174&e=bid&cb=1652811873850&asid=62457fc863ca6c69597261c5%2C62457fcb7dfbbf02e518b9c4%2C62457fcf7f49601ccc6a7705%2C623bbc253e12796d047e0d27%2C623ca8717a71506f771fd32e%2C623bbc276cdc074d293b9edf%2C623bb8fc0aa6d158fd63a998%2C623bbc29cdecc256fd1d3554&ofpr=%2C%2C%2C%2C%2C%2C%2C&fpo=%2C%2C%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:33 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 7E9E 634 KB
205 KB 39ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100578
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame CADF 634 KB
205 KB 38ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100578
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame E840 634 KB
205 KB 39ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100578
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame C997 634 KB
205 KB 38ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100578
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame AB1D 634 KB
205 KB 40ms
39ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100578
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame EA9B 37 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame AE9F 107 B
122 B 47ms
47ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 May 2022 18:24:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame E3C2 37 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame B5A3 37 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame E46D 37 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame B2DA 37 KB
13 KB 45ms
45ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 7E9E 156 B
142 B 261ms
260ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21939239661%2C22707355082%2Fapl%2Fandreamcmvideoactivity%2Fvast2&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3502278833100428&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=684940979&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811874440&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=934917318422888&ged=ve4_td11_tt9_pd11_la11000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts1_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:34 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame CADF 156 B
142 B 247ms
245ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21939239661%2C22707355082%2Fapl%2Fandreamcmvideoactivity%2Fvast1.5&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=745540019837385&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=2567139961&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811874452&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=4410478467064708&ged=ve4_td11_tt9_pd11_la11000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:34 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame E840 156 B
142 B 260ms
255ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21849154601%2C21797538459%2FAd.Plus-Video-3&description_url=leviatanscans.com&env=vp&correlator=2988195257775857&tfcd=0&npa=0&gdfp_req=1&vpa=0&vpmute=1&output=xml_vast4&sz=400x300%7C640x480%7C1x1&unviewed_position_start=1&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=1791224435&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811874460&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=3938360902083001&ged=ve4_td11_tt9_pd11_la11000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:34 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame C997 156 B
142 B 215ms
215ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21939239661%2C22707355082%2Fapl%2Fandreamcmvideoactivity%2Fvast1&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2286021454106272&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=3162777833&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811874465&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=4053391888993772&ged=ve4_td11_tt9_pd11_la11000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:34 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame AB1D 156 B
142 B 229ms
228ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7047%2C21797538459%2Fapl%2Fandreamcmvideoactivity%2Fvast2&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=4104196289967706&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=2990323162&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811874473&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=2851297135705794&ged=ve4_td11_tt9_pd11_la11000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:34 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 track Show response
track1.aniview.com/ 0
93 B 103ms
102ms XHR
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 17 May 2022 18:24:34 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame BE63 634 KB
205 KB 38ms
37ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100579
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame A2EC 37 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame AE9F 107 B
122 B 48ms
48ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leviatanscans.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 May 2022 18:24:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame FF4F 634 KB
205 KB 38ms
38ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100579
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame DB7B 634 KB
205 KB 38ms
37ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://leviatanscans.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 100579
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 6716 37 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 8021 37 KB
13 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://leviatanscans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 17 May 2022 19:24:01 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame BE63 156 B
142 B 275ms
274ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7047%2C21797538459%2Fapl%2Fandreamcmvideoactivity%2Fvast1.5&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3567629396510304&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=684940979&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811875084&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=3589617185936123&ged=ve4_td12_tt10_pd12_la12000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts1_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:35 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame FF4F 156 B
142 B 345ms
345ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21849154601%2C21797538459%2FAd.Plus-Video-1.5&description_url=leviatanscans.com&env=vp&correlator=1316104669563190&tfcd=0&npa=0&gdfp_req=1&vpa=0&vpmute=1&output=xml_vast4&sz=400x300%7C640x480%7C1x1&unviewed_position_start=1&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=2567139961&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811875096&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=2590376844493547&ged=ve4_td12_tt10_pd12_la12000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:35 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame DB7B 156 B
142 B 198ms
198ms XHR
text/xml 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7047%2C21797538459%2Fapl%2Fandreamcmvideoactivity%2Fvast1&description_url=leviatanscans.com&tfcd=0&npa=0&sz=400x300&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2482663569543683&sdkv=h.3.516.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=1791224435&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.516.0&sid=8AC26850-91B3-428D-8CB8-26C3CA168D06&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY1b-Omo0wRQAAAAA.&nel=0&eid=31061774%2C44737473%2C44750823%2C44761692&url=https%3A%2F%2Fleviatanscans.com%2Fayg&dt=1652811875100&cookie=ID%3D25f3f37077aa7fc6%3AT%3D1652811862%3AS%3DALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ&scor=3277431158695632&ged=ve4_td12_tt10_pd12_la12000_er919.1280.1075.1580_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:24:35 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 track Show response
track1.aniview.com/ 0
93 B 102ms
102ms XHR
text/plain 35.173.69.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://track1.aniview.com/track?d=Chrome&cou=GB&cos=Windows&r=leviatanscans.com&rs=leviatanscans.com&sid=14376&t=1652811863&cip=5.187.21.101&sn=&tgt=0&osv=10&bv=101.0&brn=Chrome&wi=256&he=145&app=&AV_PUBLISHERID=61bb50b4ad11e83d79154566&test=&aafaid=&proto=https&uid=1652811863869-963056969725-006807-009-008792&cha=0.7&stagid=623c56fc50c5544cb7441ab7&stplid=61bb5afd4990cb1eab7afba4&d35=&d36=6.2.18&cb=95527202760&d9=1000&prbdres=&prbdlevDB=&prebdlevEnt=&prbdsup=whiteOps&d16=2&d37=realtime&AV_WIDTH=320&AV_HEIGHT=181
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=61bb50b4ad11e83d79154566
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.69.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-69-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leviatanscans.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 17 May 2022 18:24:39 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fleviatanscans.com&pubid=9f69069e-7132-4170-a8f2-2b572c005f5b

Domain: prebid.smilewanted.com
URL: https://prebid.smilewanted.com/

Domain: prebid.smilewanted.com
URL: https://prebid.smilewanted.com/

Domain: prebid.smilewanted.com
URL: https://prebid.smilewanted.com/

Domain: googlecm.hit.gemius.pl
URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESENkBYRuYsj10CYXskQheo_8&google_cver=1&google_push=AYg5qPJ21FmLdA8hBWIsEslZ5jGwyqEqpTaILmqwY5bp9ToLMJWvED3TDw3sbXRSqpijDr_X_ynSpbposvK-0fYsV5v2FgSl2tHczw

Domain: googlecm.hit.gemius.pl
URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESENkBYRuYsj10CYXskQheo_8&google_cver=1&google_push=AYg5qPJgdHk1LWTcR7IW5tILcy5ofMjgTNdehvMNCmHwSaj_aTeteMdhEBnO696M8QSdZPwS7EJwQFTey47dxOg4ravikRl9p1Vo4fU

Verdicts & Comments Add Verdict or Comment

292 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

52 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.leviatanscans.com/	1970-01-20 20:38:03	Name: __utma Value: 210982024.547592442.1652811862.1652811862.1652811862.1
.leviatanscans.com/	1969-12-31 23:59:59	Name: __utmc Value: 210982024
.leviatanscans.com/	1970-01-20 07:29:39	Name: __utmz Value: 210982024.1652811862.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.leviatanscans.com/	1970-01-20 03:06:52	Name: __utmt Value: 1
.leviatanscans.com/	1970-01-20 03:06:53	Name: __utmb Value: 210982024.1.10.1652811862
.leviatanscans.com/	1970-01-20 20:38:03	Name: _ga_0DPYVF5JK7 Value: GS1.1.1652811862.1.0.1652811862.0
.leviatanscans.com/	1970-01-20 20:38:03	Name: _ga Value: GA1.1.1837759030.1652811862
leviatanscans.com/	1969-12-31 23:59:59	Name: logglytrackingsession Value: d68bb37a-0f73-4224-820d-927c5d723aba
leviatanscans.com/	1970-01-20 03:50:03	Name: _pbjs_userid_consent_data Value: 3524755945110770
.leviatanscans.com/	1970-01-20 11:52:27	Name: _pubcid Value: 72cea876-8b5b-4db5-b9ff-865494e9e7cb
pbjs.e-planning.net/	1969-12-31 23:59:59	Name: CT Value: 1
.admixer.net/	1970-01-20 05:16:27	Name: am-uid Value: 39e3c8a45ecd444180906f6b07f057da
.e-planning.net/	1970-01-22 16:26:03	Name: E Value: AOpR5GVCbqFzwCTZ
.quantumdex.io/	1970-01-20 03:50:03	Name: uid Value: 32319a5b-289e-4414-b262-567655928812
.doubleclick.net/	1970-01-20 12:28:27	Name: IDE Value: AHWqTUnqkAwdayS5Ad4j_d8WAELjkDWRFkKBnxoX9lRd5ybFNrtctcAyCTx8SSvojBY
a4p.adpartner.pro/	1970-01-20 04:33:15	Name: apuid Value: baf9ea40-7f07-48c0-94b7-97336ca6aa7d
.adnxs.com/	1970-01-20 05:16:27	Name: icu Value: ChgIwtl9EAoYASABKAEw19CPlAY4AUABSAEQ19CPlAYYAA..
.adnxs.com/	1970-01-20 05:16:27	Name: uuid2 Value: 7763830856422416326
.aniview.com/	1970-01-20 03:35:39	Name: aniC Value:
.doubleclick.net/	1970-01-20 03:06:55	Name: DSID Value: NO_DATA
.leviatanscans.com/	1970-01-20 11:52:27	Name: FCNEC Value: [["AKsRol84KJsluwu836xtQ6cHOKSlX3xtRRd9uhN9wP21Ylxoq_V_ewfE9DnS2zmvwPqb8p3sEIpSFq8yjsjqUxr2M68chM0K9GIvxDBoEEza_-dkw_m6jwKvC45mX3Mb6HS1yz3t8nmEbNbSv-OP2QVp4KX-fRfQoA=="],null,[]]
.technoratimedia.com/	1970-01-21 22:54:51	Name: tads_uid Value: GDPR
.adtelligent.com/	1970-01-20 04:36:08	Name: vmuid Value: dfc3bd517a3427e7
.adtelligent.com/	1970-01-20 04:36:08	Name: a307558 Value: baf9ea40-7f07-48c0-94b7-97336ca6aa7d
.aniview.com/	1970-01-20 03:08:18	Name: 2_C_200 Value: OPTOUT
sync.aniview.com/	1970-01-20 03:08:18	Name: 2_C_200 Value: OPTOUT
.aniview.com/	1970-01-20 03:08:18	Name: 2_C_3 Value: GDPR
sync.aniview.com/	1970-01-20 03:08:18	Name: 2_C_3 Value: GDPR
.leviatanscans.com/	1970-01-20 12:28:27	Name: __gads Value: ID=25f3f37077aa7fc6:T=1652811862:S=ALNI_Ma6mhrJYhKm7QBwz5bD4cnVsE1KRQ
.quantserve.com/	1970-01-20 05:16:27	Name: d Value: ECoBCQGUJoEA
.quantserve.com/	1970-01-20 12:37:06	Name: mc Value: 6283e859-04304-e28e3-d4c9d
.rlcdn.com/	1970-01-20 11:52:27	Name: rlas3 Value: 53+dFK8oiwCUpI343gkJE4F3cvmNiZT/P7hU5xJtcs4=
.analytics.yahoo.com/	1970-01-20 11:52:27	Name: IDSYNC Value: 18yx~24xu
.yahoo.com/	1970-01-20 11:52:49	Name: A3 Value: d=AQABBFjog2ICEIKe2-Wym91Xc_Mm5G6qNvkFEgEBAQE5hWKNYgAAAAAA_eMAAA&S=AQAAAmZmf1X2bzViT9EnTu4XDt4
.w55c.net/	1970-01-20 12:37:06	Name: wfivefivec Value: VsNwB8yY1NR1RT5
.de17a.com/	1970-01-20 11:45:15	Name: guid2 Value: 1.8884403758921972579
.agkn.com/	1970-01-20 11:52:27	Name: ab Value: 0001%3AjIz5emszi5Siyp%2Fte1C5ZtsUy%2Bzw55b1
.agkn.com/	1970-01-20 11:52:27	Name: u Value: C\|0CEAqFqTZKhak2QAAAAAAAQ13AQCAAQpAAAAAAA
.pubmatic.com/	1970-01-20 03:08:18	Name: KTPCACOOKIE Value: YES
.w55c.net/	1970-01-20 03:50:03	Name: matchgoogle Value: 5
.rlcdn.com/	1970-01-20 04:33:15	Name: pxrc Value: CNnQj5QGEgUI6AcQABIGCOndKhAA
.casalemedia.com/	1970-01-20 11:52:27	Name: CMID Value: YoPoWSWwY4nINB7r.pyDOwAA
.casalemedia.com/	1970-01-20 05:16:27	Name: CMPS Value: 685
.pubmatic.com/	1970-01-20 05:16:27	Name: KADUSERCOOKIE Value: 1E2A27CC-2E0B-4133-BCF1-357E99AD7D06
.casalemedia.com/	1970-01-20 05:16:27	Name: CMPRO Value: 334
.casalemedia.com/	1970-01-20 03:08:18	Name: CMST Value: YoPoWWKD6FkA
.criteo.com/	1970-01-20 12:28:27	Name: uid Value: 9f55bdae-4a1c-441f-b54e-5d72654f6459
.mathtag.com/	1970-01-20 12:32:47	Name: uuid Value: e1e76283-e85a-4600-9c75-3a3d29255b9f
.mathtag.com/	1970-01-20 03:50:03	Name: mt_mop Value: 4:1652811866
.leviatanscans.com/	1970-01-20 12:28:27	Name: cto_bundle Value: aYS2SF9qeUg2c2Ntbm05aWVzVDFaangwR2hMVmkxaG5FSlVKa3JFQnBvZldIOGMxV3ZQN1Z3QWR4NDVjRHlwY1YzRWxkbWVBVzElMkJIZVZXS2lMY0NoYzJBejBrMTBmQiUyQm1jZGo5a042UUJOa0FHY1VyTzJrSTIzS1VOd2FnMWJRT210dTdTT0MzZVNJREVDVkQ4JTJGT3J0JTJGSXc3USUzRCUzRA
.leviatanscans.com/	1970-01-20 12:28:27	Name: cto_bidid Value: LUJnAF9MSlRnT3VaeEQyN1RUaTdGOXlDbDBXOWRXZTZIamlRRnlEQUNWY3pMUVIlMkZVY3ozZSUyQiUyRk1tMlNobTAlMkJya1R5T2pyYjc5bGlJN0dRaGh6SUlBd0Zlb3oxUGpTYm5HWVBpN2FVOHZGREJuWVN2RiUyQm10WEJpdk94WVNIdk8wd0ZxeGw
prebid.a-mo.net/	1970-01-20 11:52:27	Name: __amc Value: 7_1652811863_1652811873

13 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://tags.orquideassp.com/tag/8273 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://pagead2.googlesyndication.com/pagead/show_ads.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://tags.orquideassp.com/tag/8273 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://pagead2.googlesyndication.com/pagead/show_ads.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	error	URL: https://leviatanscans.com/ayg(Line 825) Message: Access to XMLHttpRequest at 'https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fleviatanscans.com&pubid=9f69069e-7132-4170-a8f2-2b572c005f5b' from origin 'https://leviatanscans.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fleviatanscans.com&pubid=9f69069e-7132-4170-a8f2-2b572c005f5b Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://leviatanscans.com/ayg Message: Access to XMLHttpRequest at 'https://prebid.smilewanted.com/' from origin 'https://leviatanscans.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://prebid.smilewanted.com/ Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://leviatanscans.com/ayg Message: Access to XMLHttpRequest at 'https://prebid.smilewanted.com/' from origin 'https://leviatanscans.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://prebid.smilewanted.com/ Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://leviatanscans.com/ayg Message: Access to XMLHttpRequest at 'https://prebid.smilewanted.com/' from origin 'https://leviatanscans.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://prebid.smilewanted.com/ Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://rtb.adxpremium.services/openrtb2/auction Message: Failed to load resource: the server responded with a status of 400 (Bad Request)
network	error	URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESENkBYRuYsj10CYXskQheo_8&google_cver=1&google_push=AYg5qPJ21FmLdA8hBWIsEslZ5jGwyqEqpTaILmqwY5bp9ToLMJWvED3TDw3sbXRSqpijDr_X_ynSpbposvK-0fYsV5v2FgSl2tHczw Message: Failed to load resource: net::ERR_ADDRESS_UNREACHABLE
network	error	URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESENkBYRuYsj10CYXskQheo_8&google_cver=1&google_push=AYg5qPJgdHk1LWTcR7IW5tILcy5ofMjgTNdehvMNCmHwSaj_aTeteMdhEBnO696M8QSdZPwS7EJwQFTey47dxOg4ravikRl9p1Vo4fU Message: Failed to load resource: net::ERR_ADDRESS_UNREACHABLE

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a4p.adpartner.pro
ads.eu.criteo.com
ads.pubmatic.com
ads.servenobid.com
ads4.krushmedia.com
adservice.google.co.uk
adservice.google.com
adservice.google.fr
adtelligent-d.openx.net
ap.lijit.com
b1h.zemanta.com
bidder.criteo.com
c.amazon-adsystem.com
c2shb.pubgw.yahoo.com
cat.nl.eu.criteo.com
cce65f1ecf941bf82cd8fb58dffc63de.safeframe.googlesyndication.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
cms.quantserve.com
cpm.unibots.in
csm.eu.criteo.net
d.agkn.com
d5p.de17a.com
delivery.adrecover.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
ghb.adtelligent.com
go1.aniview.com
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
googletagmanager.com
grid.bidswitch.net
gum.criteo.com
htlb.casalemedia.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
image6.pubmatic.com
imasdk.googleapis.com
inv-nets.admixer.net
leviatanscans.com
log.outbrainimg.com
mcdp-chidc2.outbrain.com
mp.4dex.io
mug.criteo.com
odb.outbrain.com
odr.mookie1.com
pagead2.googlesyndication.com
papayads.net
partner.googleadservices.com
pbjs.e-planning.net
pix.eu.criteo.net
pixel.everesttech.net
pixel.rubiconproject.com
player.adtcdn.com
player.adtelligent.com
player.aniview.com
player.avplayer.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid-eu.creativecdn.com
prebid.a-mo.net
prebid.smilewanted.com
pubads.g.doubleclick.net
resources.infolinks.com
router.infolinks.com
rtb.adxpremium.services
rtb.fr.eu.criteo.com
rtb.nl.eu.criteo.com
rtb.openx.net
s0.2mdn.net
script.4dex.io
securepubads.g.doubleclick.net
ssl.google-analytics.com
ssum-sec.casalemedia.com
static.criteo.net
stats.g.doubleclick.net
supertruco.com
sync.1rx.io
sync.adtelligent.com
sync.aniview.com
sync.go.sonobi.com
sync.mathtag.com
sync.technoratimedia.com
tags.orquideassp.com
tcheck.outbrainimg.com
tg1.aniview.com
tpc.googlesyndication.com
track1.aniview.com
ups.analytics.yahoo.com
useast.quantumdex.io
web.ssp.yahoo.com
widget-pixels.outbrain.com
widgets.outbrain.com
www.google-analytics.com
www.google.co.uk
www.google.com
www.googletagservices.com
www.papayads.net
c.amazon-adsystem.com
googlecm.hit.gemius.pl
prebid.smilewanted.com
103.229.206.240
104.102.28.254
104.92.100.195
108.156.255.177
135.125.163.79
141.95.98.66
142.250.184.226
145.40.89.200
146.0.227.109
150.136.25.38
151.101.114.132
172.217.16.130
172.66.42.247
178.162.133.149
178.250.0.139
178.250.0.162
178.250.2.131
178.250.2.146
178.250.2.148
18.156.0.31
18.198.193.48
18.198.218.238
185.184.8.90
185.33.220.100
192.0.78.218
192.82.242.209
2.20.157.55
213.155.156.164
213.19.147.44
23.227.146.234
23.35.229.181
23.35.237.86
2600:9000:2057:a000:2:e529:700:93a1
2606:4700:10::6816:2460
2606:4700:20::ac43:4411
2606:4700:20::ac43:4bf1
2606:4700:4400::ac40:92da
2606:4700::6811:180e
2606:4700::6812:372
2620:116:800d:21:5a23:9c4e:e774:96c1
2a00:1450:4001:800::200a
2a00:1450:4001:803::2003
2a00:1450:4001:808::2001
2a00:1450:4001:809::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:811::2008
2a00:1450:4001:812::200e
2a00:1450:4001:813::2002
2a00:1450:4001:813::2006
2a00:1450:4001:828::2001
2a00:1450:4001:829::2002
2a00:1450:4001:829::2008
2a00:1450:4001:82b::2003
2a00:1450:4001:82b::200a
2a00:1450:4001:831::2004
2a00:1450:400c:c07::9b
2a02:2638:1::2
2a02:2638:1::3
2a02:2638:1::4
2a02:2638::1c
2a02:2638::2
2a02:26f0:3500:58c::2c79
2a02:26f0:3500:595::2c79
2a02:26f0:3500:c::5c7b:6837
2a05:d018:d29:3602:1396:457e:6f4c:9f77
2a06:98c1:3121::a
34.98.64.218
34.98.67.61
35.157.246.167
35.158.21.212
35.172.49.77
35.173.69.21
35.227.252.103
35.244.174.68
45.133.44.3
46.249.52.249
51.83.220.94
52.18.151.34
52.214.225.206
54.145.157.73
62.149.0.72
63.251.14.14
64.202.112.159
64.202.112.223
64.74.236.255
69.173.144.138
77.245.57.72
8.2.110.139
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
0127eb06cdd473968db95b646b1f5f9a308df73a7b14932009b3d966801bff2c
01284adf0039080c4d89732ef83440fd31b310a7bf3867b83b030f99ffd1f1c1
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
02b5318a75e50e48ccddd6eac9eef067a275adc244f3c3f6186ed6b382d3f971
033a474f3f3d411b511e2f7e6256485b7528acba1605f66bc68fa59a47a61616
0413c66952464f1ecd016f7bcaab521634a380fc3f9b1b907caa11cb70c2ebc5
066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564
06a366a1149a8beed91b902f50763b6b195e220d2887e81e07cfdfb42a376309
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
07d2b7c2df967b7820b8ce99be3f7db1a1db5a82797826cd9a06e6489e89f71a
07fd252455eb0889fe26448a35eb6e0522d7fa18698bce8c3349e111a8c30e72
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0a4375d9abb19e1ad99be871bd3c41f16a148c87d277f19dfe92d9b69fb57efe
0ad56b3e77d900587118de3adf7fcbad554c50919dad256b449f05df778dc5b1
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0da7f3621835ce2f0d40f42fba6af2d214f9d6bced7f1f59b170d32936a15442
0dd9935552633c7a149a715988f93a54fc1b1993e2efbf6dc33d5a09d4f33f2d
0f5ec163b733fcc46389ed29b73fe528caae588c83c7d1716720dacbe9ab27b7
10620094b2abaf7d0657a10696a9b2bf066c0b35a35d19c5e9d45711b8c5a1ed
10ee07df1082f3e5dc7d3fcd15681311a2cddc6e727970ae4d37f56116a6277e
11acba82dfb17482338d62ae1b2b917b9a051d5ab8973cdae4ddb4c21ed2e35a
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
1349ab831d930c782baf6577f44cd810053db33b587e604e2fdf959da87974e0
147a24c2b8388652d7774b60c5ea07cf37a00ac99cde96b51f07e6acb64d6ffc
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1909b2a83fd41494d94862c4323944d9d0aa1f1e653f252ea5a73fc5944308b0
1a098b8bb451bb0d7e35e1b9ea7686f0d64c77c7e4397d87cfafa0ee144e4527
1a547efbfd785ca2ec616b6f6c340445e23b1e09815215ae5c701306c399e895
1b26c04ff19851d0780ba6dbc37d4920b48f3eeb54963c9ea1667941e01bb7ed
1c048d06a68214faca5ad1302e44004e4deda4e7493915cc47f45e746083819e
1dbfeb07cd50a1857b9576b5415f8a4c6ef010279666f39448fa0aa125d433b7
1e0cce612c097d50694c628441252d87f640626ff88cdd253823ec2bc63e7301
1e9128de5f89cf19cdc26f5ce0a75065e481dce50e0f264162aa67568c17e4d7
1f1c0e9e76f5baa28c2453d0d02b97d42e5f66283f0d3058a4ccc366e7f2411a
21061765237c66c10b48e236063a3497c22d33629e98f8654d1a3b860fa48700
21c7b4a55ddcf0f40806dbec924729bd87dca55501380f6e6069b9f6e3492437
22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90
2339063f773f71e29b5e547d05eb56ccf913addac2fa2f77d9723522e4692b91
2457a48cde8c80f138de2db222d5312f30ff66c51b81baccee8f9caff6cf630e
24f51bd1908032a537d51eb7a3c7b9495059875aef2fa8dd1c42382c9d3c3242
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
293913879d30bab7499013e935009f5183facbddd63bfc9656a859622590b80b
2a2917d2e4ffdfea2569c6ab9ad1fb95737586644007d8907b4f81c563716c35
2abc07f83e0a9c350b5580983d7eb8249eb5848c40e4762770297b9e67eba974
2d02d165cb720aec2fde78a93113a459729e0503951353f719076bc5b4a7a845
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
33cf9eb8cb0b5898801b7d7c6c28a479c6327a1d5bab99830f4988bee772a8e4
33ddfd27b2c73f9f7aa019ea8724ee345631c431374c387148b1333ba52c1bce
3419b8ceb6afd9f8aa7ddc99052782ab8a6366a6060d7b8ca126857dbd66ad04
354c415490d5531e0531928f79cba1d842e27354154ac39ab55cd0303ccf10c3
357452f2a55c999ddd3afdcbce2c339d41cf7a01613d9d45ff88a753bb82f21d
36e78f0c23f2ae3fae3b749a11f235b416de71bfd74d6805db09a400289d9c5e
36f7e89cb79ed00bb3eb43644501e42b98563e123c2144542adde59a40e3229b
383ed29b9d82e132112e0e61cc5052910417147ed9224896c2c710cefe477209
3880842442b1facf6f4bd2601dcc31216ee2c3c0f4b2c01cb6fb4c6bb05221f6
38c59c1295ab6c317f6a9176e5dab3d883ad5d5c013e419a5446d8f4747e0f09
3aed79010fbe2de5b979c31502c15d33e28c6565562a680f994f12e555eeca84
3d7c7efab021e9e62bc332cdffc52226ac5bb888cfa76bfde4a3a183159b4bce
3d7f3eac6782e7549d2341f3b0464d664aacd6aa769c828ef59b038831ac18a2
3db2afb2d2cfef4d21e7c775ce50ea302e5b3d74bf41da85b9e731b535016877
3e2681c1bbec399a67bb3cc49ecd03c80183d208813262543d11aac8f08f689c
3f0f75e4fbf033e656ee456d241053b59f6b2a7a8b8f01f632047a92cecb3bc9
41c8460c9c718fb0e8c275b7baa9083f5477ec0919bab552ef952ecee74c567b
428318ec3ae0535606feb3deffff0b0abf1ca1113529a3e8a94c246d1b9c668b
42b853168bb627593eb95b83db66183f7b3bd442db24c37398f1958d1451acd6
4397caa8ef822f0587ee06aaaa5693b1431bf58d2dff4d95054461cda1ce6d9f
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
44d08ed32b9bc1bc925af6154a2316e8bb71c4bf29dd86c80ef705265fc2d319
454b0afdf103919d6977c3af4e3b7acfab697a78f59e39bc7c13fc1e90b8bcdf
48328e939097ecbf9eed702abb97c7e8f71db03a6e64e16beb5a7a9bf24bb0e1
49242b996859ed26638af733509c54ca4762d500831167b139da0eff9078bc7e
4949e54bc1685c8754c0b2037a34ae60d859922797133862c2a9165cb9ee8e80
498be1c90d7a52c2acd8476b19d685749221a5fcdcb0a6f715c12683e9fc70b4
4a8c3e0599835e2806679170a98e213ad2b0d655e5a253c34102046fbb8e0350
4ba1b25e68d60244006d6ce251be9fb095fdc07867e47481a08b4e048dac6d0b
4c878e04af5ee66469acf284a8fd5cc0902b07bc7abb4d571e99b71f9739917f
4ddb98bef9732a8caf32acb37b5799bd27556ca0f2a26b9b6e17b6d0d77b66b3
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e4e0807293cf9e041e5ef753106df37ff0d481ec9344c03c12d5ee6b3eee0da
4f1eda09a033b2e2138b72154fa00c8ba52b6f54f1a2b289500221be7363eb72
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4fb80b7bf623f709e8773d63406d7d20cbb8dda584d2259f86b7cc94050923d1
4ffbc8cacaee81d4dfdd84917de8e6efc3d66043753be2e9d9273adedc99eff9
4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601
503a045218d3b107ab8e26718b14257ed4093fb86bee7e9fc715eb22b00a2593
50a897de75bdd70ce9553f392452dde4204b135a36370814e5d29b9e80364ff4
53b12b25f0f6b13a43b08fbd96d2c9bfc0c668b775dbc30c84911f5a64a43764
553e30cc53e93e69f087bc068599eba35328299c4af3a7685ff39577c4a35316
557f6d0883db85be712c3a77baa38875ddf99ecbdfd6fec98e5c0b1f7a0e1532
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57b074dee06e5cb30aa2d0b0ee0f428e422b3e60c54b4fc729416d90ada97823
57d6b25be8e53edfbb469bf824f2d63f1d27f9cf8be3c4a65cebd2b104e21e40
5955c7aa7ad3e75362055d74597c84a28066b0f653315a72b94a43262847c352
596049db1cb81f86d1bf1ece2565e5d5116f55e4b62ac503cec0d35887c934f2
596999469e73831df3434f419bb097e6fe80049c3ed87b34ccda50f3efc2fcfb
5b5da5a6a23c58b2d4d912b58cfb30ee461185651a79659dcb326206cd793b25
5c8e9a0d9475b9ddd0acd8ee0ef037f76cdbdd267adf0e197f83ea08fccbf4d5
5deff4163ad18316aaf1c5ed1aaa3a85f47051686787ab2a2211bb676bcee8a8
5e4b8eee13bf34c61c4da4ba0abe8a2e77781508ab5045ead1bc31ef7a832fd9
60631ed8f1dfa6713ff9e30fec41786aadc477c0cac5a75dca66b5a49f76b901
60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63fa618acbd7a6c82c7cb2d6c68db77c612bc69cd92765588e082e819077cd40
654400da854cd877b48c677289172ef110f9a42f1af950e07dc9c6e646f89645
6588429337f7d5c544edaf371cff5f0b977bdc35637a19ecd60d1d8e906ef6f0
662965fa73cc33cae0885f2c931c058093a875e5d368694041967c993fb4cc1d
6652f91debdc5c13949459d4cf26f1f7451b073c923d0e4665091d0935e78039
66ca7c348e680f7724f6078f4e097c09ee8b168427560a3092208ef38243a429
6a4392634f493b4f5e97c3c3d167b1c3dc8421cdd6066d219c62cbbcf02320fc
6b44a9371c442e411b7592b1da6f03cf9711e1d91fd790c2b25bab8dda4d62ae
6b54b9d51b8e7575fc6ac2e2bfd7826e021c3385b15f6e07581d58234219a3ce
6c0d04d68f446d70590b6038869184bccbe976ae88566b8f53449be6622c672b
6cd53f38c67af6b329f6235c8c83c2b0fb9b1fdc1c31dd8c506e5776a9591c38
6def1bda699ef5e604dde98b184bb397b4b13483b2866ef5fb52fe3af531310b
6fe188a4c3903cc6d44a93725ecd1f642d405975f72b37762267dcdf57024b87
7061699be7143d6535f94d889b049c341da0cad4e916fc20adcb8a6e3031e1a2
715394d386c1ea514490b365ea759182b2d3af1ca01a6c74082a9e9e41a92947
71a053c80bf9ddaa8850853f45bcce8ffb33f8d0c882cdee3d55149c37d3edf4
722b4b41d53c9ff767cd1d9b33ced439c2aedf3c6eb8df5a7e2ae1a29c968142
7365b57cdba2fe0b48b54256506152ada03e70fa3e671c44bb643fc840828a3e
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
74de4d96a9227b0959f62e505d2594fc5bc2c641c0b61588f017019c7248ea3e
7930f49c4da455b5c7dd46dd4aaa7260afedf32a341da9fa5f6867cdcf4acee4
79fb583750253f16f5b61da1776fc8c42de42b9ea7ce91dc345cf6b4f77bcae2
7d3f245ed19e4ac51ec4433c7643b67e0d733b2ce13dcbaed2436beec05336f8
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7e34e3650444be4442224a77990a95d0ba66457124adf9e73df76e8134110d1c
821696d4189194f931737c0b3c3c9036343730cb24a59ed8a15fea3b83070bf2
82df16c2b9566862302bf45688a07667a9e658325d3fb54e5dcf9482306a39fa
839d612094d249b2a61350df1c5a9bafd943738d63b9133d7fc9fb1cc9520f70
89c3ad3e8c3cd362f2a6a3ca4c5d33a0ef106ce34b2afc561340178e57b54e59
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8ab4189d67c93c85b88f2d2b03ed8aad1afb083b444bf5714b401de3cfcd4260
8bed61e1221b8cff4aed0750210db216f6d2de5fb31628088374975882257a0f
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
8d845a019e916b6833d8a0b87c90140b9a5ab1e32ad4637df1bd63410b052bb2
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f5f2153ad5cb09d36ecbcbfd7b568be6ab58dddcc7434e68a2be3e002b0de47
8f7dc16eabb68cee071897c75fd72a84a2a009d2e8875661856fed0dd725db7e
8f82ee58d2108699a11f13c771a5ae5a95bc3360928e9c462198b195f8b9b4bb
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
902c37db212d82b5446cc5eda9bb6338ec87e8da816d8547867c8dc6c00515ff
9035c124a94dcc39096e0dfcaad6d78e94615a125aa1b727d010a97212d4dc5c
90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e
927e16d837ac9f46ddb4a64c8fea1cbe39343902c91b14e11b484e9b01f98cdd
9284d948e86d2e99f31483b5f4b3a4c3e65e0a6fbca9a8d2db8c6095f82ac3f5
929701ed632814943e3df803ddd9e3f179ccf889c0ad7b7f3392bd8d109b174f
94c3b7aef4f2ff7f46aa44ee6959cd1420a433a41e70bd8d901322c895752468
959b9f9e7e9b0627ee5be97627c8208c05d6bb65102dd00e588a2fadfd5a53ce
965195159be784009cc31e4aff2505c066643cf8cdc99df7f56c2eab2abeda82
970275342a648f659763f14e691ccc48d56256ff130d4cfde8b996698b976fef
9745abef688313fc70a7e223365c318f97958cdf075827ec40486fd08d06af2f
975eeffb0ee7d07345ed5da3f8665210bfcdf29979015310f16e1e6e0ff0528f
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9d47816d0f275c8c2e3ab4fc230ce61d1372fc6b2202e7299c1bcc04f47b9b8e
9d6b9a1828d4f385b96567b46c734f0ee46f425c74db5c0e3a2b72ca8b2818eb
9d7da1b980a95ff3d31d0bb8733cbabd1d210ec601d15a1aac2b67394a33191d
9f75d4ba3fd309652e5518806c8527a4673b5852b88d66794f9e76e4577a8f1c
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a17fb8522bf74cf6b5cb185b7f6c7523977c79fe051071bc0e38aa1f59b8174d
a288f6d8bed5da66244881b97b6355d945f6ca755c1fc09b750724745cceae03
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a2fa2b713df791359589a9ab671a0ed13a83997e0759ebc5996adc0b18a722b0
a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a543b20306378c5993b2f42f97aa87783702245a904583a6c65e4f2ed9f6fa77
a58adf21966a1a3b9d72d848f887b2b05215dd9876c6afd9411d54d05675f9c4
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
abc2d6da702628cd8c1e74f199305540e51948ed38b7174ef982f749b5b03247
ac9374c15c2dd33932d06810ca4fc8b898f179717876eea1da3fef616f4e3b37
ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910
ad6c479be2d4b755cc4ea94ef064471037e31a6eff63b8267d296f808f1bee83
ad7e083534334c971dc195c8d625f4d9758c0b09849ff5a47b1bee85f8ef4b55
adc57765182c59aa6a46c69637e667f13a5a4ad348173f1dda1f37d2a16899cf
af778e059e32f18a6016ab0c2cdc8900a7a5a27c0271ce43cd578ce6f8d3e442
b04fcca2f773793b6f7daf1dd57463e353a3012cc55662a5024d4a21c459dccd
b1deed49f89b542fc47812be6f25657f4a2027e2ba563f1c5db9ccfb68a885b8
b284e6b93a42b5cc3ec4e7c3a0e5c590aea40e8242ed1dee47e6df534c15e524
b3954db5bae81e4190c9ee8bac12ef6e126bc072f1b5d64337a974659f00c5fe
b5210fa83a7321389f40d97bf8c28e8cd3ed571fa4577272f931d7fa9dc9a187
b55131eaef425cb84b957a28df5881c3c83eb11ca9c01e3abccb00baf0e377b6
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
b695656c762becaf0e873d50639b876ce6cc774aac637e6d4aaa18093266a4f6
b7ab8989fc4fdf71dad241d721ae8397c01e29c5d5b09050b16f99d0ed297dca
ba98e735ce0f8021ed850e1cfd1e5f20049e17ac90b3bea352b04324d045c233
bc538eedc38bd9919874481dd7b1bfc9e95c1d848ae48a1ef6bb628ed24156c8
bc6555743d11492b02d29baa9a7c9084a5946a9507300097ca8c62dffb4fe230
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bd6dda3af54f48092c5fd6d813a20db9139a6ef3c17bb37cbbb98c488426913c
bdab1c3978eb230cd7809a84424a184ad363dcd802dba528615a85d2765a124f
be7f27179c849f3e69bc6082925749287af2273c220e765778a7a4a980c4ecc7
bf5fe6c5afd02930d64c1ee2bfb855cd4d52072f72511b941f366af1e9318c40
c41c6fdb2b2d755e2841a668b97bc32b789f075888a32ec6bba3b6cd2d64394d
c5b2a7936797bafdc55711aa8a1a31d9114c69689fbdfff18c9472ee93429e3e
c7081041f8eb7e8011e73de1556b636ab3627459f834f9ac532ec0928b1f2611
c76f6bfca9e1383c42a28e020fe3f16240e8f27ab8cd2815f37a14782eb45406
c92ee2460b4063f46ccd0ad0e0a68d212c6b756c4a0ef3a7fdf0afe0989781b1
c979ffd70003be58ccc574778b78d9303e8b5b3494a6cdeb01449d65a5a815e6
cba43d4d86811c781e4820c2151876a73aba2899d0e4fe1c58bb90980bb06286
cba47082178b1574a96fa49c257693082949237914f632073da2f476dc81e0db
cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a
cdd9d614033bbea0d12c55f559381760267802641e35634e6a3b033ab8be272a
ce4870039b18e0e087af9e46c4463eee8ef304068c383668280e487bb9cbab96
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d4b0976813afe99e70baeaef4ef1ee77ed72fb5276cce430c75141ffde9d90a8
d7bb3c50cc5b07cea81e62a53039ec4aa49cd718058cbf799eef27bbdb5b958c
d87ddf917b7a1449ab45e2b8e3c98354629bdd65b6659c37e6023bbea1ce1386
daddf91dcc24e20b9ef30e0fc56d574b6b00bdb87d883620dc29ff847d2d29d9
dc68107e71c06ee306e742da349fad5204c19ad823520b0c9d1d3a0cff662a1e
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
df04d59c89f40be58c072e4113b5ef075673c947a655fea11400b3cc25b44d47
e00869dabcc0043ef3346bedfb4afab35f3d126e3963a0a70bd744161917ad66
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b2277d74e32021a0028209b27e46600204c5b587c39f5b2e61c7e594ba3bb7
e41fe25c4cad8930ddf6f8c798e72d77b350b2ace6fdf9cf7d203c5f037339de
e4446065ebfb65a302d17b88e2c7ed326d8402769eab0843833dea049a65c992
e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb
e72901a5cabcc2459283aefd3cba9917b195d004afea2137b3fdb586dfc27ce3
e78f35df00efa381a2d6861c8d2497a13df9cde7cec6769588a11d81fbec8dfb
e86716d805a037b21b66684f25ce5f4b92fb5d9768323537dc4d67e0195e8a6e
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
e90232fa519c3b428277755817c64d59056677920763465a851275ed53cd4d0b
ea0776169602aa06ca7e5f4f7455bbc86459d46ca900ed665bf9fe077c77b40b
ea15d3c9032b89f389259ec3228a035419a55e092ee25d5f944ff90b2c312508
eaa3d12c6890efadb732d28d679f37a9d9f513ac686e7de453e82000612a7536
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ecef0c0b515a4548e99c4636b57a9391253e9027dd0f21f277eafbebff2ed4df
edd03b96ae4ff7886406c59d7dfeeaa1b624a7da297bf2f92d0cb6b7f9633cba
ee7c644c591cec61ddf1b090547fac75e06593f99c3f16df08c0e67f14b648c1
ee9a49aae5d1fc7602361ae5c6d69fc8eb128d007b4dee67d42ce19bbf2c87e0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1330315b1d13bbbc12b67d53842a4c759016610c7efa38a2ea240878e1b9bc4
f359ce241c87d02ff076f9162c0b4b3467c56255517018a2930941de7ad09e34
f3b0f456e186c9df28e31d734f55653a6423f31ac6325d71712784c868604b06
f47e25f5f66ae29f75079ca55187a0638285cf348432b70e54964223d3bd9e73
f53136d93b874d5ba193020ce13caae15abba12c500047c98985c3334a5c8c42
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f6b74f889513d7a2de71597dd2b3094f883d00bac1289d776cc30d4672be2daf
f7b2ed50f1f309918afed3374fbaa94d11d2bdc6e36727598ac6466d56ace54d
f8b0220980de4339ca04d32bc5656435847fecb3a47f2eac38e33277e18eddc8
f93eabed9db1894c7c76ceaaa899450f82a3f9e4a003b1753985ad35b2e86ce0
fab32ccef85408b763c899ad7c0b910c96c76dc9ed7158ce304fdcd3c0bf8388
fb03eb8e36bc12e8babab36c75820a0e1d77001c6b5f14ea38bdb1a956b158e4
fbfd3438e10ab28f28f2e1a1fb2ab3bfa431336af08a72f597c0d4d73bfb046e
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869
ffa8a5f82441ecbfe35c4ff7df5bd4cc92b0070b49298445dcf7235982a3fa63
ffbfd8f1aebb8e1f2ab2bd88ec07e5d113c515ad11233492317e8dcbef87c797
ffdf271feaccd2c05358962c7ba2b546c72331276dddb6bf6bae694fc0f7992b

leviatanscans.com Open in urlscan Pro 2a06:98c1:3121::a Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

599 Requests

96 %HTTPS

39 %IPv6

62 Domains

100 Subdomains

76 IPs

11 Countries

15350 kBTransfer

43734 kBSize

52 Cookies

7 Outgoing links

Page URL History

Redirected requests

599 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 17 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

leviatanscans.com Open in urlscan Pro
2a06:98c1:3121::a Public Scan

Screenshot
Live screenshot

Full Image

599
Requests

96 %
HTTPS

39 %
IPv6

62
Domains

100
Subdomains

76
IPs

11
Countries

15350 kB
Transfer

43734 kB
Size

52
Cookies

599 HTTP transactions
17 data transactions