www.live4d2u.com Open in urlscan Pro
2a06:98c1:3121::3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://live4d2u.com/
Effective URL:
https://www.live4d2u.com/
Submission: On April 23 via api (April 23rd 2023, 3:37:12 pm UTC) from US — Scanned from NL

Summary HTTP 262 Redirects Behaviour Indicators

Summary

This website contacted 32 IPs in 7 countries across 27 domains to perform 262 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.live4d2u.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 16th 2022. Valid for: a year.

This is the only time www.live4d2u.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 12	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 9	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
53	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
2	133.186.12.16 133.186.12.16	10010 (TOKAI TOK...) (TOKAI TOKAI Communications Corporation)
2	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
21	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
12	139.45.197.251 139.45.197.251	9002 (RETN-AS) (RETN-AS)
1	139.45.197.236 139.45.197.236	9002 (RETN-AS) (RETN-AS)
2	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
40	2a00:1450:400... 2a00:1450:4001:80b::2001	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	182.22.31.252 182.22.31.252	23816 (YAHOO Yah...) (YAHOO Yahoo Japan Corporation)
7	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
10 19	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
5 11	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
5 8	185.89.210.180 185.89.210.180	29990 (ASN-APPNEX) (ASN-APPNEX)
2	2001:4860:480... 2001:4860:4802:32::3	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400e:3::a	15169 (GOOGLE) (GOOGLE)
41	2a00:1450:400... 2a00:1450:4001:82b::2006	15169 (GOOGLE) (GOOGLE)
6	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
2 2	18.198.72.223 18.198.72.223	16509 (AMAZON-02) (AMAZON-02)
2 2	54.93.65.156 54.93.65.156	16509 (AMAZON-02) (AMAZON-02)
2 2	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	216.52.2.86 216.52.2.86	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1	185.86.138.155 185.86.138.155	201081 (SMARTADSE...) (SMARTADSERVER)
1 2	51.89.9.254 51.89.9.254	16276 (OVH) (OVH)
3	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
262	32

12 2a06:98c1:3120::3 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

live4d2u.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.live4d2u.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a06:98c1:3121::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

live4d2u.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.live4d2u.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

53 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 133.186.12.16 (Minatomirai, Japan)

ASN10010 (TOKAI TOKAI Communications Corporation, JP)
PTR: p016.net133186012.broadline.ne.jp

cpt.geniee.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 139.45.197.251 (United Kingdom)

ASN9002 (RETN-AS, GB)

upskittyan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.197.236 (United Kingdom)

ASN9002 (RETN-AS, GB)

eephaush.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a00:1450:4001:80b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.22.31.252 (Japan)

ASN23816 (YAHOO Yahoo Japan Corporation, JP)

yads.c.yimg.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 142.250.185.130 (United States) 10 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 185.80.39.216 (Canada) 5 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.89.210.180 (Frankfurt am Main, Germany) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::3 (United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400e:3::a (Ireland)

ASN15169 (GOOGLE, US)

rr5---sn-5hne6ns6.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

41 2a00:1450:4001:82b::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.198.72.223 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-72-223.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.93.65.156 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-93-65-156.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.115 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.86 (United States) 2 redirects

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.138.155 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.89.9.254 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip254.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.58.212.162 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
100	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 129 a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 177 ade.googlesyndication.com — Cisco Umbrella Rank: 317	890 KB
49	doubleclick.net 10 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 269 googleads.g.doubleclick.net — Cisco Umbrella Rank: 67 cm.g.doubleclick.net — Cisco Umbrella Rank: 313 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 394	407 KB
41	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 373	611 KB
21	live4d2u.com 3 redirects live4d2u.com www.live4d2u.com	220 KB
12	upskittyan.com upskittyan.com — Cisco Umbrella Rank: 314358	61 KB
11	casalemedia.com 5 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 876	8 KB
9	gstatic.com www.gstatic.com csi.gstatic.com fonts.gstatic.com	140 KB
8	adnxs.com 5 redirects ib.adnxs.com — Cisco Umbrella Rank: 319	8 KB
7	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 238	341 KB
7	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 130 www.google.com — Cisco Umbrella Rank: 16	2 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 119	5 KB
4	google.nl adservice.google.nl — Cisco Umbrella Rank: 11490	942 B
2	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 1124	489 B
2	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 883	1 KB
2	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 1037	1 KB
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 427	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 1332	2 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 91	20 KB
2	geniee.jp cpt.geniee.jp — Cisco Umbrella Rank: 64896	39 KB
1	smartadserver.com ssbsync.smartadserver.com — Cisco Umbrella Rank: 1052	75 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 447	461 B
1	googlevideo.com rr5---sn-5hne6ns6.googlevideo.com — Cisco Umbrella Rank: 51841
1	yimg.jp yads.c.yimg.jp — Cisco Umbrella Rank: 35153
1	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 7421	546 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1132	602 B
1	eephaush.com eephaush.com — Cisco Umbrella Rank: 160327	462 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	44 KB
262	27

	Domain	Requested by
53	pagead2.googlesyndication.com	www.live4d2u.com pagead2.googlesyndication.com a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net www.googletagservices.com securepubads.g.doubleclick.net
41	s0.2mdn.net	www.live4d2u.com s0.2mdn.net
40	tpc.googlesyndication.com	a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.live4d2u.com s0.2mdn.net securepubads.g.doubleclick.net
19	cm.g.doubleclick.net	10 redirects googleads.g.doubleclick.net a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
19	googleads.g.doubleclick.net	pagead2.googlesyndication.com a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com googleads.g.doubleclick.net www.live4d2u.com
19	www.live4d2u.com	1 redirects www.live4d2u.com
12	upskittyan.com	www.live4d2u.com upskittyan.com
11	dsum-sec.casalemedia.com	5 redirects googleads.g.doubleclick.net
8	ib.adnxs.com	5 redirects googleads.g.doubleclick.net
7	www.googletagservices.com	a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com googleads.g.doubleclick.net
6	googleads4.g.doubleclick.net	www.live4d2u.com
5	fonts.googleapis.com	googleads.g.doubleclick.net s0.2mdn.net
5	www.gstatic.com	googleads.g.doubleclick.net
5	securepubads.g.doubleclick.net	www.live4d2u.com securepubads.g.doubleclick.net
4	a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	adservice.google.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
4	adservice.google.nl	securepubads.g.doubleclick.net pagead2.googlesyndication.com
3	ade.googlesyndication.com
3	www.google.com	1 redirects a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com tpc.googlesyndication.com
2	onetag-sys.com	1 redirects a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
2	ap.lijit.com	2 redirects
2	image6.pubmatic.com	2 redirects
2	x.bidswitch.net	2 redirects
2	pm.w55c.net	2 redirects
2	fonts.gstatic.com	fonts.googleapis.com
2	csi.gstatic.com	www.gstatic.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	cpt.geniee.jp	www.live4d2u.com cpt.geniee.jp
2	live4d2u.com	2 redirects
1	ssbsync.smartadserver.com	a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
1	pixel.rubiconproject.com	1 redirects
1	rr5---sn-5hne6ns6.googlevideo.com	googleads.g.doubleclick.net
1	yads.c.yimg.jp	cpt.geniee.jp
1	my.rtmark.net	www.live4d2u.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	eephaush.com	www.live4d2u.com
1	www.googletagmanager.com	www.live4d2u.com
262	37

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-16` - `2023-06-16`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.geniee.jp GeoTrust RSA CA 2018	`2023-03-17` - `2024-03-09`	a year	crt.sh
upskittyan.com R3	`2023-03-14` - `2023-06-12`	3 months	crt.sh
eephaush.com R3	`2023-02-15` - `2023-05-16`	3 months	crt.sh
*.google.nl GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
rtmark.net R3	`2023-02-15` - `2023-05-16`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
edge01.yahoo.co.jp Cybertrust Japan SureServer CA G4	`2023-04-12` - `2024-05-11`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.c.docs.google.com GTS CA 1C3	`2023-04-11` - `2023-06-20`	2 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh

This page contains 31 frames:

Primary Page: https://www.live4d2u.com/
Frame ID: 642A7EA0C3B7C28695BDBDFC40CDB515
Requests: 55 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20190131/zrt_lookup.html
Frame ID: 240157318E8CD801903287C3DD2FC7D1
Requests: 1 HTTP requests in this frame

Frame: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 9C1B48880298CAE1F64CB7154C3539C0
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3078197180359812&output=html&adk=1812271804&adf=3025194257&lmt=1682264212&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=236x945_l%7C260x945_r&format=0x0&url=https%3A%2F%2Fwww.live4d2u.com%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682264216734&bpp=8&bdt=270&idt=283&shv=r20230418&mjsv=m202304180101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5810496401882&frm=20&pv=2&ga_vid=689703812.1682264217&ga_sid=1682264217&ga_hid=1545632594&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31073974%2C31074065%2C44788443&oid=2&pvsid=4459930239540501&tmod=23764774&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=303
Frame ID: BE0956886B483D6B2D4DC9A98E487ECE
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3078197180359812&output=html&h=250&slotname=4525018427&adk=1147796549&adf=2045739810&pi=t.ma~as.4525018427&w=317&fwrn=4&fwrnh=100&lmt=1682264212&rafmt=1&format=317x250&url=https%3A%2F%2Fwww.live4d2u.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682264216742&bpp=2&bdt=279&idt=301&shv=r20230418&mjsv=m202304180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5810496401882&frm=20&pv=1&ga_vid=689703812.1682264217&ga_sid=1682264217&ga_hid=1545632594&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=1942&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31073974%2C31074065%2C44788443&oid=2&pvsid=4459930239540501&tmod=23764774&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=g07nfkb9eh&p=https%3A//www.live4d2u.com&dtd=305
Frame ID: 9846E4F05B08C5BB8C6BA7DEC71CDE6E
Requests: 22 HTTP requests in this frame

Frame: data://truncated
Frame ID: EE152B2E4A19761FD2610588BA0EE9B3
Requests: 1 HTTP requests in this frame

Frame: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: F81852D585B83F1E366A173B82A55D00
Requests: 20 HTTP requests in this frame

Frame: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 9853FA8DB98BE83F093B8128A2B6AB7D
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKTkFBCeqZUCGNLZuOYBMAE&v=APEucNXizi9_6JrHYQef_aLXj2c8NJvZQU6nmxzlQJZdYPa9iLRuJEhnHr5ZX778gQteJdq9z-7FvAXM1DcLo1SqcKX-KHCQH04hqBMLwSG6mVWN5Jt1R-XxyiggvdO1LbC0hqVFOM0E0cHj1tYc74lfH1DJF0A9QEW5Zdd8aUd18bWdEtRax9Q
Frame ID: 0F0CE71796591C975206BED3B35730DD
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKTkFBCeqZUCGNLZuOYBMAE&v=APEucNWb3lLmMtxgLp4RI3KdbyuWMWsY7zNMzRs8lYIanmuRTl0r0beiNay5L5iBOtNJUnMW0nankU6Cg4GE0MG0H-3JcZPjDX-tyBdsVM_huWmEFQ50Z70AwVDGyQPC7JoU5rERbagtt-aL7X_3yErikZJIrV0R_hjWV0TMgsZNhQqIv8g1DO0
Frame ID: 045674746F009029E1B29079C789AC51
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 436509579C70A7135C515979AED1681F
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=7RkkT51Oen&t=1&renderingType=2&ev=01_247
Frame ID: A5585D615022FAA02D898E5242339A62
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js
Frame ID: 91AF82039FE7A19A74762989A03D9F7C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 798A4F77D43E6019796B733F719D4997
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1
Frame ID: A44C1D65824C0BA6CCE3CFBAF2A5591B
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1
Frame ID: 651619E7CC4923C14761002C9CD7BD24
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1
Frame ID: 1FCAE9C4318C6C11523C49906332E73D
Requests: 14 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=XuSBzysLFb&t=1&renderingType=2&ev=01_247
Frame ID: D507EF45959DC80F294AF93D6A31CECA
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: D6FD7075A7507CBF8F65DF0E8D31CB1C
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js
Frame ID: 1BB1274BC7C2A9232AE86F43ACCB8287
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js
Frame ID: 06EB2A3DB2DF04DD20B499CFBBF2BF01
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js
Frame ID: 68482826CF29C77A97A9F4158E6C1C6F
Requests: 1 HTTP requests in this frame

Frame: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 0BE6C5D4B710BB33EA82C76A1DCA8483
Requests: 21 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js
Frame ID: 8813EC4AFAE0D268B98900071385B92D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvoMhDRuDMYsL6EwQEwAQ&v=APEucNUfi2WsquV8Kz-qLjtXiRsOk9hnUBrv3MRvbwoauy-Xz62ebmB5zfE0icS9ufaSkRWQgwRPwL2AdORhiGerIzLNi8G_H0bki1orB9xcNDI9VyP7Dy6y1aODZRfDDWaKr6QjrqYqcotITCD27Mwr6t0a-3DuvbV3GXb8NOOytf55hh-ndgs
Frame ID: 8DF0D21AAAFB019D1320E74323570644
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js
Frame ID: C6CB29630D1BC19C06F77E6EB984A680
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247
Frame ID: B75A96FFFC22AB6ED02C67B5C3CD95DE
Requests: 22 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C61D25104E8C8B147E97E14D60806426
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8D1BF8E5C83BEF52380C22874EA53434
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 34D6F720144A73077814D7ABC14E7A9D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C41DB5E83148A81D3E1EF4241E73A9D0
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Live 4D2U Results - Keputusan 4D - Magnum 4D, Toto, DaMaCai Malaysia

Page URL History Show full URLs

http://live4d2u.com/ HTTP 301
https://live4d2u.com/ HTTP 301
http://www.live4d2u.com/ HTTP 301
https://www.live4d2u.com/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

Page Statistics

262
Requests

93 %
HTTPS

53 %
IPv6

27
Domains

37
Subdomains

32
IPs

7
Countries

2787 kB
Transfer

8475 kB
Size

22
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://live4d2u.com/ HTTP 301
https://live4d2u.com/ HTTP 301
http://www.live4d2u.com/ HTTP 301
https://www.live4d2u.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 79

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELvUVPkvN3XCS314XUzJbko&google_cver=1

Request Chain 80

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZEVQmcHOC-T7xfcHcdkozgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELvUVPkvN3XCS314XUzJbko&google_cver=1

Request Chain 81

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESELua7JghjYwsY1zXUYRl_p0&google_cver=1

Request Chain 82

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjUwMDYwMDE1MDQwOTQwNTY0Mw%3D%3D

Request Chain 83

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELvUVPkvN3XCS314XUzJbko&google_cver=1

Request Chain 84

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZEVQmcHOC-T7xfcHcdkozgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELvUVPkvN3XCS314XUzJbko&google_cver=1

Request Chain 85

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESELua7JghjYwsY1zXUYRl_p0&google_cver=1

Request Chain 86

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjUwMDYwMDE1MDQwOTQwNTY0Mw%3D%3D

Request Chain 169

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 205

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELvUVPkvN3XCS314XUzJbko&google_cver=1

Request Chain 206

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZEVQmcHOC-T7xfcHcdkozgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELvUVPkvN3XCS314XUzJbko&google_cver=1

Request Chain 207

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESELua7JghjYwsY1zXUYRl_p0&google_cver=1

Request Chain 208

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjUwMDYwMDE1MDQwOTQwNTY0Mw%3D%3D

Request Chain 243

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGv7RXEk7zrqDWiX_AyDy1c&google_cver=1&google_push=Aer7DvI_HuZlSDqQ-O7rV-AeAC_17J6RMGeF5MTPD1QiykELmd034ShK-HIlRafdvCMIc08oag6UkrnwewZ16JgHtcIXpNkWwjuv HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGv7RXEk7zrqDWiX_AyDy1c&google_cver=1&google_push=Aer7DvI_HuZlSDqQ-O7rV-AeAC_17J6RMGeF5MTPD1QiykELmd034ShK-HIlRafdvCMIc08oag6UkrnwewZ16JgHtcIXpNkWwjuv HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=eGc3dXhPTEoxUFFCTFI1&google_gid=CAESEGv7RXEk7zrqDWiX_AyDy1c&google_cver=1&google_push=Aer7DvI_HuZlSDqQ-O7rV-AeAC_17J6RMGeF5MTPD1QiykELmd034ShK-HIlRafdvCMIc08oag6UkrnwewZ16JgHtcIXpNkWwjuv

Request Chain 244

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEF1lzOj7VWS2LK2OMU8u_pw&google_cver=1&google_push=Aer7DvIi7yf17TFhHPxWHrcObRfd_t46vbZRk7hl5LjXr-yMQlHAHwKzwvGQLWu1PI1yAccQbrprIeNIft5NZjtC4YZvclaYj_UZ HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEF1lzOj7VWS2LK2OMU8u_pw&google_cver=1&google_push=Aer7DvIi7yf17TFhHPxWHrcObRfd_t46vbZRk7hl5LjXr-yMQlHAHwKzwvGQLWu1PI1yAccQbrprIeNIft5NZjtC4YZvclaYj_UZ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aer7DvIi7yf17TFhHPxWHrcObRfd_t46vbZRk7hl5LjXr-yMQlHAHwKzwvGQLWu1PI1yAccQbrprIeNIft5NZjtC4YZvclaYj_UZ&google_hm=tco_1oDRR8ifBr-AwX9u1w==

Request Chain 245

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEP-t5p5U8ycMnsMOw_TP-Vg&google_cver=1&google_push=Aer7DvIn9q_YqXAngy9jxiHl915Hb5PR08h9RRHrw9bsfDI_iH0l1YhkFVBnTcIW7NyPZnKNZq9p1yu1MqWitOXVlspzJM2VTQvl HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEP-t5p5U8ycMnsMOw_TP-Vg&google_cver=1&google_push=Aer7DvIn9q_YqXAngy9jxiHl915Hb5PR08h9RRHrw9bsfDI_iH0l1YhkFVBnTcIW7NyPZnKNZq9p1yu1MqWitOXVlspzJM2VTQvl&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=6M1tIA7LTv2VfhdjtvHhPw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aer7DvIn9q_YqXAngy9jxiHl915Hb5PR08h9RRHrw9bsfDI_iH0l1YhkFVBnTcIW7NyPZnKNZq9p1yu1MqWitOXVlspzJM2VTQvl

Request Chain 246

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJ0HtupVsMb2ygETqL3f7AM&google_cver=1&google_push=Aer7DvIDh3hGhjeqKqW3yy900o0KKUN3_HKau7enxzsQaFJN-i_swL0fqrNFO6j2PP7WxaScf9nvmL8Op7kbOZxRnTWZ-b2oPXNS HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEdUS09KN0ktMUUtQ1NQRA==&google_push=Aer7DvIDh3hGhjeqKqW3yy900o0KKUN3_HKau7enxzsQaFJN-i_swL0fqrNFO6j2PP7WxaScf9nvmL8Op7kbOZxRnTWZ-b2oPXNS

Request Chain 247

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESENxpvYTs2aejo2s2dEbz0Mc&google_cver=1&google_push=Aer7DvIf3SG-p0JhbUG32txqiYpbB2lOfMc-fRPuAUirmo-utYKlUKHb2e27aHwfZ-EyDPKmMrDaYVUj9QMkOoJ-f54_Me_Y8kOk HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESENxpvYTs2aejo2s2dEbz0Mc&google_cver=1&google_push=Aer7DvIf3SG-p0JhbUG32txqiYpbB2lOfMc-fRPuAUirmo-utYKlUKHb2e27aHwfZ-EyDPKmMrDaYVUj9QMkOoJ-f54_Me_Y8kOk&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aer7DvIf3SG-p0JhbUG32txqiYpbB2lOfMc-fRPuAUirmo-utYKlUKHb2e27aHwfZ-EyDPKmMrDaYVUj9QMkOoJ-f54_Me_Y8kOk&google_hm=Gh4osGZH7IYlRhJQTjuRBmQr

Request Chain 249

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEMA_j00mtatFqRw4JG5J5bE&google_cver=1&google_push=Aer7DvIXJ1kkcZffW1A6_lSwA8KXNhCrfspX85MzgntuS4KlYmf808cRA9NSwjYAC5XOkLWh2w3w63u4UBdjh1UO92GmKNkiyK6Gzw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aer7DvIXJ1kkcZffW1A6_lSwA8KXNhCrfspX85MzgntuS4KlYmf808cRA9NSwjYAC5XOkLWh2w3w63u4UBdjh1UO92GmKNkiyK6Gzw HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

262 HTTP transactions
14 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.live4d2u.com/
Redirect Chain

http://live4d2u.com/
https://live4d2u.com/
http://www.live4d2u.com/
https://www.live4d2u.com/

42 KB
6 KB

210ms
209ms

Document
text/html

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.live4d2u.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

929732c77c22652665aa1a8bc95af878318fe3177b4249ba579670fe4c5d141b

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7bc72f579b5806ce-AMS
content-encoding: br
content-type: text/html
date: Sun, 23 Apr 2023 15:36:56 GMT
last-modified: Sun, 23 Apr 2023 15:36:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F2BeBrVRn6%2BkFup5f%2FiYXMvzi1a%2BZCddW4S82QE893L3Ss39DWH8wHF12BGFYoG%2B8%2B0DKhOQXld7UzW7MxqNYq2JHPPJVCeR5Tm8gHNtNiY4dx%2F66Q8jEW1OdI9yecWl%2FcCXq%2FlKtJIRbPo03X5%2B"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY

Redirect headers

CF-RAY: 7bc72f577b3cb71f-AMS
Cache-Control: max-age=3600
Connection: keep-alive
Date: Sun, 23 Apr 2023 15:36:56 GMT
Expires: Sun, 23 Apr 2023 16:36:56 GMT
Location: https://www.live4d2u.com/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qBuwtweKMFPtbmd%2F%2F1s5Tq4tuMH0zfGbFndcjrbaCdNPCWKhRB5X%2BgnISNcNNNREKHCrwXNDYwUCkA1DrpcdmjpaiOs5SYg6M8cXdLMGxKXxD98NDatRTTgZlVu81Z%2B5XhMmbafZktJpVFZ2EJ%2BQ"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 jquery-ui.css
www.live4d2u.com/css/jqueryui/ 31 KB
8 KB 40ms
37ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.live4d2u.com/css/jqueryui/jquery-ui.css
Requested by: Host: www.live4d2u.com
URL: https://www.live4d2u.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d03e99f0aff5436a6c0e55736133a1d51caead38e13ae380114341e007b723ca

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:56 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3563161
cf-polished: origSize=36607
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Thu, 17 May 2018 07:22:02 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PMwWi%2Fbe3dc4Z%2FnYYRUgYG3v%2B07H0f8xBv4AU4AE2Irn71aMN0H8VJncoXH7ITY8Rt68atG1dlkQghD3bmhABx1WdBaZl6ZpZXC9ARkfoSwsOKoaKGKER1MdbZG1tQSPppwpgoTet%2FUZzjo3eth0"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=5184000, must-revalidate, proxy-revalidate
cf-ray: 7bc72f58fd6006ce-AMS
expires: Thu, 20 Apr 2023 04:05:49 GMT

GET
H2 200 bootstrap.css
www.live4d2u.com/css/ 118 KB
20 KB 25ms
23ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.live4d2u.com/css/bootstrap.css?766292
Requested by: Host: www.live4d2u.com
URL: https://www.live4d2u.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4fe1732b358a00a4c8f34245a3ca175d3f9ebe3f993734e135aa6ac09f06297b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:56 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2608082
cf-polished: origSize=146149
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Sat, 23 Apr 2022 08:04:06 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jSyYGkho2g4ydbZzPCJ5QAV7NTNLLE0EuGTTb%2Bl5uBqSPQOFgLGO%2B3nOYLWEeltL5KrB4BD1MTcI76Ej0VT5qGHlNG6U77nEDAuef12ghcuiZ7fTtMUcU%2B3Ln17Hrbut%2F%2FVaMqnujgN%2FGx1tGENi"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=5184000, must-revalidate, proxy-revalidate
cf-ray: 7bc72f58fd5c06ce-AMS
expires: Thu, 20 Apr 2023 04:05:49 GMT

GET
H2 200 newlive.css
www.live4d2u.com/css/ 7 KB
2 KB 22ms
20ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.live4d2u.com/css/newlive.css?v12
Requested by: Host: www.live4d2u.com
URL: https://www.live4d2u.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec0fbcc690f02ac846b47ff7f1b59edd3dc82deaf19a64739d23e1edbb2bdc29

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:56 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 23565
cf-polished: origSize=7935
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Sat, 28 May 2022 14:02:23 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L5tkjGp3jiznLXfs5qeRI3IdzzgHgtsY99%2FPmwNs8G3ohp116IB9CtW6XZMMPTpXcgwGN%2B9QK3se4HLT1LQz2tEH1cTfebWXG46MLLl5Ptzo0zf59CS0C4cFsAva%2B61fhBE1w4Uop2iHAhT1o5uw"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=5184000, must-revalidate, proxy-revalidate
cf-ray: 7bc72f58fd5e06ce-AMS
expires: Mon, 19 Jun 2023 04:09:34 GMT

GET
H2 200 font-awesome.min.css
www.live4d2u.com/css/ 30 KB
7 KB 22ms
21ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.live4d2u.com/css/font-awesome.min.css
Requested by: Host: www.live4d2u.com
URL: https://www.live4d2u.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: public
date: Sun, 23 Apr 2023 15:36:56 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 11 Oct 2021 15:09:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 244843
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iWeTgl9UNVJqZo%2B4dz5Pn2lQAG1gDmABZ3jMr%2FjjuE8NSbdqapvzP3U%2FN3Ld%2Bip8eCt8EccWGCTW5rk4EaH%2Fp3n60WC9nA3wnvFXuZKvNuAlQA4QrFjnqNiKkyC3R4hPyFDNuPveQ4UbKC1sxACJ"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=5184000, must-revalidate, proxy-revalidate
cf-ray: 7bc72f58fd5f06ce-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Mon, 19 Jun 2023 19:36:13 GMT

GET
H2 200 jquery.min.js Show response
www.live4d2u.com/js/ 85 KB
31 KB 35ms
33ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.live4d2u.com/js/jquery.min.js
Requested by: Host: www.live4d2u.com
URL: https://www.live4d2u.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: public
date: Sun, 23 Apr 2023 15:36:56 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 11 Oct 2021 15:09:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 244805
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1rF2XnhffVl4EtYm1gFFSvN1UnExhl1f%2BT9WOrdf%2Fp5KEhtx4ip8VJVmJ4ItV1ryMCvTBc4hUFqcqqgMiNps66ezQni9oGvhsuX%2FJ%2ByzaStUKdNwub%2B63Mq7gCZl3equxsVMW2yIn8D71ZrQzDlc"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=5184000, must-revalidate, proxy-revalidate
cf-ray: 7bc72f58fd6306ce-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Mon, 19 Jun 2023 04:09:09 GMT

GET
H2 200 bootstrap.min.js Show response
www.live4d2u.com/js/ 36 KB
10 KB 23ms
22ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.live4d2u.com/js/bootstrap.min.js
Requested by: Host: www.live4d2u.com
URL: https://www.live4d2u.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: public
date: Sun, 23 Apr 2023 15:36:56 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 11 Oct 2021 15:09:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 221263
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OVQDZgUCWJT%2BN0nG6sFuacVngzW6COln2NdsgXfg3TUA3mX9cdf%2BqaiWKFtGCpxOMxppR4FhMf8faPbf5pWdyqWijTnOKOxLv4Y5RseI9XGiBfLQ6RTOIrHfZDKwlkjE0UN2lfl0Zgysdp3vKHaL"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=5184000, must-revalidate, proxy-revalidate
cf-ray: 7bc72f58fd6406ce-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Mon, 19 Jun 2023 04:09:09 GMT

GET
H2 200 jquery-ui.min.js Show response
www.live4d2u.com/js/ 164 KB
72 KB 39ms
38ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.live4d2u.com/js/jquery-ui.min.js?20210927
Requested by: Host: www.live4d2u.com
URL: https://www.live4d2u.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1261ad719aa5342a3d5a84d53397546c8c7fcf499e4778b632330cbf7bdf0cb2

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: public
date: Sun, 23 Apr 2023 15:36:56 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 09 Jul 2022 09:58:22 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 205237
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IfYVqLS7WCs0VH0p2YPf38cSLF7vabMPtRUZPXLwoij6gVKACtWFY0g%2BZp4ICAYyHBJ3qiqrXN0B0EfHRCaH69sl4MzFh%2F5yalTRhmQ4RgIwe8kYz8JjuQlEy0no3qPDF8U84EXAprzniodZbQnt"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=5184000, must-revalidate, proxy-revalidate
cf-ray: 7bc72f58fd6506ce-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Mon, 19 Jun 2023 04:08:23 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 113 KB
44 KB 83ms
34ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-31910035-1

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3bb947281051e58bdecf1097a12de077d1aedb181ac2ba63dc6747bd194ca8d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45090
x-xss-protection: 0
last-modified: Sun, 23 Apr 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 23 Apr 2023 15:36:56 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 74 KB
25 KB 156ms
107ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dbd705cda459a9a60a204815d09fce7a6bdba66f7f8f1ce86e82104ac244768f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25053
x-xss-protection: 0
server: cafe
etag: 531 / 19470 / m202304180101 / config-hash: 6342739278968460252
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 23 Apr 2023 15:36:56 GMT

GET
H3 200 live4d2u.png
www.live4d2u.com/images/ 31 KB
31 KB 24ms
23ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.live4d2u.com/images/live4d2u.png?2
Requested by: Host: www.live4d2u.com
URL: https://www.live4d2u.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f3543e422b70c27b92cad0467ab812c07009c851cb96b5450e9c4df4abd18b47

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:56 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5128130
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 31605
pragma: public
last-modified: Tue, 30 Oct 2018 03:10:25 GMT
server: cloudflare
etag: "5bd7cba1-7b75"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tws0zi%2FaATYhL5JoB0x2fOWUKiH7%2Foc9DQVaq6D7nKNU6bVMifWBgrlS2p0lon%2FdTuPxSVqV5z%2F3PWV1ewh1Hnk3DF9sNPjHzBJ2nE5dSAomDy4Zds2Mu9O%2FoFKR4JV1h5MnBuKbhZ3jW9Qf7U7d"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=5184000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7bc72f599a770bd6-AMS
expires: Thu, 20 Apr 2023 04:05:46 GMT

GET
H3 200 logo_magnum.gif
www.live4d2u.com/images/ 2 KB
2 KB 51ms
50ms Image
image/gif 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.live4d2u.com/images/logo_magnum.gif
Requested by: Host: www.live4d2u.com
URL: https://www.live4d2u.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c655a50bd0d775ce29cad2ccfe471421fce3a4069d729b0771a827d37cd80d06

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:56 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5128130
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1888
pragma: public
last-modified: Thu, 17 May 2018 07:22:30 GMT
server: cloudflare
etag: "5afd2db6-760"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Gb6lh%2BXnunOIhJtwo1Yl05eCskMDqDauuOwOVqyfIwY0YRFnIOcRH5l%2FUbV4zbb75sLF%2FMI%2FjMfjOcU7FQo6ubFTvwLFBJKb9z1BiFRMFVxJnUfYLd4YGvMLF0dRv1z9AgCgVxl4njEFs6FOAeR"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=5184000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7bc72f599a790bd6-AMS
expires: Thu, 20 Apr 2023 04:05:52 GMT

GET
H3 200 logo_damacai.gif
www.live4d2u.com/images/ 2 KB
2 KB 23ms
21ms Image
image/gif 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.live4d2u.com/images/logo_damacai.gif
Requested by: Host: www.live4d2u.com
URL: https://www.live4d2u.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6c9736f159ea78dd1d61e8139b723521113cfdcffaf5ed37e4caa089309e90a3

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:56 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 211950
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1826
pragma: public
last-modified: Thu, 17 May 2018 07:22:30 GMT
server: cloudflare
etag: "5afd2db6-722"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tZHVOejkXY9C6ybupe7HqSgj1tj0huKAoGuzl8EOMrT7grr%2F%2F2hwx14oUqJ7%2F2QSMiOEPaWORVgPk6Brw78i4jZD%2FgbxEyi2cT2pS6TPbCCRv830RP4e5MsxZTFiHB0wLSsOduhqpxYSA9c7jF8Z"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=5184000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7bc72f599a7b0bd6-AMS
expires: Mon, 19 Jun 2023 04:08:41 GMT

GET
H3 200 logo_toto.gif
www.live4d2u.com/images/ 2 KB
2 KB 23ms
22ms Image
image/gif 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.live4d2u.com/images/logo_toto.gif
Requested by: Host: www.live4d2u.com
URL: https://www.live4d2u.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21e4f59cfd262f541623bed8ed5a907798a3ed1cb3b72a908b29e4a6f0496782

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:56 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5128130
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1982
pragma: public
last-modified: Thu, 17 May 2018 07:22:30 GMT
server: cloudflare
etag: "5afd2db6-7be"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DI6NXeFrFbCxSw1c8Uc4ViWQQDF62JCtpVpW94PtMbsITiwTevGp%2BhUGKDk9G8puSpSeV%2BIrWh9gt57exud7aoY4r2giVS5WnkN%2BgaSNvWNFEmospAPPPFelqt9%2FCp6m%2B%2Bz%2BUFwCqWMINNn491Uo"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=5184000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7bc72f599a7d0bd6-AMS
expires: Thu, 20 Apr 2023 04:05:46 GMT

GET
H3 200 tiger.png
www.live4d2u.com/images/zodiac/ 2 KB
3 KB 51ms
50ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.live4d2u.com/images/zodiac/tiger.png
Requested by: Host: www.live4d2u.com
URL: https://www.live4d2u.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4eea4750c34468268bf626acb1a6b6954fd99a6c2e2408e8a8b9e4ef3080e84e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:56 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 14079
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2397
pragma: public
last-modified: Sun, 01 Sep 2019 01:20:29 GMT
server: cloudflare
etag: "5d6b1cdd-95d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b2HojTeWSSmRUjUCqYyfOFqDRcqlwLCq4KntKoDRzUyTGtLcr1JfP6oK9U5u8Up2dEcjRM7hyk76JD%2BRqdXvFWJ%2BWsozjPcfI48NPMkKTKKycPn4OualD%2F3RSycltgC%2BhPgIJgfA%2FPKJfrnI%2BYtp"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=5184000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7bc72f599a7e0bd6-AMS
expires: Sun, 18 Jun 2023 17:19:26 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 136 KB
47 KB 127ms
74ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3078197180359812

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a44a5f1f6f364d6f62a11cab7b02b80ec01d3b104889a820a59ba288663bff8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.live4d2u.com/
Origin: https://www.live4d2u.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47335
x-xss-protection: 0
server: cafe
etag: 3520077708005937454
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 23 Apr 2023 15:36:56 GMT

GET
H3 200 logo_gdlotto.jpg
www.live4d2u.com/images/ 3 KB
4 KB 23ms
22ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.live4d2u.com/images/logo_gdlotto.jpg?granddragonlotto
Requested by: Host: www.live4d2u.com
URL: https://www.live4d2u.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 883f7ec366a3fde889c5b1f7d320fb7b0421fe2817839c3dabf282f44b505bc3

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:56 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3392763
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3258
pragma: public
last-modified: Sat, 02 May 2020 16:33:05 GMT
server: cloudflare
etag: "5eada0c1-cba"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qbWk%2BNAcfqaugM7Swp4VTgxfh7Tr678Njc0ypbHV3Gg8GfXdtEduIubsSSrbo7esjaVAaJBU6KiuPnEG7LiWIfQzWz44NEUXaEp7vJ70JRY%2BgIbNQrU02ewbStTBwl7fpHx9Kw%2B80W5iOA8%2BGsW4"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=5184000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7bc72f599a840bd6-AMS
expires: Thu, 20 Apr 2023 04:05:46 GMT

GET
H3 200 loader.gif
www.live4d2u.com/images/ 6 KB
7 KB 36ms
35ms Image
image/gif 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.live4d2u.com/images/loader.gif
Requested by: Host: www.live4d2u.com
URL: https://www.live4d2u.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4283b7de52bd36949abd99c7f8f7a1301ecf3d67f60658fa8c6854eadcb91950

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:56 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 211949
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6242
pragma: public
last-modified: Thu, 17 May 2018 07:22:25 GMT
server: cloudflare
etag: "5afd2db1-1862"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WV17Duqo1UK4uOSTYf3hdhB5%2FV6X8WbSz7oUBO%2FDi%2BPraAAylYXV3B3KfnJ3O1%2FFXQe98W1L08q0Eq4BsA%2FGDFAbR1p8uy36lKO8Y%2F4jSfVZcXITJ1vp0c2Ar88APbABIFH1wbVIaCFwG6kpiwbD"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=5184000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7bc72f599a860bd6-AMS
expires: Mon, 19 Jun 2023 04:05:49 GMT

GET
H3 200 4d.js Show response
www.live4d2u.com/js/ 24 KB
4 KB 37ms
36ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.live4d2u.com/js/4d.js?13899
Requested by: Host: www.live4d2u.com
URL: https://www.live4d2u.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6bc71cfda8cdbff80ce2c9aa77a78e156d2788759d461279093b625a3e67041e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:56 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5132204
cf-polished: origSize=31636
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Sat, 09 Jul 2022 10:06:42 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B926B3OS69Biw6lx6Ovhp1zWnvHgrcdWQ%2BdxBbM6C0%2FAddMMN9b%2FTIr92TwjmYTFHfqWxY9PkY8i0UK4sqeCepJrtdQTFSWK503qNaA8IR9hsVS9daIkY4zJ2VvHUhEeww36aAnkMQxakkoNg1aq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=5184000, must-revalidate, proxy-revalidate
cf-ray: 7bc72f599a870bd6-AMS
expires: Thu, 20 Apr 2023 04:05:46 GMT

GET
H2 200 wrapper.min.js Show response
cpt.geniee.jp/hb/v1/215131/842/ 7 KB
3 KB 795ms
254ms Script
application/javascript 133.186.12.16
TOKAI TOKAI Commu...

General

Check archive.org

Show headers Download Go to

Full URL: https://cpt.geniee.jp/hb/v1/215131/842/wrapper.min.js
Requested by: Host: www.live4d2u.com
URL: https://www.live4d2u.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 133.186.12.16 Minatomirai, Japan, ASN10010 (TOKAI TOKAI Communications Corporation, JP),
Reverse DNS: p016.net133186012.broadline.ne.jp
Software: nginx /
Resource Hash: 7f1e92cb16f20bd83190f07fc52abd60414f15f81f8b83eeefbc3f9e2b9103fc

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:57 GMT
content-encoding: gzip
last-modified: Sun, 23 Apr 2023 01:05:39 GMT
server: nginx
etag: W/"64448463-1d8d"
content-type: application/javascript
cache-control: max-age=3600, private
cross-origin-resource-policy: cross-origin
expires: Sun, 23 Apr 2023 16:36:57 GMT

GET
H3 200 liveos.json Show response
www.live4d2u.com/ 8 KB
3 KB 193ms
193ms XHR
application/json 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.live4d2u.com/liveos.json?_=1682264216524

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/js/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15b5f22a28063d035ffae63c56b203963bf05b34ba3dc62bf789ac772c637422

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.live4d2u.com/
X-Requested-With: XMLHttpRequest
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:56 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Sun, 23 Apr 2023 15:36:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xzC9NYAVdnBo%2F2mF6NalkPyY1pgup8cyNvGOSnOQWH5Et%2BoDzWVbhZmIv9b3F%2BtO9P2DVH3q5Ap4HuvPErRT4rLy8ojXdduHsqkMHK88FMUzJyWxmfRQLkDdlXaHWdKpK%2FUS%2B%2FZQMSh4x0PC8jKO"}],"group":"cf-nel","max_age":604800}
content-type: application/json
x-frame-options: DENY
cf-ray: 7bc72f5a0b2c0bd6-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 68ms
20ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-31910035-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 23 Apr 2023 14:35:44 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 3672
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Sun, 23 Apr 2023 16:35:44 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/ 398 KB
124 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df3f86e8cb9abbc7c08d77f3d0b9a74eb950a97edd59710f2020e8b1b2e7a241

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 08:32:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25487
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 126571
x-xss-protection: 0
server: cafe
etag: 16530882680372410927
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Mon, 22 Apr 2024 08:32:09 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 2 KB
564 B 124ms
56ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.live4d2u.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f2cf6e19f5c280e954561d71c566f413d03998b96457d28cc54a1a02a169d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:56 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 539
x-xss-protection: 0
expires: Sun, 23 Apr 2023 15:36:56 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304180101/ 354 KB
119 KB 129ms
84ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3078197180359812&plah=www.live4d2u.com&bust=31074065

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3078197180359812

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

48cff7397a65266604a87d05e604a1a1ee50f2c35aa089517678abb6b3b79f9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121766
x-xss-protection: 0
server: cafe
etag: 1035799616527016083
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 23 Apr 2023 15:36:56 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230418/r20190131/ Frame 2401 10 KB
5 KB 71ms
19ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230418/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3078197180359812

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.live4d2u.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

age: 21938
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 23 Apr 2023 09:31:18 GMT
etag: 2378337311435320485
expires: Sun, 07 May 2023 09:31:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
208 B 28ms
27ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1545632594&t=pageview&_s=1&dl=https%3A%2F%2Fwww.live4d2u.com%2F&ul=en-us&de=UTF-8&dt=Live%204D2U%20Results%20-%20Keputusan%204D%20-%20Magnum%204D%2C%20Toto%2C%20DaMaCai%20Malaysia&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=1060477567&gjid=1234334292&cid=689703812.1682264217&tid=UA-31910035-1&_gid=1548984852.1682264217&_r=1&gtm=457e34j0&jsscut=1&z=1796868352

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.live4d2u.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.live4d2u.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tag.min.js Show response
upskittyan.com/pfe/current/ 14 KB
6 KB 56ms
13ms Script
application/javascript 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://upskittyan.com/pfe/current/tag.min.js?z=5367281
Requested by: Host: www.live4d2u.com
URL: https://www.live4d2u.com/js/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 7f51b1bfaf2b906d1b6fe618c0a157da1742ad2d1ad56509171ddeaabafc6294

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:56 GMT
content-encoding: gzip
last-modified: Wed, 19 Apr 2023 12:46:05 GMT
server: nginx
etag: W/"643fe28d-3950"
content-type: application/javascript
cache-control: no-cache
access-control-allow-credentials: true

GET
H2 200 5305499 Show response
eephaush.com/5/ 0
462 B 66ms
14ms Script
text/plain 139.45.197.236
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eephaush.com/5/5305499
Requested by: Host: www.live4d2u.com
URL: https://www.live4d2u.com/js/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.236 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache, no-cache
date: Sun, 23 Apr 2023 15:36:56 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
content-length: 0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.nl/adsid/ 107 B
532 B 81ms
31ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=www.live4d2u.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
457 B 81ms
31ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.live4d2u.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
11 KB 426ms
426ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4459930239540501&correlator=4338768174548134&eid=31072879&output=ldjh&gdfp_req=1&vrg=202304180101&ptt=17&impl=fifs&iu_parts=424536528%3A32409680%2C17294_live4d2u.com_300x250_responsive%2C17297_live4d2u.com_300x250_responsive_1&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=320x50%7C336x280%7C300x250%2C320x50%7C300x250%7C336x280&fluid=height%2Cheight&ifi=3&adks=3925281353%2C563525345&didk=1555746387~3224770412&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1682264216880&lmt=1682264212&dlt=1682264216464&idt=319&adxs=310%2C973&adys=835%2C835&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0&ucis=1%7C2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.live4d2u.com%2F&frm=20&vis=1&psz=316x266%7C316x266&msz=316x250%7C316x250&fws=4%2C4&ohw=316%2C316&ga_vid=689703812.1682264217&ga_sid=1682264217&ga_hid=1545632594&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

73af4b9c559e7b68617638448119b956ab7f196be3d2a024b256fea17f097a17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:57 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10808
x-xss-protection: 0
google-lineitem-id: -1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.live4d2u.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9C1B 6 KB
3 KB 109ms
28ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.live4d2u.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 23 Apr 2023 15:36:56 GMT
expires: Mon, 22 Apr 2024 15:36:56 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 zone Show response
upskittyan.com/ 879 B
1 KB 20ms
20ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://upskittyan.com/zone?pub=0&zone_id=5367281&is_mobile=false&domain=www.live4d2u.com&var=&ymid=&var_3=

Requested by

Host: upskittyan.com
URL: https://upskittyan.com/pfe/current/tag.min.js?z=5367281

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

366e9aa6fb12aed18c8a40ba8d233fcc34bee21c4c7270c24ed1cb9b7dd74ffb

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-trace-id: a35724bfe63f3672003a6520f1058d6c
date: Sun, 23 Apr 2023 15:36:56 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.live4d2u.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 879

GET
H2 200 universal.min.js Show response
upskittyan.com/pfe/current/ 101 KB
34 KB 45ms
14ms Fetch
application/javascript 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://upskittyan.com/pfe/current/universal.min.js?v=3.1.431
Requested by: Host: upskittyan.com
URL: https://upskittyan.com/pfe/current/tag.min.js?z=5367281
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 0af9e0becb8cdf4232454b4a6c87ca2a4f1c9b6bbb1385744c4d8771777d3f13

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:56 GMT
content-encoding: gzip
last-modified: Wed, 19 Apr 2023 12:46:05 GMT
server: nginx
etag: W/"643fe28d-194e7"
content-type: application/javascript
access-control-allow-origin: https://www.live4d2u.com
cache-control: no-cache
access-control-allow-credentials: true

OPTIONS
H2 200 custom
upskittyan.com/ Frame 0
0 14ms
13ms Preflight
text/plain 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://upskittyan.com/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.live4d2u.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.live4d2u.com
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Sun, 23 Apr 2023 15:36:57 GMT
server: nginx

POST
H2 200 custom Show response
upskittyan.com/ 39 B
327 B 14ms
14ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://upskittyan.com/custom

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.live4d2u.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: 9716bc2e068680cd8170b67ddb81ff11
date: Sun, 23 Apr 2023 15:36:57 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.live4d2u.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 39

GET
H3 200 sw.js Show response
www.live4d2u.com/ 5 KB
3 KB 21ms
20ms Fetch
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.live4d2u.com/sw.js
Requested by: Host: www.live4d2u.com
URL: https://www.live4d2u.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 245000748b65546469ffadc97eb02d3a7cd1e4e21be33084dcb382df30d034fa

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:57 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 101210
cf-polished: origSize=5243
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Wed, 06 Apr 2022 08:20:10 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HGd4PtC39WlVwp4g33eC%2FgY1%2FEuwnHgF9qLWRhaeJknLAFGtFAwvpTO0oBSIbR8A2D0uxkl9BMLztkBFh%2Brr5zMm0keS6Bf78LiCiKgbFsZEKsCDyXqu%2BQZhvxBTcj4yRRdNmaWMA9gmsaXAsdwW"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=5184000, must-revalidate, proxy-revalidate
cf-ray: 7bc72f5c4e980bd6-AMS
expires: Thu, 08 Jun 2023 02:48:42 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 391 B
602 B 78ms
29ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.live4d2u.com&callback=_gfp_s_&client=ca-pub-3078197180359812

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3078197180359812&plah=www.live4d2u.com&bust=31074065

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4c956c576bbc552fa6a482bb93736e91250ac37eba98a89a10979f579d93bb8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 250
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.nl/adsid/ 107 B
166 B 30ms
29ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=www.live4d2u.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
166 B 31ms
30ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.live4d2u.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 53ms
53ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=NAV&cls=navbar%20navbar-inverse%20navbar-fixed-top&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame BE09 354 KB
69 KB 544ms
543ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3078197180359812&output=html&adk=1812271804&adf=3025194257&lmt=1682264212&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=236x945_l%7C260x945_r&format=0x0&url=https%3A%2F%2Fwww.live4d2u.com%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682264216734&bpp=8&bdt=270&idt=283&shv=r20230418&mjsv=m202304180101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5810496401882&frm=20&pv=2&ga_vid=689703812.1682264217&ga_sid=1682264217&ga_hid=1545632594&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31073974%2C31074065%2C44788443&oid=2&pvsid=4459930239540501&tmod=23764774&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=303

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a79defccb18bd8924a0cebb8e95b9c177c153aa44bead38f3ac13888601065a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.live4d2u.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 70555
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 23 Apr 2023 15:36:57 GMT
expires: Sun, 23 Apr 2023 15:36:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9846 131 KB
39 KB 394ms
394ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3078197180359812&output=html&h=250&slotname=4525018427&adk=1147796549&adf=2045739810&pi=t.ma~as.4525018427&w=317&fwrn=4&fwrnh=100&lmt=1682264212&rafmt=1&format=317x250&url=https%3A%2F%2Fwww.live4d2u.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682264216742&bpp=2&bdt=279&idt=301&shv=r20230418&mjsv=m202304180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5810496401882&frm=20&pv=1&ga_vid=689703812.1682264217&ga_sid=1682264217&ga_hid=1545632594&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=1942&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31073974%2C31074065%2C44788443&oid=2&pvsid=4459930239540501&tmod=23764774&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=g07nfkb9eh&p=https%3A//www.live4d2u.com&dtd=305

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de6abb13d18034381d44305dd72a0cffb005690a9552da6b594dd6c738d887b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.live4d2u.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 39904
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 23 Apr 2023 15:36:57 GMT
expires: Sun, 23 Apr 2023 15:36:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 event Show response
upskittyan.com/ 94 B
382 B 15ms
14ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://upskittyan.com/event

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

9d303198d97359f6bc9102b9e4fa97d19d2f8392a1ec462b0b6eae0cc5b92635

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.live4d2u.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: 57abf8f5fed63a70dc0e3e28e7dcaa89
date: Sun, 23 Apr 2023 15:36:57 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.live4d2u.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 94

OPTIONS
H2 200 event
upskittyan.com/ Frame 0
0 23ms
23ms Preflight
text/plain 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://upskittyan.com/event
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.live4d2u.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.live4d2u.com
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Sun, 23 Apr 2023 15:36:57 GMT
server: nginx

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
546 B 56ms
16ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=45a3419e1da04b5ca4dc5211109e7e83&zoneId=5367281&checkDuplicate=true&ymid=&var=

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

61fbd2e8455c532c3876b5863f299deb7dc9859430731047bf6961843fd98334

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:57 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.live4d2u.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 200 defaultSkin.min.js Show response
upskittyan.com/pfe/current/ 56 KB
19 KB 24ms
24ms Fetch
application/javascript 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://upskittyan.com/pfe/current/defaultSkin.min.js
Requested by: Host: www.live4d2u.com
URL: https://www.live4d2u.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 7b23e3a7155161323573e58616ff1bfdaffd0560483db31315d181f6b394ddd5

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:57 GMT
content-encoding: gzip
last-modified: Wed, 19 Apr 2023 12:46:05 GMT
server: nginx
etag: W/"643fe28d-df63"
content-type: application/javascript
access-control-allow-origin: https://www.live4d2u.com
cache-control: no-cache
access-control-allow-credentials: true

GET
DATA 200
OK truncated
/ Frame EE15 255 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ad3995ed8857c7c6c71609fb70c4c77bc564d9279424bc5b9945134720730d24

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/svg+xml

OPTIONS
H2 200 custom
upskittyan.com/ Frame 0
0 13ms
13ms Preflight
text/plain 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://upskittyan.com/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.live4d2u.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.live4d2u.com
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Sun, 23 Apr 2023 15:36:57 GMT
server: nginx

POST
H2 200 custom Show response
upskittyan.com/ 39 B
327 B 14ms
13ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://upskittyan.com/custom

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.live4d2u.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: a70dba0b96d7fbced833262b873f41cf
date: Sun, 23 Apr 2023 15:36:57 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.live4d2u.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 39

GET
H2 200 container.html Show response
a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F818 6 KB
3 KB 23ms
22ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.live4d2u.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 23 Apr 2023 15:36:56 GMT
expires: Mon, 22 Apr 2024 15:36:56 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9853 6 KB
3 KB 21ms
20ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.live4d2u.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 23 Apr 2023 15:36:56 GMT
expires: Mon, 22 Apr 2024 15:36:56 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0F0C 624 B
246 B 64ms
64ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKTkFBCeqZUCGNLZuOYBMAE&v=APEucNXizi9_6JrHYQef_aLXj2c8NJvZQU6nmxzlQJZdYPa9iLRuJEhnHr5ZX778gQteJdq9z-7FvAXM1DcLo1SqcKX-KHCQH04hqBMLwSG6mVWN5Jt1R-XxyiggvdO1LbC0hqVFOM0E0cHj1tYc74lfH1DJF0A9QEW5Zdd8aUd18bWdEtRax9Q

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 23 Apr 2023 15:36:57 GMT
expires: Sun, 23 Apr 2023 15:36:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame F818 78 KB
27 KB 107ms
107ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:57 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28043
x-xss-protection: 0
server: cafe
etag: 15270303690107644053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sun, 23 Apr 2023 15:36:57 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F818 42 B
63 B 56ms
56ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DuAglGq_m4bGemUAlnNAvya2i1kQDPA8EIP6lGgKvliXSAizXOvwioq4WRG98hxw5eUU3TzxixSDMkBKmBw40dJ893dgcAqr6QbVvAfF5o1bf86_8

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F818 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=6689856002831847711&x=1&ct=76

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame F818 3 KB
1 KB 100ms
40ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/window_focus_fy2021.js

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 13:36:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7256
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 07 May 2023 13:36:01 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame F818 19 KB
8 KB 81ms
21ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2db6489d44c93f3301f1969a58df60a3d7e36c3c892fc0976dadf1f761d569cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 06:15:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33668
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8104
x-xss-protection: 0
server: cafe
etag: 11444945707709536616
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 07 May 2023 06:15:49 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F818 159 KB
49 KB 101ms
42ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681929791789681"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 23 Apr 2023 15:36:57 GMT

GET
H2 403 yads-async.js
yads.c.yimg.jp/js/ 0
0 1826ms
261ms Script
text/html 182.22.31.252
YAHOO Yahoo Japan...

General

Check archive.org

Show headers Download Go to

Full URL: https://yads.c.yimg.jp/js/yads-async.js
Requested by: Host: cpt.geniee.jp
URL: https://cpt.geniee.jp/hb/v1/215131/842/wrapper.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 182.22.31.252 , Japan, ASN23816 (YAHOO Yahoo Japan Corporation, JP),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

GET
H2 200 gnshbrequest-v2.23.0.js Show response
cpt.geniee.jp/hb/v1/lib/ 101 KB
36 KB 518ms
518ms Script
application/javascript 133.186.12.16
TOKAI TOKAI Commu...

General

Check archive.org

Show headers Download Go to

Full URL: https://cpt.geniee.jp/hb/v1/lib/gnshbrequest-v2.23.0.js
Requested by: Host: cpt.geniee.jp
URL: https://cpt.geniee.jp/hb/v1/215131/842/wrapper.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 133.186.12.16 Minatomirai, Japan, ASN10010 (TOKAI TOKAI Communications Corporation, JP),
Reverse DNS: p016.net133186012.broadline.ne.jp
Software: nginx /
Resource Hash: 3fa9c295f76cd029cc3800a61a9bba75cd9062851924561e3ce1a18a9ae6b843

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:57 GMT
content-encoding: gzip
last-modified: Tue, 11 Apr 2023 07:11:34 GMT
server: nginx
etag: W/"64350826-1950d"
content-type: application/javascript
cache-control: max-age=86400, private
cross-origin-resource-policy: cross-origin
expires: Mon, 24 Apr 2023 15:36:57 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0456 624 B
246 B 61ms
60ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKTkFBCeqZUCGNLZuOYBMAE&v=APEucNWb3lLmMtxgLp4RI3KdbyuWMWsY7zNMzRs8lYIanmuRTl0r0beiNay5L5iBOtNJUnMW0nankU6Cg4GE0MG0H-3JcZPjDX-tyBdsVM_huWmEFQ50Z70AwVDGyQPC7JoU5rERbagtt-aL7X_3yErikZJIrV0R_hjWV0TMgsZNhQqIv8g1DO0

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 23 Apr 2023 15:36:57 GMT
expires: Sun, 23 Apr 2023 15:36:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 9853 78 KB
27 KB 177ms
175ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:57 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28043
x-xss-protection: 0
server: cafe
etag: 15270303690107644053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sun, 23 Apr 2023 15:36:57 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9853 42 B
63 B 55ms
53ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ClojC2gJq0L0c29KxtBtPbU7hLo8otxqIG-75iThnEN7pDcOm3RAMwmFQ4QdU8VlRKtL_21GpA1u1E8ocddKhRPZTDvXup-JB6_T1BJI-r8JN_Pyc

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9853 0
20 B 55ms
54ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=11522231580715977998&x=1&ct=76

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame 9853 3 KB
1 KB 92ms
40ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/window_focus_fy2021.js

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 13:36:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7256
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 07 May 2023 13:36:01 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame 9853 19 KB
8 KB 75ms
23ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2db6489d44c93f3301f1969a58df60a3d7e36c3c892fc0976dadf1f761d569cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 06:15:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33668
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8104
x-xss-protection: 0
server: cafe
etag: 11444945707709536616
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 07 May 2023 06:15:49 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9853 159 KB
49 KB 126ms
74ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681929791789681"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 23 Apr 2023 15:36:57 GMT

GET
H2 200 8e3adedd6f76ceb5825dd9d6f211c14b.js Show response
www.gstatic.com/mysidia/ Frame 9846 9 KB
4 KB 88ms
23ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8e3adedd6f76ceb5825dd9d6f211c14b.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3078197180359812&output=html&h=250&slotname=4525018427&adk=1147796549&adf=2045739810&pi=t.ma~as.4525018427&w=317&fwrn=4&fwrnh=100&lmt=1682264212&rafmt=1&format=317x250&url=https%3A%2F%2Fwww.live4d2u.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682264216742&bpp=2&bdt=279&idt=301&shv=r20230418&mjsv=m202304180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5810496401882&frm=20&pv=1&ga_vid=689703812.1682264217&ga_sid=1682264217&ga_hid=1545632594&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=1942&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31073974%2C31074065%2C44788443&oid=2&pvsid=4459930239540501&tmod=23764774&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=g07nfkb9eh&p=https%3A//www.live4d2u.com&dtd=305

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af3db37cd37f8c6425e168cdde71e01053db2350a26ce758c1393820a2497453

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 12:21:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11752
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3832
x-xss-protection: 0
last-modified: Thu, 20 Apr 2023 23:51:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sat, 22 Jul 2023 12:21:05 GMT

GET
H2 200 d315a83c090742bf4ef57164693bd69c.js Show response
www.gstatic.com/mysidia/ Frame 9846 136 KB
50 KB 91ms
26ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/d315a83c090742bf4ef57164693bd69c.js?tag=video_mra/web_raspberry_ms_cta_adjustment

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3259012887c5a4aa033124259fd97c2b418c85a644de8b3cdab3c80ab49afeb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 16:10:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84395
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51389
x-xss-protection: 0
last-modified: Thu, 20 Apr 2023 20:42:14 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 21 Jul 2023 16:10:22 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 9846 9 KB
1 KB 95ms
30ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

400fabe35a47597142482001174f415493a18dc7e1d35f2f66385013b7dd1e02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 23 Apr 2023 15:36:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 23 Apr 2023 13:45:21 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 23 Apr 2023 15:36:57 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 9846 13 KB
1 KB 96ms
31ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500%2C700

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

416aefad976ead118a49aae709d84fe09656753c031e9282256ca9917b9e5cde

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 23 Apr 2023 15:36:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 23 Apr 2023 14:01:40 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 23 Apr 2023 15:36:57 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame 9846 2 KB
846 B 27ms
25ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 16:53:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81786
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 May 2023 16:53:51 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/ Frame 9846 21 KB
8 KB 57ms
26ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

85f5fa4e4e018f353a57795fac053b8440905db9cda4a7d18147d48e8d77e233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 13:36:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7256
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8535
x-xss-protection: 0
server: cafe
etag: 13968503839060854674
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 07 May 2023 13:36:01 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame 9846 3 KB
1 KB 26ms
24ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 13:36:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7256
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 07 May 2023 13:36:01 GMT

GET
H2 200 transparent.png
tpc.googlesyndication.com/pagead/images/ Frame 9846 67 B
196 B 25ms
23ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/transparent.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 19:57:41 GMT
x-content-type-options: nosniff
server: cafe
age: 70756
etag: 2462972746714251406
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 67
x-xss-protection: 0
expires: Sun, 23 Apr 2023 19:57:41 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame 9846 19 KB
8 KB 24ms
22ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2db6489d44c93f3301f1969a58df60a3d7e36c3c892fc0976dadf1f761d569cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 06:15:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33668
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8104
x-xss-protection: 0
server: cafe
etag: 11444945707709536616
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 07 May 2023 06:15:49 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9846 159 KB
49 KB 33ms
31ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681929791789681"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 23 Apr 2023 15:36:57 GMT

GET
H2 200 f8970ecc2196f374e9d99027c476dd6b.js Show response
www.gstatic.com/mysidia/ Frame 9846 32 KB
14 KB 22ms
20ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f8970ecc2196f374e9d99027c476dd6b.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

56cb66844b6e4806082b345cc9bf870b3e2493a6f4e277b865d85666f0fac439

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 12:00:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 272182
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13747
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 02:08:12 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 19 Jul 2023 12:00:35 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0F0C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELvUVPkvN3XCS314XUzJbko&google_cver=1

43 B
766 B

21ms
21ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELvUVPkvN3XCS314XUzJbko&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKTkFBCeqZUCGNLZuOYBMAE&v=APEucNXizi9_6JrHYQef_aLXj2c8NJvZQU6nmxzlQJZdYPa9iLRuJEhnHr5ZX778gQteJdq9z-7FvAXM1DcLo1SqcKX-KHCQH04hqBMLwSG6mVWN5Jt1R-XxyiggvdO1LbC0hqVFOM0E0cHj1tYc74lfH1DJF0A9QEW5Zdd8aUd18bWdEtRax9Q
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 23 Apr 2023 15:36:57 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELvUVPkvN3XCS314XUzJbko&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0F0C
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZEVQmcHOC-T7xfcHcdkozgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELvUVPkvN3XCS314XUzJbko&google_cver=1

43 B
632 B

21ms
20ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELvUVPkvN3XCS314XUzJbko&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKTkFBCeqZUCGNLZuOYBMAE&v=APEucNXizi9_6JrHYQef_aLXj2c8NJvZQU6nmxzlQJZdYPa9iLRuJEhnHr5ZX778gQteJdq9z-7FvAXM1DcLo1SqcKX-KHCQH04hqBMLwSG6mVWN5Jt1R-XxyiggvdO1LbC0hqVFOM0E0cHj1tYc74lfH1DJF0A9QEW5Zdd8aUd18bWdEtRax9Q
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 23 Apr 2023 15:36:57 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELvUVPkvN3XCS314XUzJbko&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 0F0C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESELua7JghjYwsY1zXUYRl_p0&google_cver=1

43 B
1 KB

14ms
14ms

Image
image/gif

185.89.210.180
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESELua7JghjYwsY1zXUYRl_p0&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKTkFBCeqZUCGNLZuOYBMAE&v=APEucNXizi9_6JrHYQef_aLXj2c8NJvZQU6nmxzlQJZdYPa9iLRuJEhnHr5ZX778gQteJdq9z-7FvAXM1DcLo1SqcKX-KHCQH04hqBMLwSG6mVWN5Jt1R-XxyiggvdO1LbC0hqVFOM0E0cHj1tYc74lfH1DJF0A9QEW5Zdd8aUd18bWdEtRax9Q

Protocol

HTTP/1.1

Server

185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 23 Apr 2023 15:36:57 GMT
AN-X-Request-Uuid: a8d1052e-d87e-489e-af88-92268d185eaa
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 37.48.94.48; 37.48.94.48; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESELua7JghjYwsY1zXUYRl_p0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 0F0C
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjUwMDYwMDE1MDQwOTQwNTY0Mw%3D%3D

170 B
233 B

30ms
30ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjUwMDYwMDE1MDQwOTQwNTY0Mw%3D%3D

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 23 Apr 2023 15:36:57 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 37.48.94.48; 37.48.94.48; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 89865b1c-7f2b-4969-acb2-41f4b49c4efe
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjUwMDYwMDE1MDQwOTQwNTY0Mw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0456
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELvUVPkvN3XCS314XUzJbko&google_cver=1

43 B
632 B

20ms
20ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELvUVPkvN3XCS314XUzJbko&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKTkFBCeqZUCGNLZuOYBMAE&v=APEucNWb3lLmMtxgLp4RI3KdbyuWMWsY7zNMzRs8lYIanmuRTl0r0beiNay5L5iBOtNJUnMW0nankU6Cg4GE0MG0H-3JcZPjDX-tyBdsVM_huWmEFQ50Z70AwVDGyQPC7JoU5rERbagtt-aL7X_3yErikZJIrV0R_hjWV0TMgsZNhQqIv8g1DO0
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 23 Apr 2023 15:36:57 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELvUVPkvN3XCS314XUzJbko&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0456
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZEVQmcHOC-T7xfcHcdkozgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELvUVPkvN3XCS314XUzJbko&google_cver=1

43 B
766 B

22ms
21ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELvUVPkvN3XCS314XUzJbko&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKTkFBCeqZUCGNLZuOYBMAE&v=APEucNWb3lLmMtxgLp4RI3KdbyuWMWsY7zNMzRs8lYIanmuRTl0r0beiNay5L5iBOtNJUnMW0nankU6Cg4GE0MG0H-3JcZPjDX-tyBdsVM_huWmEFQ50Z70AwVDGyQPC7JoU5rERbagtt-aL7X_3yErikZJIrV0R_hjWV0TMgsZNhQqIv8g1DO0
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 23 Apr 2023 15:36:57 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELvUVPkvN3XCS314XUzJbko&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 0456
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESELua7JghjYwsY1zXUYRl_p0&google_cver=1

43 B
1 KB

25ms
25ms

Image
image/gif

185.89.210.180
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESELua7JghjYwsY1zXUYRl_p0&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKTkFBCeqZUCGNLZuOYBMAE&v=APEucNWb3lLmMtxgLp4RI3KdbyuWMWsY7zNMzRs8lYIanmuRTl0r0beiNay5L5iBOtNJUnMW0nankU6Cg4GE0MG0H-3JcZPjDX-tyBdsVM_huWmEFQ50Z70AwVDGyQPC7JoU5rERbagtt-aL7X_3yErikZJIrV0R_hjWV0TMgsZNhQqIv8g1DO0

Protocol

HTTP/1.1

Server

185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 23 Apr 2023 15:36:57 GMT
AN-X-Request-Uuid: db0b7a90-f99d-4fd1-b561-e9cc518da81a
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 37.48.94.48; 37.48.94.48; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESELua7JghjYwsY1zXUYRl_p0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 0456
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjUwMDYwMDE1MDQwOTQwNTY0Mw%3D%3D

170 B
244 B

30ms
29ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjUwMDYwMDE1MDQwOTQwNTY0Mw%3D%3D

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 23 Apr 2023 15:36:57 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 37.48.94.48; 37.48.94.48; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 44b52ad2-e7d9-4dcf-9bbc-d20e56fab3da
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjUwMDYwMDE1MDQwOTQwNTY0Mw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F818 0
20 B 53ms
53ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=197553942103&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F818 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=197553942103&version=m202301230201&ct=76&x=1&cor=6689856002831847000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F818 89 KB
36 KB 63ms
62ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BiVqmm8-GVZ6u5VCHucgprq4ysQgyA4xd13NywZbj8PUIQnWgVcLFlo4wTrKW_buxsJvldciqKu1_ebLV5we07mqUDoMZm1ElK4nUGynNmijJG1zoXwzW2NzWe531QiJBTNaLvUL75wEX5LG9g8h3w8qQ3yWlRswW3mk2evR9E-Ifa1RI&dbm_d=AKAmf-DEvPHrwAQ2pOmqyGcFxh-sP_q6e-NfQwI512LB9BVq8Vt6IoqAsC_Q-IDWQECbVgyaqr765201xmeOV0KBa4jUnIBQ2XK9FLIn3qgeOW9QG-HvJqXPHAh_HQhywtZT_T2BCUvFetS4PA-1oLuKABUSsWlJ4okSjtdG32zMlieqd9El9tm52iissyMGV85YSYhHWn12LcEVPnV-lvRpN9CHhAvqm5EuvcaGpzFT6Ec0YWOqQQBElz_P8Relv7VOEjvpI732seXn2vxTiRB6UUuItsvkkPLZ1sY1MelVx2YYADSiJJNi3Gl431dd3SdN-DLXHPacHAZLEFkICp3rzpapcDEqalnl6vrOnlkSIp6U-U5pP6mLY0o3oQuTmDXSglqWQmbnl7gKrVnoz4F2GXn6Ymf8xFpBHRHFsxgljtuCef44g0WNQkX8F5Ml-Gi__KcT7wtG7JVsYW62ceecNn8pK4-CVRR8tJJxcybqkfe8CGeLH6ROy21WpVE7cFPqmStZDP8Y3i-pv_wnJt9kwXMOxq6c_sLtVbKFSvySkVqmOfCPOvxfQX4gxeG9GuehAFp8bDR9cA551BGGAa8R7vtmHIWlmLFidnN6DHw8dYUgRUpHvITKpTwmj0hiNyt9NqgPDGbj1aSqWfw072R2RCsnwSC-t50TCLiyzH5Z9lF1g_0QcM3FdkL0WIrUzNFIsIGjbGxup5LhbnHLZkPQKF76yH_-HiBwJCcbY3E9GbSFrzdiqAzktQ6PWJwQECaidP0B8_Tq8UhC0apbG5xn6cTIx2PqX1gl5c4fX1tjOId11kujXq7qLasI217h__mMaJeMKuux-V09gKBmHRP-U--ShP9nbrDPm4GJwSVLAEwZCr8UvSIccRl9sNSwIGucbcCzgKI0pZ4EpSfgQ9YpasHHSVRADJXP3eZk2h0QgyaQ5erRIA-1xAhOrHwVOh71yzezJ-sPRzgwgc4xxvX4L54KSI7JagCv_f_pQGLBz_zp_9YYIgCqg7twpdRo1Zl5W822NgWtV62WMcNrbrZoeSNj3HhfIHboIYiVH82TFP8gdG-oR2x5mmaeX3eL1hpzoN0M7HIptiM26jysdeXQ5ki1bLD8WmC6CtrVRDk2FxWfY0TC70PRxawqlk62bWOfdTU99PxQ2ewvOBXYqGnGHB6Vzn_mSB7PSfkuS68XlqJPhuBbSkvYlMWa5wdPEXeP8KQdU8kzKU_ieNSI1Yw2XbKJmkYn22EqAHWe13Hm1aJxzcQvZFa_m8mRAJ6dF7malxAHFfRDHp97K5S6M7E4fI_u9ghIe640M9loMAuS5wbOKr5fdgo1X6ds6tJ9gLub0zQI2qxOFvzEM3SHGiFaIIg2gZSazywylZ8G4c43u6BcqMXADBkQzwx5i0cnr7hrqwyrD_8KUvyeSqEY-RHmZhoKyIn-qMEhnS4Sxubg2rYtpERQWNVRqvgyQ4ml9W2E6GxtbxWOJFCakO34UjirbcF4CDd2t4EGKFSpe0LxXBhFp4XVMvVNGdSLciMCoVCo_p-3IQVhoQcE8zqudzeOnJkGaAd5zaJy7qAuTHe9d5YQghSSOi0tcBFY9mVEMdP2C9H1XM2CNkNauc7501Y66OIxX9scGSpnc2jBmAiXabsXwl0aEVQdfB0Is4atkMcASwulrprger3XwBgE2E7LhZWBbeU571Z75Bor1ZPdzZu_Pf-2_UKo6J-Ejuagl7OMNRzNvjbxIZO7VGNjFRj7DVwdFnyYRJdCb36hSuQnnkOAcLM7CPpL_cc01Rw759qh3v-IFGZrQPGGNvZPeGu8je_uqCLqgjiDTFbzHpKCuBeMzvQ01eJ_CA2fqeu7zgRBVThqur4hZ5GvYPqI6IwAnMwWcTfAurYRSjYstR6sJLEAMHf9lyUg9FYEWDipAJ2gDXTfIueOEQj1EQZUn359dcg2708qxgGZ6nf1l2IPbaVysRN6O_waAHlaeYzHmz2isuJDD0sucGdbA5xKt8wmS4Hvuqd3P5-dEjJ8AYfrBVKhKBjIGwcj7VsgppesBBUWzZHoqGFYj_P1kmlGosgaGqlQT41Vn4Ty6N2xgqUlUa5Sf8frNZjbDJG1TTlkSk4gKi_2ErtRVxwNDp137aHa-obEWMHVcxQw9Th2QqQVNsJJgEdaBPi-oRPeABBF7oxe0YK5rcpH1IM2-Gg8unxywcqNVYaIRoCLy7NIFNBTDXFM5QCEynjWO9RpckdPgKyQ3aw_FbFKZ5nOAN-4y92BZglrhDPnjFtie8Ize1smymGwg6JO4mEgjdXwEWRdjWvRiVb1QsbqRStuqmBdCnLxNRjdWSHrHB97DRtcS7Ek9tYJ4_ocBbG74EbHYVCwcESWUJZLkSYN8Ue5K1AHkBqB_gz8gPLpEgJnZP76vGIbYj0sRlOXU-eeh8p7gJgHYK5wUxQv9Hp44bdXVfC6R-kJFnz2RU1OP7jyZUh_jQi4Eg_96dPLOA7jwfWr4aF1xqkEx-C3EOECZ3JpxQ5yqIKjRgw0BVWaXzykS0Zte2eYODt0Y-6WmFRWTvdr28b6u3wKO5B3k4HyfOcqPQxIP4uKwPztgYrpO1BjfUqqjhr-1j9G72SK2xQaHgLEYbw71zP8fGbR4QxpAdGuYahDBqvYWaiYujb5ENvNFYkdRwj-Q8StLuDS_V8IIYmappJ9MzxYb5BXF-zuJmyZYcrDXaRkF1T7zVT_p9tcz2Eqfng4dZ6qGNjcyMjhce3O3XWf_cLY9Uc8BibpLwNnuHY2cCpFDBLhhtVfdItUHtvZ21rbseNGyNJ7J9KlzCcu41nV5l9_SqxcjF8sF7ybGzlzr8a7JJLyRwQYeIUXv_AbHwa_x7BlCpWj49Tl_DJ26UItedMvDI20RnraXBuPO7iy5d0rhK5hBHKCSaSTSTYUZxT08cg4-0UjBPWs83l4A5DkrA08tVjEa39i5-PFMatKZsF3seaPKswV0_kR6Dyk2ZkiYWM3Sr7Ks9zSaCDJsZikufFsbqwj7IWBogriv74saBgLWogy8CthzSLXffwmhyKD6u-o0j-wU5iRew9_cg2dwKcJS7umbKFRq6DqFR6d4CeTMBGl6D87_MOjKUgMyQ26Al_z1rLnMLBGOxpA00quVEVvPGQZUibw7bVgXMe1TQysicbKau5EwIZWgS41Mqa0yrSGdzVt_MamJVH4ZNIxiRkCbqHonJqZTKqwb9yEWi-sOKI9dB_evAuyw_Y4jeldUQpX-Z5r6MStjptbfctVD9tHIPH1EtE5X_IFf9XTRpWtpcmcIs3KGHO-ZaCNf4JyQhNNac0kIYg-0u0UqBt2XDqBXO2QELU1ZD8zWwjOuMlJAVM-uM54zhSp3VzKca_YkYgtsPAGdCdpTVFuSgPLtssol53VqXq5K8HGdrSKkyomt3lYo1j06FsXoVK9-rCYB9J0moyJ5f-8HGTvRAkLfXtmAXcjUHgQ4liMtNqw1E-eAD4WFB2nYDHy8yo5NcCvlC6ROifZmifGAq4Myd_rw9u1J9OWCIB_QtiS73CTJJjdRihxIqDN1so3zUnEvaSdrnsKSxXpXE0&cid=CAQSSwBygQiDRVK-FklZgM0kvL6DsneNJPWSCHDGQ7ddpSfDs4SJcOVphwxgqsQN1kGpwVo3x73yoV_03AJOuUqwPlkIR8ePqDfHQW4nERgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.live4d2u.com%2F&ds=l&xdt=1&iif=1&cor=6689856002831847000&adk=2228999115&idt=113&cac=0&dtd=6

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

34326ebdb27755334a204e97415d391f9f18d02c45e7305cd12de6e2bc24bfcb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36378
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/2661224054694010986/ Frame 9846 704 B
1 KB 21ms
20ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2661224054694010986/14763004658117789537?w=100&h=100

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

278d9790939a72f372a5ab0b8ae0c0847097e7021b3204f908361b8308dec5e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 06:11:24 GMT
x-content-type-options: nosniff
age: 120333
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 704
x-xss-protection: 0
last-modified: Tue, 27 Dec 2022 09:57:04 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 21 Apr 2024 06:11:24 GMT

GET
DATA 200
OK truncated
/ Frame 9846 216 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 81cacd6b187878c8eb795e61e66c648ee76c410dafc63852de35290c1e56f9f1

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 204 csi
csi.gstatic.com/ Frame 9846 0
226 B 92ms
25ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~lgtkohrn&c=1477790042392&slotId=738895021196&qqid=CLTyzsiqwP4CFQjsUQodOzwG2A&sei=44729911%2C44730425%2C44730426%2C44752538%2C75259414%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=rda&ulv=1
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/d315a83c090742bf4ef57164693bd69c.js?tag=video_mra/web_raspberry_ms_cta_adjustment
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:57 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/5083636675354761901/ Frame 9846 70 KB
70 KB 21ms
20ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5083636675354761901/14763004658117789537

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

39dcff53a502f4e7f0b3f64573803a09a3721791c01971f55d899772726dfecc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 05:55:22 GMT
x-content-type-options: nosniff
age: 121295
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71213
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 13:55:23 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 21 Apr 2024 05:55:22 GMT

GET
H/1.1 206
Partial Content videoplayback
rr5---sn-5hne6ns6.googlevideo.com/ Frame 9846 1 MB
0 181ms
107ms Media
video/mp4 2a00:1450:400e:3::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr5---sn-5hne6ns6.googlevideo.com/videoplayback?expire=1682293017&ei=mVBFZLKQFJe8mLAPj_S_4AQ&ip=2001:1af8:4700:a069:35::14&id=bd06cb353de39c42&itag=18&source=youtube&requiressl=yes&mh=pK&mm=31&mn=sn-5hne6ns6&ms=au&mv=m&mvi=5&pl=38&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=88.050&lmt=1680233354218287&mt=1682263734&txp=4530434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIhAOjmHktI-iKljw-XDQ9c7s28g33xhHlW66GfZGha-zc4AiA9Kk9Iv36a40rvOJ3KhracqoSH9NLQmiqliuIn7rjezg==&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIgD4ZTcpSM7m2zvYNGVdncBnnaZ3GFb2A_G_3Y8IB_7JUCIQDPB3xapcmeDVKg__FotSvjbXWqngqfo5QcNZ65ZRancA==&cpn=WAatI4mIDGTr4Guv

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:3::a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Range: bytes=0-

Response headers

Date: Sun, 23 Apr 2023 15:36:57 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 31 Mar 2023 03:29:14 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Content-Range: bytes 0-2827825/2827826
Cache-Control: private, max-age=28500
Cross-Origin-Resource-Policy: cross-origin
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 2827826
Expires: Sun, 23 Apr 2023 15:36:57 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 9846 0
0 64ms
63ms Fetch
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CEtTcmVBFZPTBBIjYxwK7-JjADcHl7-5v6d33wskRgYLjqrY6EAEg7fuSIGCRBKAB9uynmwPIAQmpAm9kdFcwbrI-qAMByAPLBKoExQFP0AXfMhc9gdiLAxi9JW0CwHxoFw-8GtUUvcXT8NC_ffV6F8Z6JYoqPlc00BrkOAudAO_oSPZUuc2hQQJbIDNpoG_GTOQe1x8gTanDBI0Sbr-tkxS_idW_pAUjiiTBjwLLmSSKZbe7jCmjSG8z6_TyEVM1fd8I_9NH4evPfIXaetDXlZ8goug2StbAkJapiwr7ulJ8bfvlii7BIV9QpK_HuoYphQzbYa1Ru_DItvgag_DSWR41bAZXor9irM08jydpWKSHNMAEt8W1nqcEkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB_KS2GSoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBC0vAPSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAbgTnBvYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItMzA3ODE5NzE4MDM1OTgxMhgA&sigh=F19U6yMhsnM&uach_m=[UACH]&cid=CAQSGwBygQiDfIP7unkGpdXAzw4Czc9nU7TkcvB7KxgB&template_id=3484

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3078197180359812&output=html&h=250&slotname=4525018427&adk=1147796549&adf=2045739810&pi=t.ma~as.4525018427&w=317&fwrn=4&fwrnh=100&lmt=1682264212&rafmt=1&format=317x250&url=https%3A%2F%2Fwww.live4d2u.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682264216742&bpp=2&bdt=279&idt=301&shv=r20230418&mjsv=m202304180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5810496401882&frm=20&pv=1&ga_vid=689703812.1682264217&ga_sid=1682264217&ga_hid=1545632594&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=1942&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31073974%2C31074065%2C44788443&oid=2&pvsid=4459930239540501&tmod=23764774&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=g07nfkb9eh&p=https%3A//www.live4d2u.com&dtd=305
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 23 Apr 2023 15:36:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 9846 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 06cc594a8068fbe5badf7a24325b0035011f9b96440fcb2d3d718b9e97ea64d3

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9853 0
20 B 57ms
56ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=87128995749&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9853 0
20 B 55ms
55ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=87128995749&version=m202301230201&ct=76&x=1&cor=11522231580715979000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9853 90 KB
36 KB 60ms
60ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BL-5mjU9J2-cOoleyRh44igb3tDdTPdmpS7-RpmH4b32NuAXurob66-RLy_udCWMZXirLg7voecObCbTgpxk9CBGEPSYozrWFrPbT7yjL-SM3thxGb9zC-Sl5Wp-F828-1QsRLsYzVF9pHcYsTjy88ceMarbMoJf1nAW0P0EDnbVYOQF0&dbm_d=AKAmf-DF0GTnanp3pYC3eVjs36Jsn941gxw8ViqLeCBru2tULNbbEfvjdrZFEtsPFXugCymzWV9IpQL7BtVIkUPI1MIMRe4FmuR5NpiopBJLFYp5ofQ22-1btO5tlVtNY1RhkD102e6tZB67-Z2xSWrnzESVpHAUz8skd2FWfrCP54R4WC8DsM0aXIiVmn3ORAEArZkl4Dzg4CluzJTQ4bnt_C71P686dcFCJGGyrEF1uTmzb_heWOOnfFAAfno-GioEq0um_1pqXeLIsaqKZeCJXYJOBC-al0LGUuju4t1u7WlDke6UNXAD_Xdi-C79vmjm7XSLi8T0ii9sHWlz76_ollebYI1OAU0spd4erNblJhKmmLZeJCYpjDg83o2dp-cAgDmd0vZPiNaUqGn-jq-DFOkkrUJsFkcWXAncKRXwRTGXJXg1CfswSekV5Z7ddGTbsZADpuNbZ7YtAFbApuJVeOWp_v3cFZbmVYv82qXBixG_Qs7uIThGAr6CdTJUOSJlCP8D0FI8tiTjqAnU7CxV4wRU6ybxrNgvq17HTSEXrguktsii8KDm-SaVUYuzhhLlWBo40sOUAfkpVKlpD-az6uW1fzpai4RDdgtIRWvLdGkXnydGhchVyxqtcMMU3um4aAJiOJ1ORAS5RUuOvATJ3yFJw7ygmHirKnW4LBWTNNPzG_UC5M1C4zMLYolKD8eZ_RbYyvl1vDAbc9HpXpKGEOcsyVTXJ6hZvyUdt1xp5t9ldj2-D8YZbtwxqHh5HtePkaCjWRmP3v0b2bdVzXxCgNCIyohEqx_ZSDn5fZ2vTmJXDpGf29sRsMDf75FP8nGX_kB6jfJSEDsVfoTQfHzKCY9zLbalV2WM3UJAploiU6hXi9MkGytIgWcCVWzGPW8WeK_70q4yOuYDSaPA8XCXk-6MTgUFIqZnoh6cDROhRnJ9UCFdB6Hk3b98yy7as_2rt73BJzXe49zExgzfny98vjcij2W9g-jddniYgEpcmwheVOqoE3lgLed9XHZJZ3Uhy0fzkeMx4V8unTFIdsh9UmJtVvrU2RBr1XRpVHGGxwi_Cwiit_t5z9tEpJiEDRNca5FfRkIoLtWuQZtaOhLs7ur9tqPaITB4TP_ZtVNmwzVQdOlIe041Rrpmm89LFyrjWF3uTQ3pc8RAd6v1MjzKSsB_eEzZ0ayBej_Zx8pXj49ndWFmmWZbK5ARNJNJOBLK-q2HvdEd4rhRN8sy_sjFSajg5wpA5w2Jt9Z8kbBYhphbfCpcqZ7vcncS51OoGWVKyTeOuvDz7bI3fRWThsDxdKLE1TRgxaJZPCcBgZFTLbwfkl7vfRf2c51RpwilSXyoLV8zx_IH3wn0rfgdJOtmD8NAvvW2AIlpd7zvkx1sjAWfaC6LBZ9aVEYaTTUpyPSwl3T05ARaRYElziP4fMsm9fz-NvDIBaTVNeVtl1PuttxiHOr6DTEY7c_qErbjzqkzYIzp1tOkdKv1PbwKtiPNJj1Nr-5DTih6CwFx_wDPhsfdPQcJwpCyzGLdsjPrbehfr9lMsySecKXdBFp6CvLB57PqOnr31klJK5vcOW0krnA_4EhEzsw3DaKfBPstlyQtZD2l7SHjqONlQPdNNr3kcUEJR0K11JuOjyJLSf4-2UbENAS09Y3FBZuku69gwUuyJOJkFQZxl1cuU04gISzV3VIkTwK4zAia_pbLWWn7rUHbM0aVpY2cpVhec25VxmbCA90PDEh6nCB1Hn92LeJ5t_wcQmOvNYrxLStyL8TY8XWr1vchbjOWcPYWxmYqRq6-P0v8svSg2mXx5B5xvXaulsfEOipPFDGDY19JqaAKW6MdMoWceXk7sPw-phrneDSeDr0dxT4OyBM320P-GPXibHY4AKWv9jfuJTfwBFvTLJacAkqUpaJYpjxcs8t1Kl556Kl0Xdb2OVK3vybGzef1yi43EDYCLD5hAw4yOpPs0LCRCOYPxDi7Tgrkoqy6TDYoLMMHxMjhapaaZfD6xDwsSwQgLmyY_K6gyJLPkgEUKAhBVHHJX-8JExMe6L5yC__FAv7AaQWUsapBsz-lYlEUWhJlJKeAG7RbCEhzFQ2A2yzMQf1m4j-izv4_zl6YVc3dHhYOEswIxPyZnsBbazvfZA7y9ApJqy3XgOUN7NdqLq0HCkIjmsD9Z7CymnzQIjB1ovVLm6C3Vh1hOLhEx_LKJdnW1QRpvHVndZ6siShfNn7sIfqyzxicxGAKPe4NklBUDa6ocVXGSov8-_yQPIw0PeasQwC456S6CwWBPJms-qjHZFGq5UVuTyT-EzUkueGwwf1R2V4xcBjzOFYNUjaLVi2L0l62NqZfZ7HagMtnXNi89CFJKw7Qdg5S-aQuZdmY2EfsN_IPH_VpwKiLrfCpOIcgewatrGiQQgugx4yVn1OkPjbkchHJYDAQd4YVvi7-nxDutjE11WdyMZm9mUxtpDsKM7u9ikaGeIXwf6UFFA-hAyDgxQaPVE3F-YhZp62n-s79Y8vG2HQ6wZZDcq6glbIDrKuy6vuRkHqaYimiPBR5h718wAiiC5wxIprYgjgNn-D4coZtqNd4ylOutINZxcdXgdN2BoM1UmCtkz8aCIPW31y8ZtdGvowT3ptFD0sp_en-hCSPvGldVmdHuEvLrx5iCVyS4ESvksuml5jJ5LMrH4E9oeiunoRJnrputQ3qwdzuZvUItHWDOResxUCb3z-Z9yE_uvJxDVmWsLcn-3xbGhG-v8hoa6wcn34BcdqMnmFu6W7wgeZ7t-YsR0hHIrNxyibzrnVgRie51K7zCXd52uyv9siThMyRQLnt0CA2ahCg3dfu3opfUOmxjolni6LcSKJcfjoAZsIS7V2He6uXLwqSv5NMYCwKGslNQPUs2DuzRDOKm8W-DOPUR89h1jyt5CH7_jkY9W5k0bnE__gwBmt2b9t7p_1gCj1pF7gEA5XqxOFz7oD0cE_IJXc1AoBlKu-lgAx3IKOUSHUtWi9uYHPi5u3DT1gVUIIB2VhxN9Z3rmzLH1HiGoYGXHAE0j_LxKn6bJZ5WlSkRd2khaIvW4rFB6_rQKXQprOir3dQzNNb1YfMlJb61Q6f8IR5aSdyIkhCAskZhOlt3Dt0vaPt3xMppVsBesPtbX3dxCJOKVkAUbEqo6l2qGAIFz5pZBT56OzfcuDm5aEe3C-BxrScZtcfbCuk_wgVAsLKi6P364OjVkkq68geN07JjQ8C48-rO08DpAXapaY08UM60z4Tzq8XY06PgO1JKhTdGmC3sOSTeldCa1itWVlnA0GmKM2Zi8q96P84gCYDvgU-XR4cR8qf-JUC1CqIMvWLGG46vkC8aGPLvhhQC9iPy997285sTzsrSontpDFKly_optR8z95iRPhZCgWg9TgnygOCwZl1NqhQmlP7Ve3EjXzPJlu9d_hek5kKuhbEATkwlmOo_Qo1QcpWculZT2tN6ro15OYw0aXOhbqsPPleEnA1_O_IBjJQeEIZAqn0ndfMDFU8H24ntpl2SrcbYP1rvORcRlEWoET39BckzStXTmodhIJdvw1WR5jQ5jRmwa7iYn4t5kSUoDKmvKOsavRIjSGX7RJC_7da&cid=CAQSSwBygQiDRVK-FklZgM0kvL6DsneNJPWSCHDGQ7ddpSfDs4SJcOVphwxgqsQN1kGpwVo3x73yoV_03AJOuUqwPlkIR8ePqDfHQW4nERgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.live4d2u.com%2F&ds=l&xdt=1&iif=1&cor=11522231580715979000&adk=3047537735&idt=210&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11d03e5a32438446a53f604cdfd7954bf0f564a07547ec2c48fa51ab76970e05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36541
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 rda_video_bg_pattern.png
googleads.g.doubleclick.net/pagead/images/ Frame 9846 2 KB
2 KB 20ms
19ms Image
image/png 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/images/rda_video_bg_pattern.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c7f42fd7e961148cbacb3643b669d55768ded74e587cd30d429a4e8112c05a5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3078197180359812&output=html&h=250&slotname=4525018427&adk=1147796549&adf=2045739810&pi=t.ma~as.4525018427&w=317&fwrn=4&fwrnh=100&lmt=1682264212&rafmt=1&format=317x250&url=https%3A%2F%2Fwww.live4d2u.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682264216742&bpp=2&bdt=279&idt=301&shv=r20230418&mjsv=m202304180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5810496401882&frm=20&pv=1&ga_vid=689703812.1682264217&ga_sid=1682264217&ga_hid=1545632594&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=1942&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31073974%2C31074065%2C44788443&oid=2&pvsid=4459930239540501&tmod=23764774&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=g07nfkb9eh&p=https%3A//www.live4d2u.com&dtd=305
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 20:15:38 GMT
x-content-type-options: nosniff
server: cafe
age: 69679
etag: 9923804599063086578
vary: Accept-Encoding
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2033
x-xss-protection: 0
expires: Sun, 23 Apr 2023 20:15:38 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v46/ Frame 9846 29 KB
30 KB 72ms
21ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v46/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

45a61a04904fc2115c440a349a65dc93d2965b0b24dc5a8172bd8b792bdbf103

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 05:16:02 GMT
x-content-type-options: nosniff
age: 123655
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29728
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 16:59:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 05:16:02 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame F818 170 KB
59 KB 86ms
21ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
Origin: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 11:36:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14438
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 24 Apr 2023 11:36:19 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230418/r20110914/elements/html/ Frame F818 11 KB
4 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230418/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BiVqmm8-GVZ6u5VCHucgprq4ysQgyA4xd13NywZbj8PUIQnWgVcLFlo4wTrKW_buxsJvldciqKu1_ebLV5we07mqUDoMZm1ElK4nUGynNmijJG1zoXwzW2NzWe531QiJBTNaLvUL75wEX5LG9g8h3w8qQ3yWlRswW3mk2evR9E-Ifa1RI&dbm_d=AKAmf-DEvPHrwAQ2pOmqyGcFxh-sP_q6e-NfQwI512LB9BVq8Vt6IoqAsC_Q-IDWQECbVgyaqr765201xmeOV0KBa4jUnIBQ2XK9FLIn3qgeOW9QG-HvJqXPHAh_HQhywtZT_T2BCUvFetS4PA-1oLuKABUSsWlJ4okSjtdG32zMlieqd9El9tm52iissyMGV85YSYhHWn12LcEVPnV-lvRpN9CHhAvqm5EuvcaGpzFT6Ec0YWOqQQBElz_P8Relv7VOEjvpI732seXn2vxTiRB6UUuItsvkkPLZ1sY1MelVx2YYADSiJJNi3Gl431dd3SdN-DLXHPacHAZLEFkICp3rzpapcDEqalnl6vrOnlkSIp6U-U5pP6mLY0o3oQuTmDXSglqWQmbnl7gKrVnoz4F2GXn6Ymf8xFpBHRHFsxgljtuCef44g0WNQkX8F5Ml-Gi__KcT7wtG7JVsYW62ceecNn8pK4-CVRR8tJJxcybqkfe8CGeLH6ROy21WpVE7cFPqmStZDP8Y3i-pv_wnJt9kwXMOxq6c_sLtVbKFSvySkVqmOfCPOvxfQX4gxeG9GuehAFp8bDR9cA551BGGAa8R7vtmHIWlmLFidnN6DHw8dYUgRUpHvITKpTwmj0hiNyt9NqgPDGbj1aSqWfw072R2RCsnwSC-t50TCLiyzH5Z9lF1g_0QcM3FdkL0WIrUzNFIsIGjbGxup5LhbnHLZkPQKF76yH_-HiBwJCcbY3E9GbSFrzdiqAzktQ6PWJwQECaidP0B8_Tq8UhC0apbG5xn6cTIx2PqX1gl5c4fX1tjOId11kujXq7qLasI217h__mMaJeMKuux-V09gKBmHRP-U--ShP9nbrDPm4GJwSVLAEwZCr8UvSIccRl9sNSwIGucbcCzgKI0pZ4EpSfgQ9YpasHHSVRADJXP3eZk2h0QgyaQ5erRIA-1xAhOrHwVOh71yzezJ-sPRzgwgc4xxvX4L54KSI7JagCv_f_pQGLBz_zp_9YYIgCqg7twpdRo1Zl5W822NgWtV62WMcNrbrZoeSNj3HhfIHboIYiVH82TFP8gdG-oR2x5mmaeX3eL1hpzoN0M7HIptiM26jysdeXQ5ki1bLD8WmC6CtrVRDk2FxWfY0TC70PRxawqlk62bWOfdTU99PxQ2ewvOBXYqGnGHB6Vzn_mSB7PSfkuS68XlqJPhuBbSkvYlMWa5wdPEXeP8KQdU8kzKU_ieNSI1Yw2XbKJmkYn22EqAHWe13Hm1aJxzcQvZFa_m8mRAJ6dF7malxAHFfRDHp97K5S6M7E4fI_u9ghIe640M9loMAuS5wbOKr5fdgo1X6ds6tJ9gLub0zQI2qxOFvzEM3SHGiFaIIg2gZSazywylZ8G4c43u6BcqMXADBkQzwx5i0cnr7hrqwyrD_8KUvyeSqEY-RHmZhoKyIn-qMEhnS4Sxubg2rYtpERQWNVRqvgyQ4ml9W2E6GxtbxWOJFCakO34UjirbcF4CDd2t4EGKFSpe0LxXBhFp4XVMvVNGdSLciMCoVCo_p-3IQVhoQcE8zqudzeOnJkGaAd5zaJy7qAuTHe9d5YQghSSOi0tcBFY9mVEMdP2C9H1XM2CNkNauc7501Y66OIxX9scGSpnc2jBmAiXabsXwl0aEVQdfB0Is4atkMcASwulrprger3XwBgE2E7LhZWBbeU571Z75Bor1ZPdzZu_Pf-2_UKo6J-Ejuagl7OMNRzNvjbxIZO7VGNjFRj7DVwdFnyYRJdCb36hSuQnnkOAcLM7CPpL_cc01Rw759qh3v-IFGZrQPGGNvZPeGu8je_uqCLqgjiDTFbzHpKCuBeMzvQ01eJ_CA2fqeu7zgRBVThqur4hZ5GvYPqI6IwAnMwWcTfAurYRSjYstR6sJLEAMHf9lyUg9FYEWDipAJ2gDXTfIueOEQj1EQZUn359dcg2708qxgGZ6nf1l2IPbaVysRN6O_waAHlaeYzHmz2isuJDD0sucGdbA5xKt8wmS4Hvuqd3P5-dEjJ8AYfrBVKhKBjIGwcj7VsgppesBBUWzZHoqGFYj_P1kmlGosgaGqlQT41Vn4Ty6N2xgqUlUa5Sf8frNZjbDJG1TTlkSk4gKi_2ErtRVxwNDp137aHa-obEWMHVcxQw9Th2QqQVNsJJgEdaBPi-oRPeABBF7oxe0YK5rcpH1IM2-Gg8unxywcqNVYaIRoCLy7NIFNBTDXFM5QCEynjWO9RpckdPgKyQ3aw_FbFKZ5nOAN-4y92BZglrhDPnjFtie8Ize1smymGwg6JO4mEgjdXwEWRdjWvRiVb1QsbqRStuqmBdCnLxNRjdWSHrHB97DRtcS7Ek9tYJ4_ocBbG74EbHYVCwcESWUJZLkSYN8Ue5K1AHkBqB_gz8gPLpEgJnZP76vGIbYj0sRlOXU-eeh8p7gJgHYK5wUxQv9Hp44bdXVfC6R-kJFnz2RU1OP7jyZUh_jQi4Eg_96dPLOA7jwfWr4aF1xqkEx-C3EOECZ3JpxQ5yqIKjRgw0BVWaXzykS0Zte2eYODt0Y-6WmFRWTvdr28b6u3wKO5B3k4HyfOcqPQxIP4uKwPztgYrpO1BjfUqqjhr-1j9G72SK2xQaHgLEYbw71zP8fGbR4QxpAdGuYahDBqvYWaiYujb5ENvNFYkdRwj-Q8StLuDS_V8IIYmappJ9MzxYb5BXF-zuJmyZYcrDXaRkF1T7zVT_p9tcz2Eqfng4dZ6qGNjcyMjhce3O3XWf_cLY9Uc8BibpLwNnuHY2cCpFDBLhhtVfdItUHtvZ21rbseNGyNJ7J9KlzCcu41nV5l9_SqxcjF8sF7ybGzlzr8a7JJLyRwQYeIUXv_AbHwa_x7BlCpWj49Tl_DJ26UItedMvDI20RnraXBuPO7iy5d0rhK5hBHKCSaSTSTYUZxT08cg4-0UjBPWs83l4A5DkrA08tVjEa39i5-PFMatKZsF3seaPKswV0_kR6Dyk2ZkiYWM3Sr7Ks9zSaCDJsZikufFsbqwj7IWBogriv74saBgLWogy8CthzSLXffwmhyKD6u-o0j-wU5iRew9_cg2dwKcJS7umbKFRq6DqFR6d4CeTMBGl6D87_MOjKUgMyQ26Al_z1rLnMLBGOxpA00quVEVvPGQZUibw7bVgXMe1TQysicbKau5EwIZWgS41Mqa0yrSGdzVt_MamJVH4ZNIxiRkCbqHonJqZTKqwb9yEWi-sOKI9dB_evAuyw_Y4jeldUQpX-Z5r6MStjptbfctVD9tHIPH1EtE5X_IFf9XTRpWtpcmcIs3KGHO-ZaCNf4JyQhNNac0kIYg-0u0UqBt2XDqBXO2QELU1ZD8zWwjOuMlJAVM-uM54zhSp3VzKca_YkYgtsPAGdCdpTVFuSgPLtssol53VqXq5K8HGdrSKkyomt3lYo1j06FsXoVK9-rCYB9J0moyJ5f-8HGTvRAkLfXtmAXcjUHgQ4liMtNqw1E-eAD4WFB2nYDHy8yo5NcCvlC6ROifZmifGAq4Myd_rw9u1J9OWCIB_QtiS73CTJJjdRihxIqDN1so3zUnEvaSdrnsKSxXpXE0&cid=CAQSSwBygQiDRVK-FklZgM0kvL6DsneNJPWSCHDGQ7ddpSfDs4SJcOVphwxgqsQN1kGpwVo3x73yoV_03AJOuUqwPlkIR8ePqDfHQW4nERgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.live4d2u.com%2F&ds=l&xdt=1&iif=1&cor=6689856002831847000&adk=2228999115&idt=113&cac=0&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d95ea547b0974a09d61104fa136f5eb6973466b6358fb06d997cc7f20ee71b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 16:58:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81530
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4123
x-xss-protection: 0
server: cafe
etag: 4541610132340792384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 May 2023 16:58:07 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230418/r20110914/ Frame F818 28 KB
11 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230418/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fcaaacbe09be7babfecfbcad09df9c01257b0ea95ee996105d6756ba75f41aa3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 20:11:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 69922
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10768
x-xss-protection: 0
server: cafe
etag: 11141491900784070631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 May 2023 20:11:35 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304180101/ 149 KB
51 KB 79ms
79ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304180101/reactive_library_fy2021.js?bust=31074065

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2dc359b9ca450ead7258b1f8a26dc6f2d8daf0a784f34b3e31ca53d64b471fcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:57 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51689
x-xss-protection: 0
server: cafe
etag: 5712967738850611704
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 Apr 2023 15:36:57 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 9853 170 KB
59 KB 47ms
42ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
Origin: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 11:36:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14438
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 24 Apr 2023 11:36:19 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230418/r20110914/elements/html/ Frame 9853 11 KB
4 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230418/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BL-5mjU9J2-cOoleyRh44igb3tDdTPdmpS7-RpmH4b32NuAXurob66-RLy_udCWMZXirLg7voecObCbTgpxk9CBGEPSYozrWFrPbT7yjL-SM3thxGb9zC-Sl5Wp-F828-1QsRLsYzVF9pHcYsTjy88ceMarbMoJf1nAW0P0EDnbVYOQF0&dbm_d=AKAmf-DF0GTnanp3pYC3eVjs36Jsn941gxw8ViqLeCBru2tULNbbEfvjdrZFEtsPFXugCymzWV9IpQL7BtVIkUPI1MIMRe4FmuR5NpiopBJLFYp5ofQ22-1btO5tlVtNY1RhkD102e6tZB67-Z2xSWrnzESVpHAUz8skd2FWfrCP54R4WC8DsM0aXIiVmn3ORAEArZkl4Dzg4CluzJTQ4bnt_C71P686dcFCJGGyrEF1uTmzb_heWOOnfFAAfno-GioEq0um_1pqXeLIsaqKZeCJXYJOBC-al0LGUuju4t1u7WlDke6UNXAD_Xdi-C79vmjm7XSLi8T0ii9sHWlz76_ollebYI1OAU0spd4erNblJhKmmLZeJCYpjDg83o2dp-cAgDmd0vZPiNaUqGn-jq-DFOkkrUJsFkcWXAncKRXwRTGXJXg1CfswSekV5Z7ddGTbsZADpuNbZ7YtAFbApuJVeOWp_v3cFZbmVYv82qXBixG_Qs7uIThGAr6CdTJUOSJlCP8D0FI8tiTjqAnU7CxV4wRU6ybxrNgvq17HTSEXrguktsii8KDm-SaVUYuzhhLlWBo40sOUAfkpVKlpD-az6uW1fzpai4RDdgtIRWvLdGkXnydGhchVyxqtcMMU3um4aAJiOJ1ORAS5RUuOvATJ3yFJw7ygmHirKnW4LBWTNNPzG_UC5M1C4zMLYolKD8eZ_RbYyvl1vDAbc9HpXpKGEOcsyVTXJ6hZvyUdt1xp5t9ldj2-D8YZbtwxqHh5HtePkaCjWRmP3v0b2bdVzXxCgNCIyohEqx_ZSDn5fZ2vTmJXDpGf29sRsMDf75FP8nGX_kB6jfJSEDsVfoTQfHzKCY9zLbalV2WM3UJAploiU6hXi9MkGytIgWcCVWzGPW8WeK_70q4yOuYDSaPA8XCXk-6MTgUFIqZnoh6cDROhRnJ9UCFdB6Hk3b98yy7as_2rt73BJzXe49zExgzfny98vjcij2W9g-jddniYgEpcmwheVOqoE3lgLed9XHZJZ3Uhy0fzkeMx4V8unTFIdsh9UmJtVvrU2RBr1XRpVHGGxwi_Cwiit_t5z9tEpJiEDRNca5FfRkIoLtWuQZtaOhLs7ur9tqPaITB4TP_ZtVNmwzVQdOlIe041Rrpmm89LFyrjWF3uTQ3pc8RAd6v1MjzKSsB_eEzZ0ayBej_Zx8pXj49ndWFmmWZbK5ARNJNJOBLK-q2HvdEd4rhRN8sy_sjFSajg5wpA5w2Jt9Z8kbBYhphbfCpcqZ7vcncS51OoGWVKyTeOuvDz7bI3fRWThsDxdKLE1TRgxaJZPCcBgZFTLbwfkl7vfRf2c51RpwilSXyoLV8zx_IH3wn0rfgdJOtmD8NAvvW2AIlpd7zvkx1sjAWfaC6LBZ9aVEYaTTUpyPSwl3T05ARaRYElziP4fMsm9fz-NvDIBaTVNeVtl1PuttxiHOr6DTEY7c_qErbjzqkzYIzp1tOkdKv1PbwKtiPNJj1Nr-5DTih6CwFx_wDPhsfdPQcJwpCyzGLdsjPrbehfr9lMsySecKXdBFp6CvLB57PqOnr31klJK5vcOW0krnA_4EhEzsw3DaKfBPstlyQtZD2l7SHjqONlQPdNNr3kcUEJR0K11JuOjyJLSf4-2UbENAS09Y3FBZuku69gwUuyJOJkFQZxl1cuU04gISzV3VIkTwK4zAia_pbLWWn7rUHbM0aVpY2cpVhec25VxmbCA90PDEh6nCB1Hn92LeJ5t_wcQmOvNYrxLStyL8TY8XWr1vchbjOWcPYWxmYqRq6-P0v8svSg2mXx5B5xvXaulsfEOipPFDGDY19JqaAKW6MdMoWceXk7sPw-phrneDSeDr0dxT4OyBM320P-GPXibHY4AKWv9jfuJTfwBFvTLJacAkqUpaJYpjxcs8t1Kl556Kl0Xdb2OVK3vybGzef1yi43EDYCLD5hAw4yOpPs0LCRCOYPxDi7Tgrkoqy6TDYoLMMHxMjhapaaZfD6xDwsSwQgLmyY_K6gyJLPkgEUKAhBVHHJX-8JExMe6L5yC__FAv7AaQWUsapBsz-lYlEUWhJlJKeAG7RbCEhzFQ2A2yzMQf1m4j-izv4_zl6YVc3dHhYOEswIxPyZnsBbazvfZA7y9ApJqy3XgOUN7NdqLq0HCkIjmsD9Z7CymnzQIjB1ovVLm6C3Vh1hOLhEx_LKJdnW1QRpvHVndZ6siShfNn7sIfqyzxicxGAKPe4NklBUDa6ocVXGSov8-_yQPIw0PeasQwC456S6CwWBPJms-qjHZFGq5UVuTyT-EzUkueGwwf1R2V4xcBjzOFYNUjaLVi2L0l62NqZfZ7HagMtnXNi89CFJKw7Qdg5S-aQuZdmY2EfsN_IPH_VpwKiLrfCpOIcgewatrGiQQgugx4yVn1OkPjbkchHJYDAQd4YVvi7-nxDutjE11WdyMZm9mUxtpDsKM7u9ikaGeIXwf6UFFA-hAyDgxQaPVE3F-YhZp62n-s79Y8vG2HQ6wZZDcq6glbIDrKuy6vuRkHqaYimiPBR5h718wAiiC5wxIprYgjgNn-D4coZtqNd4ylOutINZxcdXgdN2BoM1UmCtkz8aCIPW31y8ZtdGvowT3ptFD0sp_en-hCSPvGldVmdHuEvLrx5iCVyS4ESvksuml5jJ5LMrH4E9oeiunoRJnrputQ3qwdzuZvUItHWDOResxUCb3z-Z9yE_uvJxDVmWsLcn-3xbGhG-v8hoa6wcn34BcdqMnmFu6W7wgeZ7t-YsR0hHIrNxyibzrnVgRie51K7zCXd52uyv9siThMyRQLnt0CA2ahCg3dfu3opfUOmxjolni6LcSKJcfjoAZsIS7V2He6uXLwqSv5NMYCwKGslNQPUs2DuzRDOKm8W-DOPUR89h1jyt5CH7_jkY9W5k0bnE__gwBmt2b9t7p_1gCj1pF7gEA5XqxOFz7oD0cE_IJXc1AoBlKu-lgAx3IKOUSHUtWi9uYHPi5u3DT1gVUIIB2VhxN9Z3rmzLH1HiGoYGXHAE0j_LxKn6bJZ5WlSkRd2khaIvW4rFB6_rQKXQprOir3dQzNNb1YfMlJb61Q6f8IR5aSdyIkhCAskZhOlt3Dt0vaPt3xMppVsBesPtbX3dxCJOKVkAUbEqo6l2qGAIFz5pZBT56OzfcuDm5aEe3C-BxrScZtcfbCuk_wgVAsLKi6P364OjVkkq68geN07JjQ8C48-rO08DpAXapaY08UM60z4Tzq8XY06PgO1JKhTdGmC3sOSTeldCa1itWVlnA0GmKM2Zi8q96P84gCYDvgU-XR4cR8qf-JUC1CqIMvWLGG46vkC8aGPLvhhQC9iPy997285sTzsrSontpDFKly_optR8z95iRPhZCgWg9TgnygOCwZl1NqhQmlP7Ve3EjXzPJlu9d_hek5kKuhbEATkwlmOo_Qo1QcpWculZT2tN6ro15OYw0aXOhbqsPPleEnA1_O_IBjJQeEIZAqn0ndfMDFU8H24ntpl2SrcbYP1rvORcRlEWoET39BckzStXTmodhIJdvw1WR5jQ5jRmwa7iYn4t5kSUoDKmvKOsavRIjSGX7RJC_7da&cid=CAQSSwBygQiDRVK-FklZgM0kvL6DsneNJPWSCHDGQ7ddpSfDs4SJcOVphwxgqsQN1kGpwVo3x73yoV_03AJOuUqwPlkIR8ePqDfHQW4nERgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.live4d2u.com%2F&ds=l&xdt=1&iif=1&cor=11522231580715979000&adk=3047537735&idt=210&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d95ea547b0974a09d61104fa136f5eb6973466b6358fb06d997cc7f20ee71b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 16:58:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81530
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4123
x-xss-protection: 0
server: cafe
etag: 4541610132340792384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 May 2023 16:58:07 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230418/r20110914/ Frame 9853 28 KB
11 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230418/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fcaaacbe09be7babfecfbcad09df9c01257b0ea95ee996105d6756ba75f41aa3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 20:11:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 69922
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10768
x-xss-protection: 0
server: cafe
etag: 11141491900784070631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 May 2023 20:11:35 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F818 41 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 06:02:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 120895
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 06:02:02 GMT

GET
DATA 200
OK truncated
/ Frame F818 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 837bf9a5269ffa75feec1c38e7c6478a3e84f182e55522c85e691f489637e30e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9853 41 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 06:02:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 120895
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 06:02:02 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 4365 22 KB
8 KB 21ms
20ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 60946
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 22:41:11 GMT
expires: Sun, 21 Apr 2024 22:41:11 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 9853 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc65c0c296ccbf07de8e551b9dbe13b3b6f057c22626842a7d8e4753ea183587

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/3273998614920515497/ Frame A558 136 KB
36 KB 89ms
38ms Document
text/html 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=7RkkT51Oen&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

079330dc0edae3efff746773d76a6348237b0963407c1d22d88cc15d8fd9cf63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sun, 23 Apr 2023 15:36:57 GMT
expires: Mon, 22 Apr 2024 15:36:57 GMT
last-modified: Thu, 13 Apr 2023 09:20:47 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F818 0
0 177ms
66ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv5dhIDjgh5nAh17qsUAuTXLAD5zzDtfL7d-VKqd7h_GfsWqqmnWBj3n0Q6BsK7JKU-MuZ4r_ACw_WU4DY8HUCfqtkA5LSHSQJ_Kv7vGWA1SHXiIXRdWuca-elB5uyZZlIUb-MRiiQNOAC3PoFFvr0HleqnUL5RU0Vj0y-OZc5_L-FX6IkM5TxFQnBGAwT-PvNdLt9TOqTR5ZgoYjXJlxbKDkbQlP-jsm3vG1d0YJ1XEXeRnrI4Crnn8V5TyGb8ahqqf9506pNY3pdw-GgNAe0AwrsCzUTYpyedgE7f-YoX8jpluMdVSZ1Z3sJU845j25SjcRdphkWitpAtS5pyih6KvNjwLM5pH8KwX-UxbuEwUJbWQFRR0H-7WVN81tDKzajj6k-LsbG5b07NwsNDy5sk4ArOJ7_tZ06_0DPzGRuql19Un-lod-MI8cFPiCYCSkv14rid_jPb6HIQbVdtDbRocpBUu4lSFdxqeat61WJQMt2Jcny9q4PHe5zsYAKD94zSdHi71cJHzy05zESsbWq7tEQwLzFfClbi3rxz5_Ol_yvUon8CQiVXRAf3Il90-6G4Z9GiRACeek_Yk4bvEZT3-HJAX_f_h4i11V45VCeIzsfCT_xj1-dOPyvo3Gro7FQQTcwQiXq-ZlbQSsinZZUJiGdVWpFZYSxuXE2zN55vZawziFCnfPtIOP3TNBm3P1_0DIc88gwGLjTEdgG75Dd1yBTMWEHPbrn6RsZKpmspD16NkXpOCkSdc8UI9JdPeu689mbeA50W4WAbxzfFYhRPBt8LwGePSD24b97aeKCfJFjM8c2ADhB3fO11L71-Ep9hc4OVi7E435myvDrKGL06BOe7ILrwXYuqmA5fpvMvWy4o3BokbNdsmSUmFoAoufdwrZVjLqt2zY-K59t5nV5vF_OXB_B1qhiOL5HQ9B-VDhluL8iZFiVpPi_hO4SletqiMT9KRFPb_tsqVfbpUxv3DZk9zFIm-09dFZDU_QzRr31NflSEV0emfLvDvoC9DaartP1u91HxIkcMQtsC_IuFKxZCLkbd2TYPl5fhgbiYvuNRVFZXX2rk30jZzfPd-SLz8he5NJgp_S7CwCwZwD5VSOfG_gxQnsfFQdrXDuBc-i2kPa31-CLWI-nVc5dKy9iN8EsFHiR8DoycZXJTHO7TJMKWRFRjwyVjlm4WGd5nri-eXc7opq_xD_sceefkgb8TPRJu-bdxsB2BkDrPiSNJZl8DwmJncyCInD6PhQOcs7mSz6h15EqvpODRoqsqsdsnR4bUPDJW_IDmqVWdBpRCPoUKEq8uF0JTxk6BhAGyvKk&sai=AMfl-YT3r4dc5beHb3jgebGj-lFOPwz6gIO_9pbkQQP_ALUzIyo8ZQy1Ky4pWL_yPf31NBW9PEQis1Got4oSeUGGNvua6nSGJsclcudRN3Zbx5e9pt-1UnOnL_ZcGCiYrr2s8V9lC9ifXqPwMs7bht17cKPoE4lVIa80OPztSDCoYd9nfwmX_kj8LFt_lPiupqacia-A5Edz-lnxp8EESmyBEBtO1itkP53sd0uNvM1_lMTF7usHGoEKcgrGV1VMxBinfDCq1jQsp7cHqpKbNkvOlAntGde-2buC_Nhnqlea_g27ydFS8StwqiVQ0Q&sig=Cg0ArKJSzHH-R4GrehtmEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=158&cbvp=1&cstd=151&cisv=r20230418.11063&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 23 Apr 2023 15:36:58 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sun, 23 Apr 2023 15:36:58 GMT

GET
H3 200 FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js Show response
pagead2.googlesyndication.com/bg/ Frame 91AF 36 KB
14 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15e6712bec4c5346c30a338c6e89046998e0eaf53cc5a4b6e1bc922c3779b5e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 13:47:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 265740
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14264
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 14:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Apr 2024 13:47:57 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 798A 22 KB
8 KB 28ms
27ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 60946
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 22:41:11 GMT
expires: Sun, 21 Apr 2024 22:41:11 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.nl/adsid/ 107 B
122 B 35ms
35ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=www.live4d2u.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 36ms
35ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.live4d2u.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/ Frame A44C 10 KB
4 KB 29ms
25ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.live4d2u.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

age: 57369
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 23:40:48 GMT
etag: 2378337311435320485
expires: Sat, 06 May 2023 23:40:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/ Frame 6516 10 KB
4 KB 28ms
27ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.live4d2u.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

age: 57369
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 23:40:48 GMT
etag: 2378337311435320485
expires: Sat, 06 May 2023 23:40:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/ Frame 1FCA 10 KB
4 KB 26ms
24ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.live4d2u.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

age: 57369
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 23:40:48 GMT
etag: 2378337311435320485
expires: Sat, 06 May 2023 23:40:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/3273998614920515497/ Frame D507 136 KB
36 KB 40ms
38ms Document
text/html 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=XuSBzysLFb&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

079330dc0edae3efff746773d76a6348237b0963407c1d22d88cc15d8fd9cf63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sun, 23 Apr 2023 15:36:58 GMT
expires: Mon, 22 Apr 2024 15:36:58 GMT
last-modified: Thu, 13 Apr 2023 09:20:47 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9853 0
0 115ms
65ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv_ToZzfK4R8h9vWkvRbe_yP0sRCQAB5kz2b10v9IjqX2P3MPgIXjjWgWfIDHbVftZBR-k_XAM3L50OtknkAkqRtA96Modnp3jEgV1NblmgbCKq1rFs0BrR2KOaXBNWSCX7m9bG0mZa1gn4ma16loa7bnfS_DIYK8PYa4DtIrqTJb1OUfpZarTUfi8hbYz8Jf4PuSFnpfRUyMSe1Jq3RUGQ4sGbwyXSKGEUrVpZxBVZcCeoWM1Q2ra-7qmYrxAV9-y1FK3TWazDjEhBtcKeRkBouDpRl9VSdOphvlrYW34AkTpcEl5_GSdlBH292ldBYp0Gid1I4HPdD012N573s07nZRcdh__xE4Sc5Yr-Ltqcf_pUoc-1Hr19nfqm2SQpOFWn6L9t-k6hw_cpGbCtKmViHwCc6eBOzjbG0CqMmsNP2eqHIaTKF0n0zLCNAg93pmWRZGr-TKmJ-gWoSZYIp6tqrcPDauh25l3dc2kzx1KEMcIo19lE0XppTSkbz0yvg1b-ghjw2--46mTRkxYJXBGK9wUsjfe8FrxIrCziOXtgfsZGtJnxe_E-TwJzaTJ9tO8NQfnSme0IowuhCpKgRifTBA7nbeFBxWryEi7QgmvdzeAyTIAPmc0c7f7zWUW5aEvDOIUlpdZVpHWJ8mJgUErOGyksrP_vTb8iuw05n1DoCpBKznxxxmVZ_xTurTCXIL2feeyABbSSujcz5BhYhIP-57nNIYhSMh0_a3ZbiBCGmf51Lh5W7_lNFLMjg9bYvtc7uko1fCMe6Y9dShLOUQixqqFWajthacWY25xAKYf_ZxLWV-YYmKCip0qs6I7LQ-E9o9x7qnbmIGL_2theIHwlv5x9cj5xqMR3Wb29FwFbXUWJB7044YqyzMQjz0vVav5fTJw0q-TotWW_BAdAdF0UNJUb7AzaRTtpXGyHy2eBTPW5tcbcMKG2PMBbgimnrliNAyy4VieIjwbT22Qt0aw3hYv6U3nECErFLOAwp8-NkLmjRWFcUL3oB8ZbNSrdQmRMaBseGeSwFPtQ-Tz0UgGvWqPnzUHNyzWrBAf6SfOcaWgqhVSW9AFtzLWbZOoWR3Yd82hQkNBIrF_5qk4W1_m7fDK3_Ci2KUTmwhBR74sycA1MXZ0HIsmCLuxZOlsOfyxBtuQ4Aj24vqVk1vcnQNXaMBr_cCT_tzBD1mkXcljaEv4aow0W8U-bp3hB6gnxGA0N5a_pbiKqd21-iZ8b5Bmuh2sRFQ1z3iSERqC_1Ay8uj6WAuplv1fcFt5fs4yQEcVvhcgAWuQXqY0FtWJB2TVusqXsGgQ-xUcMaz-AFk6CuPS5TzEK&sai=AMfl-YQSN4v_sthHaf_t6rhQqGxTZ5iGQn3S4yJ0AcsxxA9xZGao8RUSgESCQOP4RmUHR_KOO1vjQfXMlxnV_OTtAYsIaQxi6esNzfgl4CH4c1CbIyt3kqSq8qvfLYWJVLSKbMHwqyfhPh-cvcR5a0sNqS1ew9_mHteVUXBTzaCweqR5nZdT8Mx2wmJ52D92D0dr9GnywA1ugRoI1L0LBm4qOnV2B2nQbnyl8o59U6TQ7asdl3CAm8_yPo8rqFClZF5pLPphTC2rEZ01AdI1TQEimire6sLZnNp2Q2epsF_izfxArTjpv38YmVlosg&sig=Cg0ArKJSzFP8hfWuulibEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=158&cbvp=1&cstd=154&cisv=r20230418.25604&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 23 Apr 2023 15:36:58 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sun, 23 Apr 2023 15:36:58 GMT

GET
H3 200 FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js Show response
pagead2.googlesyndication.com/bg/ Frame 4365 36 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15e6712bec4c5346c30a338c6e89046998e0eaf53cc5a4b6e1bc922c3779b5e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 13:47:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 265741
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14264
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 14:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Apr 2024 13:47:57 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame A558 118 KB
40 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=7RkkT51Oen&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=7RkkT51Oen&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 08:32:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25481
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 24 Apr 2023 08:32:17 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame A44C 6 KB
793 B 32ms
31ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f323fc9e13fd6a7758914ff9eefe58a1828eceaf1fe979659b1117694910c1e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 23 Apr 2023 15:36:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 23 Apr 2023 15:31:13 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 23 Apr 2023 15:36:58 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame A44C 2 KB
765 B 23ms
23ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 16:53:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81787
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 May 2023 16:53:51 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/ Frame A44C 21 KB
8 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

85f5fa4e4e018f353a57795fac053b8440905db9cda4a7d18147d48e8d77e233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 13:36:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7257
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8535
x-xss-protection: 0
server: cafe
etag: 13968503839060854674
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 07 May 2023 13:36:01 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame A44C 3 KB
1 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 13:36:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7257
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 07 May 2023 13:36:01 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame A44C 19 KB
8 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2db6489d44c93f3301f1969a58df60a3d7e36c3c892fc0976dadf1f761d569cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 06:15:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33669
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8104
x-xss-protection: 0
server: cafe
etag: 11444945707709536616
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 07 May 2023 06:15:49 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A44C 159 KB
49 KB 34ms
33ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681929791789681"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 23 Apr 2023 15:36:58 GMT

GET
H3 200 f8970ecc2196f374e9d99027c476dd6b.js Show response
www.gstatic.com/mysidia/ Frame A44C 32 KB
13 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f8970ecc2196f374e9d99027c476dd6b.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

56cb66844b6e4806082b345cc9bf870b3e2493a6f4e277b865d85666f0fac439

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 12:00:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 272183
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13747
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 02:08:12 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 19 Jul 2023 12:00:35 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame D507 118 KB
40 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=XuSBzysLFb&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=XuSBzysLFb&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 08:32:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25481
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 24 Apr 2023 08:32:17 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/ Frame 6516 21 KB
8 KB 28ms
19ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

85f5fa4e4e018f353a57795fac053b8440905db9cda4a7d18147d48e8d77e233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 13:36:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7257
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8535
x-xss-protection: 0
server: cafe
etag: 13968503839060854674
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 07 May 2023 13:36:01 GMT

GET
H3 200 2798493283147321147
tpc.googlesyndication.com/simgad/ Frame 6516 50 KB
50 KB 31ms
22ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2798493283147321147?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmiUtpobVMXRtC3RN42m0z3jM2GUw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

84a5e9a46e2c9bd8b6ccd99aafbb8623105a8ed4db5ada26aecd973482f98444

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 22:19:13 GMT
x-content-type-options: nosniff
age: 62265
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51629
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 06:30:03 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 21 Apr 2024 22:19:13 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame 6516 3 KB
1 KB 30ms
22ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 13:36:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7257
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 07 May 2023 13:36:01 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame 6516 19 KB
8 KB 29ms
20ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2db6489d44c93f3301f1969a58df60a3d7e36c3c892fc0976dadf1f761d569cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 06:15:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33669
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8104
x-xss-protection: 0
server: cafe
etag: 11444945707709536616
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 07 May 2023 06:15:49 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6516 159 KB
49 KB 42ms
31ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681929791789681"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 23 Apr 2023 15:36:58 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame 6516 32 KB
13 KB 36ms
25ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3e4e65e7db3c40d4bb9c16f3e85e1e7ed107d564d25c56e3170b38da5460506f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 18:58:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74315
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13160
x-xss-protection: 0
server: cafe
etag: 2897017380701680925
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 May 2023 18:58:23 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 1FCA 9 KB
996 B 33ms
30ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

400fabe35a47597142482001174f415493a18dc7e1d35f2f66385013b7dd1e02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 23 Apr 2023 15:36:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 23 Apr 2023 13:47:39 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 23 Apr 2023 15:36:58 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame 1FCA 2 KB
765 B 25ms
22ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 16:53:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81787
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 May 2023 16:53:51 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 1FCA 0
0 65ms
63ms Fetch
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CVSJzmVBFZM6DBKqQmLAPuu2REPa2vYZwuL7p05QR9pXI5YwOEAEg7fuSIGCRBKABjeuugynIAQmpAvNter1X27Q-qAMByAPLBKoE1wFP0DOsU1ChxH8M6XF5gfltxqIYZk3PdulVZbXKwxow2IVZQCD1D6TrUpEbjRiF2rOeBF0DR_t33yOmIjVpyvFJOwSj0mPL6u565O2IsxiL-0fFePMlLCb-bOZeyo-iwMLFtEAXEmdUDjrWv1tU1NwwEn8lJHKNUhLVvVUk3xpmfh7iL7E6Fjenexo0-8B_iOOrvsUgMKw_8QFh5B2u6cQMp5vgAVtn4AP9Cf_2-RIqWuJnlXMuHLs5YUTZS21p1JwXVfwIlIQBK5Xb5tJCgzZPP_mXswro9MAEqduFyrQEkgUECAQYAZIFBAgFGASgBi6AB42j_-IDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQqJ0F0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwrQFQGAFwGyFxwKGggAEhRwdWItMzA3ODE5NzE4MDM1OTgxMhgA&sigh=H_9ku_x-WbM&uach_m=[UACH]&cid=CAQSGwBygQiDv5jW7dFmxxQx62nw4Gyf2pg9E5ZFKhgB&template_id=5000

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 23 Apr 2023 15:36:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/ Frame 1FCA 21 KB
8 KB 25ms
23ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

85f5fa4e4e018f353a57795fac053b8440905db9cda4a7d18147d48e8d77e233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 13:36:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7257
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8535
x-xss-protection: 0
server: cafe
etag: 13968503839060854674
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 07 May 2023 13:36:01 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame 1FCA 3 KB
1 KB 26ms
24ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 13:36:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7257
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 07 May 2023 13:36:01 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame 1FCA 19 KB
8 KB 26ms
24ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2db6489d44c93f3301f1969a58df60a3d7e36c3c892fc0976dadf1f761d569cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 06:15:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33669
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8104
x-xss-protection: 0
server: cafe
etag: 11444945707709536616
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 07 May 2023 06:15:49 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1FCA 159 KB
49 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681929791789681"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 23 Apr 2023 15:36:58 GMT

GET
H3 200 f8970ecc2196f374e9d99027c476dd6b.js Show response
www.gstatic.com/mysidia/ Frame 1FCA 32 KB
13 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f8970ecc2196f374e9d99027c476dd6b.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

56cb66844b6e4806082b345cc9bf870b3e2493a6f4e277b865d85666f0fac439

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 12:00:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 272183
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13747
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 02:08:12 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 19 Jul 2023 12:00:35 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/188941235232310372/ Frame 1FCA 18 KB
18 KB 22ms
21ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/188941235232310372/14763004658117789537?w=400&h=209

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e6402b9370cc0670cc9c0b0b2af59803bc36676b7a6b58c1a0a34595375f7c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 23:07:17 GMT
x-content-type-options: nosniff
age: 232181
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18300
x-xss-protection: 0
last-modified: Thu, 20 Apr 2023 06:59:44 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 19 Apr 2024 23:07:17 GMT

GET
DATA 200
OK truncated
/ Frame 1FCA 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 00526e46a0cd4e0849012e53b5a9a2d003af41042d22f7cd4d6e2aaeb38577fd

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 1FCA 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 integrator.js Show response
adservice.google.nl/adsid/ 107 B
122 B 30ms
29ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=www.live4d2u.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 30ms
30ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.live4d2u.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 19 KB
8 KB 401ms
401ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4459930239540501&correlator=4338768174548134&eid=31072879&output=ldjh&gdfp_req=1&vrg=202304180101&ptt=17&impl=fifs&iu_parts=424536528%3A32409680%2C1539488_live4d2u.net_Wipead&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C336x280&ifi=8&adks=3424586254&didk=2210691861&sfv=1-0-40&prev_scp=cpt%3Dtrue%26cptver%3D2.23.0%26slotdiv%3D1539488_live4d2u.net_Wipead_PC%26mini_cpt_type%3Ddirect&cust_params=geniee_pv%3D5e7d6fad-2aa9-4db1-be8a-af5197a6c1e8%26cpt_type%3Ddefault&sc=1&cookie=ID%3D2c98092368c4de49%3AT%3D1682264216%3AS%3DALNI_MYhtDGKe-vD-KGwVPPsMQOmNxeCqA&gpic=UID%3D00000c08adf47f2b%3AT%3D1682264216%3ART%3D1682264216%3AS%3DALNI_MacOjCefPxFBak9FbKCIwd7fMU_8A&abxe=1&dt=1682264218205&lmt=1682264212&dlt=1682264216464&idt=319&adxs=0&adys=3077&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.live4d2u.com%2F&frm=20&vis=1&psz=1600x0&msz=1600x0&fws=0&ohw=0&ga_vid=689703812.1682264217&ga_sid=1682264217&ga_hid=1545632594&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

62404c692127b6474af44eaca44141e40047f9af6871819b602149f289518c21

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8605
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.live4d2u.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js Show response
pagead2.googlesyndication.com/bg/ Frame 798A 36 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15e6712bec4c5346c30a338c6e89046998e0eaf53cc5a4b6e1bc922c3779b5e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 13:47:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 265741
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14264
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 14:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Apr 2024 13:47:57 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D6FD 143 B
166 B 21ms
20ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

age: 2419
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 23 Apr 2023 14:56:39 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Ambit-Bold.woff
s0.2mdn.net/sadbundle/3273998614920515497/ Frame A558 37 KB
37 KB 21ms
20ms Font
font/woff 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/3273998614920515497/Ambit-Bold.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=7RkkT51Oen&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

620f78285fcec185cf13e3f850abbdd5aced51cf669f48d53fe2f36cf2df331d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=7RkkT51Oen&t=1&renderingType=2&ev=01_247
Origin: https://s0.2mdn.net
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 18:23:02 GMT
x-content-type-options: nosniff
age: 76436
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37416
x-xss-protection: 0
last-modified: Thu, 13 Apr 2023 09:20:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 18:23:02 GMT

GET
H3 200 Ambit-Bold.woff
s0.2mdn.net/sadbundle/3273998614920515497/ Frame D507 37 KB
37 KB 20ms
20ms Font
font/woff 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/3273998614920515497/Ambit-Bold.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=XuSBzysLFb&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

620f78285fcec185cf13e3f850abbdd5aced51cf669f48d53fe2f36cf2df331d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=XuSBzysLFb&t=1&renderingType=2&ev=01_247
Origin: https://s0.2mdn.net
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 18:23:02 GMT
x-content-type-options: nosniff
age: 76436
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37416
x-xss-protection: 0
last-modified: Thu, 13 Apr 2023 09:20:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 18:23:02 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F818 0
0 58ms
58ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv5dhIDjgh5nAh17qsUAuTXLAD5zzDtfL7d-VKqd7h_GfsWqqmnWBj3n0Q6BsK7JKU-MuZ4r_ACw_WU4DY8HUCfqtkA5LSHSQJ_Kv7vGWA1SHXiIXRdWuca-elB5uyZZlIUb-MRiiQNOAC3PoFFvr0HleqnUL5RU0Vj0y-OZc5_L-FX6IkM5TxFQnBGAwT-PvNdLt9TOqTR5ZgoYjXJlxbKDkbQlP-jsm3vG1d0YJ1XEXeRnrI4Crnn8V5TyGb8ahqqf9506pNY3pdw-GgNAe0AwrsCzUTYpyedgE7f-YoX8jpluMdVSZ1Z3sJU845j25SjcRdphkWitpAtS5pyih6KvNjwLM5pH8KwX-UxbuEwUJbWQFRR0H-7WVN81tDKzajj6k-LsbG5b07NwsNDy5sk4ArOJ7_tZ06_0DPzGRuql19Un-lod-MI8cFPiCYCSkv14rid_jPb6HIQbVdtDbRocpBUu4lSFdxqeat61WJQMt2Jcny9q4PHe5zsYAKD94zSdHi71cJHzy05zESsbWq7tEQwLzFfClbi3rxz5_Ol_yvUon8CQiVXRAf3Il90-6G4Z9GiRACeek_Yk4bvEZT3-HJAX_f_h4i11V45VCeIzsfCT_xj1-dOPyvo3Gro7FQQTcwQiXq-ZlbQSsinZZUJiGdVWpFZYSxuXE2zN55vZawziFCnfPtIOP3TNBm3P1_0DIc88gwGLjTEdgG75Dd1yBTMWEHPbrn6RsZKpmspD16NkXpOCkSdc8UI9JdPeu689mbeA50W4WAbxzfFYhRPBt8LwGePSD24b97aeKCfJFjM8c2ADhB3fO11L71-Ep9hc4OVi7E435myvDrKGL06BOe7ILrwXYuqmA5fpvMvWy4o3BokbNdsmSUmFoAoufdwrZVjLqt2zY-K59t5nV5vF_OXB_B1qhiOL5HQ9B-VDhluL8iZFiVpPi_hO4SletqiMT9KRFPb_tsqVfbpUxv3DZk9zFIm-09dFZDU_QzRr31NflSEV0emfLvDvoC9DaartP1u91HxIkcMQtsC_IuFKxZCLkbd2TYPl5fhgbiYvuNRVFZXX2rk30jZzfPd-SLz8he5NJgp_S7CwCwZwD5VSOfG_gxQnsfFQdrXDuBc-i2kPa31-CLWI-nVc5dKy9iN8EsFHiR8DoycZXJTHO7TJMKWRFRjwyVjlm4WGd5nri-eXc7opq_xD_sceefkgb8TPRJu-bdxsB2BkDrPiSNJZl8DwmJncyCInD6PhQOcs7mSz6h15EqvpODRoqsqsdsnR4bUPDJW_IDmqVWdBpRCPoUKEq8uF0JTxk6BhAGyvKk&sai=AMfl-YT3r4dc5beHb3jgebGj-lFOPwz6gIO_9pbkQQP_ALUzIyo8ZQy1Ky4pWL_yPf31NBW9PEQis1Got4oSeUGGNvua6nSGJsclcudRN3Zbx5e9pt-1UnOnL_ZcGCiYrr2s8V9lC9ifXqPwMs7bht17cKPoE4lVIa80OPztSDCoYd9nfwmX_kj8LFt_lPiupqacia-A5Edz-lnxp8EESmyBEBtO1itkP53sd0uNvM1_lMTF7usHGoEKcgrGV1VMxBinfDCq1jQsp7cHqpKbNkvOlAntGde-2buC_Nhnqlea_g27ydFS8StwqiVQ0Q&sig=Cg0ArKJSzHH-R4GrehtmEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=597&vt=11&dtpt=439&dett=3&cstd=151&cisv=r20230418.11063&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 23 Apr 2023 15:36:58 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9853 0
0 58ms
58ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv_ToZzfK4R8h9vWkvRbe_yP0sRCQAB5kz2b10v9IjqX2P3MPgIXjjWgWfIDHbVftZBR-k_XAM3L50OtknkAkqRtA96Modnp3jEgV1NblmgbCKq1rFs0BrR2KOaXBNWSCX7m9bG0mZa1gn4ma16loa7bnfS_DIYK8PYa4DtIrqTJb1OUfpZarTUfi8hbYz8Jf4PuSFnpfRUyMSe1Jq3RUGQ4sGbwyXSKGEUrVpZxBVZcCeoWM1Q2ra-7qmYrxAV9-y1FK3TWazDjEhBtcKeRkBouDpRl9VSdOphvlrYW34AkTpcEl5_GSdlBH292ldBYp0Gid1I4HPdD012N573s07nZRcdh__xE4Sc5Yr-Ltqcf_pUoc-1Hr19nfqm2SQpOFWn6L9t-k6hw_cpGbCtKmViHwCc6eBOzjbG0CqMmsNP2eqHIaTKF0n0zLCNAg93pmWRZGr-TKmJ-gWoSZYIp6tqrcPDauh25l3dc2kzx1KEMcIo19lE0XppTSkbz0yvg1b-ghjw2--46mTRkxYJXBGK9wUsjfe8FrxIrCziOXtgfsZGtJnxe_E-TwJzaTJ9tO8NQfnSme0IowuhCpKgRifTBA7nbeFBxWryEi7QgmvdzeAyTIAPmc0c7f7zWUW5aEvDOIUlpdZVpHWJ8mJgUErOGyksrP_vTb8iuw05n1DoCpBKznxxxmVZ_xTurTCXIL2feeyABbSSujcz5BhYhIP-57nNIYhSMh0_a3ZbiBCGmf51Lh5W7_lNFLMjg9bYvtc7uko1fCMe6Y9dShLOUQixqqFWajthacWY25xAKYf_ZxLWV-YYmKCip0qs6I7LQ-E9o9x7qnbmIGL_2theIHwlv5x9cj5xqMR3Wb29FwFbXUWJB7044YqyzMQjz0vVav5fTJw0q-TotWW_BAdAdF0UNJUb7AzaRTtpXGyHy2eBTPW5tcbcMKG2PMBbgimnrliNAyy4VieIjwbT22Qt0aw3hYv6U3nECErFLOAwp8-NkLmjRWFcUL3oB8ZbNSrdQmRMaBseGeSwFPtQ-Tz0UgGvWqPnzUHNyzWrBAf6SfOcaWgqhVSW9AFtzLWbZOoWR3Yd82hQkNBIrF_5qk4W1_m7fDK3_Ci2KUTmwhBR74sycA1MXZ0HIsmCLuxZOlsOfyxBtuQ4Aj24vqVk1vcnQNXaMBr_cCT_tzBD1mkXcljaEv4aow0W8U-bp3hB6gnxGA0N5a_pbiKqd21-iZ8b5Bmuh2sRFQ1z3iSERqC_1Ay8uj6WAuplv1fcFt5fs4yQEcVvhcgAWuQXqY0FtWJB2TVusqXsGgQ-xUcMaz-AFk6CuPS5TzEK&sai=AMfl-YQSN4v_sthHaf_t6rhQqGxTZ5iGQn3S4yJ0AcsxxA9xZGao8RUSgESCQOP4RmUHR_KOO1vjQfXMlxnV_OTtAYsIaQxi6esNzfgl4CH4c1CbIyt3kqSq8qvfLYWJVLSKbMHwqyfhPh-cvcR5a0sNqS1ew9_mHteVUXBTzaCweqR5nZdT8Mx2wmJ52D92D0dr9GnywA1ugRoI1L0LBm4qOnV2B2nQbnyl8o59U6TQ7asdl3CAm8_yPo8rqFClZF5pLPphTC2rEZ01AdI1TQEimire6sLZnNp2Q2epsF_izfxArTjpv38YmVlosg&sig=Cg0ArKJSzFP8hfWuulibEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=542&vt=11&dtpt=384&dett=3&cstd=154&cisv=r20230418.25604&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 23 Apr 2023 15:36:58 GMT

GET
DATA 200
OK truncated
/ Frame 1FCA 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 893b253b58c18dd8d45a5a761eb5af63d1ff88a3694200f08197fd4585bfde4f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame A558 7 KB
6 KB 68ms
67ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d7cfc6d02351949b96a3db5388d66150213c2dc212ea11f51f01324af7daf39b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5667
x-xss-protection: 0

GET
H3 200 prod_studio_01_247_configurablemodule.js Show response
s0.2mdn.net/879366/ Frame A558 31 KB
10 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/prod_studio_01_247_configurablemodule.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8460aaf36b73e229c6b0fcaf7bac791e23c3145e87de6a04d0d91541e39289b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=7RkkT51Oen&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 05:50:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35195
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10616
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:04 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 24 Apr 2023 05:50:23 GMT

GET
DATA 200
OK truncated
/ Frame 6516 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 53ae3ed5ba1384a72c98abc0c00bf0a734dc388ce75af142778880befe392ee8

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 2076313506083323656
tpc.googlesyndication.com/simgad/18153533649528090967/ Frame A44C 23 KB
23 KB 22ms
22ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/18153533649528090967/2076313506083323656

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

99ed37a70d28ef92ed0f8a5509f552666aaffd35c39efbc3d30eae701db77c20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 15:13:15 GMT
x-content-type-options: nosniff
age: 174223
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23563
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 15:05:35 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 20 Apr 2024 15:13:15 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/5740314166912729658/ Frame A44C 4 KB
4 KB 21ms
21ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5740314166912729658/14763004658117789537?w=100&h=100

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c92274682a6f141ebd59c7645ee94423f3bb0b12173b849e86ce4237a774659f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 17:12:02 GMT
x-content-type-options: nosniff
age: 80696
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4295
x-xss-protection: 0
last-modified: Sun, 26 Jun 2022 21:57:55 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 21 Apr 2024 17:12:02 GMT

GET
DATA 200
OK truncated
/ Frame A44C 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame A44C 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8fb69ff3d18a80dc359f8998113b8219aab0d5ab3f630fb8bd6d8457d065c12a

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D6FD
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

50ms
47ms

Document
text/html

2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 23 Apr 2023 15:36:58 GMT
expires: Sun, 23 Apr 2023 15:36:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 23 Apr 2023 15:36:58 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js Show response
pagead2.googlesyndication.com/bg/ Frame 1BB1 36 KB
14 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15e6712bec4c5346c30a338c6e89046998e0eaf53cc5a4b6e1bc922c3779b5e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 13:47:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 265741
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14264
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 14:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Apr 2024 13:47:57 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 6516 0
19 B 69ms
65ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cz1TomVBFZM2DBKqQmLAPuu2REJzdnpVwjonekfYQ29keEAEg7fuSIGCRBKABh4O_9wPIAQKoAwHIA8kEqgTRAU_QiKZgZJtllOcf6kXC4Bhqmhk460VsSH7oI7dgzyaEvlHe1SqPKKlml4Hm3Tx9ff5sdV1ZGdak2idabDvdmnxGPcfq6gNyFf1LrM5_7Ro8nBD3SVbLKPFEZ1c6sXd-JP-H9BUBEOkH5m5Ru0WB6FZUVa0wwGrR-JhA0pvNbfL-Ky1Ylsx6PO5bWHXNkugaHEyu5LrebiB9U7Hp1OjM8V-WQGmfR0RXYzm1kQyoUsqVjPQIVF4VA1mSgxcHRqsyzOqw4Kt3YIawnFnPO9J9sFyiwASkwejAmASSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGAoAHprv-hQGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDQjwbSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDNAVAYAXAbIXHAoaCAASFHB1Yi0zMDc4MTk3MTgwMzU5ODEyGAA&sigh=6JAlHlEpOMI&uach_m=[UACH]&cid=CAQSGwBygQiDv5jW7dFmxxQx62nw4Gyf2pg9E5ZFKhgB&vis=1

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 23 Apr 2023 15:36:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js Show response
pagead2.googlesyndication.com/bg/ Frame 06EB 36 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15e6712bec4c5346c30a338c6e89046998e0eaf53cc5a4b6e1bc922c3779b5e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 13:47:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 265741
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14264
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 14:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Apr 2024 13:47:57 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame A558 17 KB
6 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 23 Apr 2023 15:36:58 GMT

GET
H3 200 FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js Show response
pagead2.googlesyndication.com/bg/ Frame 6848 36 KB
14 KB 30ms
30ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15e6712bec4c5346c30a338c6e89046998e0eaf53cc5a4b6e1bc922c3779b5e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 13:47:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 265741
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14264
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 14:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Apr 2024 13:47:57 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame D507 7 KB
6 KB 65ms
64ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9c53a407fc61ca95792d5fa8f35557c94f41771b54fad35e94780e0b0df92875

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5732
x-xss-protection: 0

GET
H3 200 prod_studio_01_247_configurablemodule.js Show response
s0.2mdn.net/879366/ Frame D507 31 KB
10 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/prod_studio_01_247_configurablemodule.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8460aaf36b73e229c6b0fcaf7bac791e23c3145e87de6a04d0d91541e39289b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=XuSBzysLFb&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 05:50:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35195
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10616
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:04 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 24 Apr 2023 05:50:23 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame A44C 0
19 B 63ms
63ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CZ2EumVBFZMyDBKqQmLAPuu2REMyHrJxqq8j28rwO29keEAEg7fuSIGCRBKAB0qOM_wPIAQmpAm9kdFcwbrI-qAMByAPLBKoEyQFP0HdIrqep086nDVEJIYqwq82pJSnCrGHkj-UBJD4iIVTs2ueS3q6QbnsShDyETxa3seNh_SOmQ3ymVG2oe-Qt8VP4KFx88XyY6nj7FKGasYFTXhy9ZVA0cebCEXPFv1F-GUIcukOOEDE0RbuiFhR3N9HNtn7AqbRHzIVaf4REuMqhS7Z9oLjZwYl7N_ZlawV9yHyU-yttRRhp62-HsVlFqdYulgwQFC0i5amcTUiU679Z650OmkveFOM8ouN3denC5tYpblKb4WfABLyrxKLTA6AGLoAHltxzqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQ6b4G0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwG4E-QD2BMDiBQB0BUBmBYBgBcBshccChoIABIUcHViLTMwNzgxOTcxODAzNTk4MTIYAA&sigh=OpRQToYBLX0&uach_m=[UACH]&cid=CAQSGwBygQiDv5jW7dFmxxQx62nw4Gyf2pg9E5ZFKhgB&template_id=484&vis=1

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 23 Apr 2023 15:36:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame D507 17 KB
6 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 23 Apr 2023 15:36:58 GMT

GET
H3 200 container.html Show response
a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0BE6 6 KB
3 KB 20ms
20ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.live4d2u.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 23 Apr 2023 15:36:56 GMT
expires: Mon, 22 Apr 2024 15:36:56 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Tekengebied_1_kopie_ren_4.png
s0.2mdn.net/sadbundle/3273998614920515497/ Frame A558 4 KB
4 KB 21ms
20ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/3273998614920515497/Tekengebied_1_kopie_ren_4.png

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8c31557e60941dc1626ba78570f96f5c2e496f14df3da2aa1df51e963e5a015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=7RkkT51Oen&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 20:17:04 GMT
x-content-type-options: nosniff
age: 69594
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4487
x-xss-protection: 0
last-modified: Thu, 13 Apr 2023 09:20:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 20:17:04 GMT

GET
H3 200 bg_lhs.jpg
s0.2mdn.net/sadbundle/3273998614920515497/ Frame A558 20 KB
20 KB 22ms
21ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/3273998614920515497/bg_lhs.jpg

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c0d674926591125b2533618175d1334d26f7704e3ac7fdec0d75f1497543c51d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=7RkkT51Oen&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 18:36:37 GMT
x-content-type-options: nosniff
age: 75621
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20627
x-xss-protection: 0
last-modified: Thu, 13 Apr 2023 09:20:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 18:36:37 GMT

GET
H3 200 background.jpg
s0.2mdn.net/sadbundle/3273998614920515497/ Frame A558 9 KB
9 KB 21ms
21ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/3273998614920515497/background.jpg

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8959c76b62cb0a1d55b546b00d4d8563bdbaee45fd7cc2e77a7721ff219a39f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=7RkkT51Oen&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 18:35:28 GMT
x-content-type-options: nosniff
age: 75690
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9673
x-xss-protection: 0
last-modified: Thu, 13 Apr 2023 09:20:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 18:35:28 GMT

GET
H3 200 FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js Show response
pagead2.googlesyndication.com/bg/ Frame 8813 36 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15e6712bec4c5346c30a338c6e89046998e0eaf53cc5a4b6e1bc922c3779b5e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 13:47:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 265741
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14264
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 14:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Apr 2024 13:47:57 GMT

GET
H3 200 Tekengebied_1_kopie_ren_4.png
s0.2mdn.net/sadbundle/3273998614920515497/ Frame D507 4 KB
4 KB 23ms
22ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/3273998614920515497/Tekengebied_1_kopie_ren_4.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=XuSBzysLFb&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8c31557e60941dc1626ba78570f96f5c2e496f14df3da2aa1df51e963e5a015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=XuSBzysLFb&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 20:17:04 GMT
x-content-type-options: nosniff
age: 69594
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4487
x-xss-protection: 0
last-modified: Thu, 13 Apr 2023 09:20:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 20:17:04 GMT

GET
H3 200 bg_lhs.jpg
s0.2mdn.net/sadbundle/3273998614920515497/ Frame D507 20 KB
20 KB 23ms
22ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/3273998614920515497/bg_lhs.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=XuSBzysLFb&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c0d674926591125b2533618175d1334d26f7704e3ac7fdec0d75f1497543c51d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=XuSBzysLFb&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 18:36:37 GMT
x-content-type-options: nosniff
age: 75621
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20627
x-xss-protection: 0
last-modified: Thu, 13 Apr 2023 09:20:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 18:36:37 GMT

GET
H3 200 background.jpg
s0.2mdn.net/sadbundle/3273998614920515497/ Frame D507 9 KB
9 KB 24ms
23ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/3273998614920515497/background.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=XuSBzysLFb&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8959c76b62cb0a1d55b546b00d4d8563bdbaee45fd7cc2e77a7721ff219a39f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=XuSBzysLFb&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 18:35:28 GMT
x-content-type-options: nosniff
age: 75690
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9673
x-xss-protection: 0
last-modified: Thu, 13 Apr 2023 09:20:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 18:35:28 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 8DF0 624 B
245 B 62ms
60ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvoMhDRuDMYsL6EwQEwAQ&v=APEucNUfi2WsquV8Kz-qLjtXiRsOk9hnUBrv3MRvbwoauy-Xz62ebmB5zfE0icS9ufaSkRWQgwRPwL2AdORhiGerIzLNi8G_H0bki1orB9xcNDI9VyP7Dy6y1aODZRfDDWaKr6QjrqYqcotITCD27Mwr6t0a-3DuvbV3GXb8NOOytf55hh-ndgs

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 23 Apr 2023 15:36:58 GMT
expires: Sun, 23 Apr 2023 15:36:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 0BE6 78 KB
27 KB 75ms
73ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28043
x-xss-protection: 0
server: cafe
etag: 15270303690107644053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sun, 23 Apr 2023 15:36:58 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0BE6 42 B
63 B 55ms
53ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D21vgPJmJTUvfoohcy2mSn5ZPmtqmLK0hQEj5sHnmR74LtUYW9cbYeb_brvJ5iiIoaGN9EIJM3EyBgFw1Z1qgE23x3RbYfNjvuTLrZHZwMdpbrTJY

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0BE6 0
20 B 57ms
54ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=12424547260197482643&x=1&ct=76

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame 0BE6 3 KB
1 KB 22ms
20ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/window_focus_fy2021.js

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 13:36:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7257
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 07 May 2023 13:36:01 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/ Frame 0BE6 19 KB
8 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230418/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2db6489d44c93f3301f1969a58df60a3d7e36c3c892fc0976dadf1f761d569cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 06:15:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33669
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8104
x-xss-protection: 0
server: cafe
etag: 11444945707709536616
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 07 May 2023 06:15:49 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 0BE6 0
0 29ms
27ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ9QbRml2JxYH84wjq5mIaNzVv2nRDuEdQ34cFC7YyR7Lz3KOhmrW0Si3oqE-3kR1K-mH4jtjb9XCmXQ4Lyebtk6W4j_A
Requested by: Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0BE6 159 KB
49 KB 33ms
31ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49672
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681929791789681"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 23 Apr 2023 15:36:58 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F818 42 B
64 B 60ms
58ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuOYVqnQl-HVV_YD68uUEXd9zDh2P3vuLTnhXOSDyu408cJuzThNuGgpUKdQtxLld1OxWRaOgWJU7HZNnGvCozMMTMselB262P3yn2dVQQJrXGSYH_cNWZkl2I3_TaKyIhRTQFrRg&sai=AMfl-YSWBc3YdJPtbCjE5fITMpDmCDvyDTViXJtBAgjUZloGSNDM0_5iiezTVZxPzVRZWiosCc8e231M61tzIn1p5YGWuxmD55ybSVNc3vZgtpDKnPeRkTqi8wIrnARJecebhnOiz56EHXdaCyFK&sig=Cg0ArKJSzAWCAznDkxqDEAE&cid=CAQSSwBygQiDRVK-FklZgM0kvL6DsneNJPWSCHDGQ7ddpSfDs4SJcOVphwxgqsQN1kGpwVo3x73yoV_03AJOuUqwPlkIR8ePqDfHQW4nERgB&id=lidar2&mcvt=1026&p=835,318,1085,618&mtos=1026,1026,1026,1026,1026&tos=1026,0,0,0,0&v=20230419&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3925281353&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1682264217361&rpt=479&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame A558 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 bg_lhs.jpg
s0.2mdn.net/sadbundle/3273998614920515497/ Frame A558 20 KB
20 KB 22ms
19ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/3273998614920515497/bg_lhs.jpg

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c0d674926591125b2533618175d1334d26f7704e3ac7fdec0d75f1497543c51d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=7RkkT51Oen&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 18:36:37 GMT
x-content-type-options: nosniff
age: 75621
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20627
x-xss-protection: 0
last-modified: Thu, 13 Apr 2023 09:20:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 18:36:37 GMT

GET
H3 200 Tekengebied_1_kopie_ren_4.png
s0.2mdn.net/sadbundle/3273998614920515497/ Frame A558 4 KB
4 KB 25ms
22ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/3273998614920515497/Tekengebied_1_kopie_ren_4.png

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8c31557e60941dc1626ba78570f96f5c2e496f14df3da2aa1df51e963e5a015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=7RkkT51Oen&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 20:17:04 GMT
x-content-type-options: nosniff
age: 69594
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4487
x-xss-protection: 0
last-modified: Thu, 13 Apr 2023 09:20:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 20:17:04 GMT

GET
H3 200 FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js Show response
pagead2.googlesyndication.com/bg/ Frame C6CB 36 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15e6712bec4c5346c30a338c6e89046998e0eaf53cc5a4b6e1bc922c3779b5e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 13:47:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 265741
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14264
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 14:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Apr 2024 13:47:57 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4365 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BePjQmVBFZIHfI8-yx_APgZyeqAMAAAAAOAHgBAI&bg=!wcKlwpbNAAYfNdXmPzU7ADkAdvg8WrCLvuRdK8cdNN38ySmtT4wrMrcSxDzbDAvIPQhJ7RBCrDqsYBDiyyi-uhT8SXhJtujKMPkCAAACPlIAAAAIaAEHmQM-BAvliln8MSEpdaPqWi2RWrsO8WM8MtU4LZOjH2r2tIaqzior36fMT90vpYbvouwu3nv__vbEpX6gAiuRC6MDFYoqTYUx7mAYJwpFfs8G_xegISbRcrH3tJ9CLgXjzENpm1nJrSa1ArSAAZ5LBOPb97N4QhsBe-R_ELTT0m-mLp5fN3_DJDeExVBFaUlIG2x-6ets18aoHXmk6CfbHYvsTGNPvRRVv6dQnzAwWJn1Yd9Nz7qBYgQtH5HLwxjYyG7chyY04DHuDYDA-40lC6OGcxvAwaK1cML-LlYN73l6lqfEq33LQbmbgKhxssnKRwPLavJLq9ABeh3kH5h35F8c5oFxioHyXs9FxBLSyagoDjZbF-uTOU8E1HZCwUY6_2DNgotFBUG9RCJMtF2d23QlE80QR0NspItKcm1BoufH0enc4y4ihGd_kwFlZbLBmvz5K8ozZTng8IzlnB0n_lZlftvouiqinYrqzBAILgCVr8TiloCkxtAYo0OAmTiH7UM4yp9v-cr9x8RkLxBYVPQlIl0v3qow2oFpL0Zxo8SmzVKsOJpTqXnU8f9jIn9lJ63PURhlZG4TOFKLnSvSnhn1ru_CSSsA0EHoakhs-igxvf5FMZmF8hPlfg1BxI5NbejssggHEEqB1cZqfWcBPOMtrONRebArUAVOGT7kUCsKIaOHE_P86rBSimv35Y57F4MZ5u9ovQ8PCkfFcJOIrqNr8B5YFmZby_CdGl6bqV8SpePMUgwLguOt57Fm3lKQ-5H76_e5P3Md79rxk5ifJjVG7ZjnCAUiU3E3bEUVVsAwWn-bBTsxV1HUuffxCNMxwjSgT0gGKjwhZph24qzu-lLDLhjn5l1kwK83ehfwwG_wVH_azq-3GjZILnyyLmlNMXHPmw09I6E9XtiwT6YKJzGwmwvM4sTDyLD3ndjep1T9P6Zg38uQdit_Uz6nLx-Dh1gUtUw6h9Y_bMiBc7OIArCgA1pDVhNB7jgMbjAXvaHv9IU5Yw-YkFEixu-zjRZg8YT5SflDTbij968kG4OVLXuG5ymp7SfxHJeEanlKsXeoUzSnmw3q9YIXtUps_rdyG5hJ1Kimzo47yMahbiIRk1w

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9853 42 B
64 B 57ms
57ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu0QolwXYG4iVHofGxVZNoLb4ii93MHvQjg8Lt8MdTpOlY2XELHRyl5Hvx0rtuR4cFb_CNL5fL2TRU6ok2KHkU4tgz_ENhGhDr8ks_sKBqC8JrgbAMkflyUg6CMBKXmJzkKEUn4gg&sai=AMfl-YQjvBDs7Ut2oXwib5QPMTDe-Z7VJDf_FAhFh-GIsmXxr57Tv03p9Ye_El1CNNtTsBj8WHoBrN3N93iB8TOhjfplsynygaJE_U8slBGYdc8Ak7QpcroZrG-VzBx15TYy_lDeYDGgEqcO2GbM&sig=Cg0ArKJSzGKkzSZYP-_VEAE&cid=CAQSSwBygQiDRVK-FklZgM0kvL6DsneNJPWSCHDGQ7ddpSfDs4SJcOVphwxgqsQN1kGpwVo3x73yoV_03AJOuUqwPlkIR8ePqDfHQW4nERgB&id=lidar2&mcvt=1033&p=835,982,1085,1282&mtos=1033,1033,1033,1033,1033&tos=1033,0,0,0,0&v=20230419&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=563525345&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1682264217377&rpt=501&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame D507 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 bg_lhs.jpg
s0.2mdn.net/sadbundle/3273998614920515497/ Frame D507 20 KB
20 KB 22ms
21ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/3273998614920515497/bg_lhs.jpg

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c0d674926591125b2533618175d1334d26f7704e3ac7fdec0d75f1497543c51d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=XuSBzysLFb&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 18:36:37 GMT
x-content-type-options: nosniff
age: 75621
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20627
x-xss-protection: 0
last-modified: Thu, 13 Apr 2023 09:20:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 18:36:37 GMT

GET
H3 200 Tekengebied_1_kopie_ren_4.png
s0.2mdn.net/sadbundle/3273998614920515497/ Frame D507 4 KB
4 KB 22ms
21ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/3273998614920515497/Tekengebied_1_kopie_ren_4.png

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8c31557e60941dc1626ba78570f96f5c2e496f14df3da2aa1df51e963e5a015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3273998614920515497/index.html?e=69&leftOffset=0&topOffset=0&c=XuSBzysLFb&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 20:17:04 GMT
x-content-type-options: nosniff
age: 69594
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4487
x-xss-protection: 0
last-modified: Thu, 13 Apr 2023 09:20:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 20:17:04 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 8DF0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELvUVPkvN3XCS314XUzJbko&google_cver=1

43 B
632 B

22ms
21ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELvUVPkvN3XCS314XUzJbko&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvoMhDRuDMYsL6EwQEwAQ&v=APEucNUfi2WsquV8Kz-qLjtXiRsOk9hnUBrv3MRvbwoauy-Xz62ebmB5zfE0icS9ufaSkRWQgwRPwL2AdORhiGerIzLNi8G_H0bki1orB9xcNDI9VyP7Dy6y1aODZRfDDWaKr6QjrqYqcotITCD27Mwr6t0a-3DuvbV3GXb8NOOytf55hh-ndgs
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 23 Apr 2023 15:36:59 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:58 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELvUVPkvN3XCS314XUzJbko&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 8DF0
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZEVQmcHOC-T7xfcHcdkozgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELvUVPkvN3XCS314XUzJbko&google_cver=1

43 B
632 B

31ms
31ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELvUVPkvN3XCS314XUzJbko&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvoMhDRuDMYsL6EwQEwAQ&v=APEucNUfi2WsquV8Kz-qLjtXiRsOk9hnUBrv3MRvbwoauy-Xz62ebmB5zfE0icS9ufaSkRWQgwRPwL2AdORhiGerIzLNi8G_H0bki1orB9xcNDI9VyP7Dy6y1aODZRfDDWaKr6QjrqYqcotITCD27Mwr6t0a-3DuvbV3GXb8NOOytf55hh-ndgs
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 23 Apr 2023 15:36:59 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELvUVPkvN3XCS314XUzJbko&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 8DF0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESELua7JghjYwsY1zXUYRl_p0&google_cver=1

43 B
1 KB

15ms
15ms

Image
image/gif

185.89.210.180
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESELua7JghjYwsY1zXUYRl_p0&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvoMhDRuDMYsL6EwQEwAQ&v=APEucNUfi2WsquV8Kz-qLjtXiRsOk9hnUBrv3MRvbwoauy-Xz62ebmB5zfE0icS9ufaSkRWQgwRPwL2AdORhiGerIzLNi8G_H0bki1orB9xcNDI9VyP7Dy6y1aODZRfDDWaKr6QjrqYqcotITCD27Mwr6t0a-3DuvbV3GXb8NOOytf55hh-ndgs

Protocol

HTTP/1.1

Server

185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 23 Apr 2023 15:36:59 GMT
AN-X-Request-Uuid: b8564c75-7745-490b-8677-a3c9541aa723
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 37.48.94.48; 37.48.94.48; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESELua7JghjYwsY1zXUYRl_p0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8DF0
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjUwMDYwMDE1MDQwOTQwNTY0Mw%3D%3D

170 B
188 B

46ms
46ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjUwMDYwMDE1MDQwOTQwNTY0Mw%3D%3D

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 23 Apr 2023 15:36:59 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 37.48.94.48; 37.48.94.48; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 42c28997-052c-452b-b05c-384ffec3b94c
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjUwMDYwMDE1MDQwOTQwNTY0Mw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 798A 0
20 B 58ms
58ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B-N04mVBFZJ3rLc-yx_APgZyeqAMAAAAAOAHgBAI&bg=!tLelt-PNAAYfNdXmPzU7ADkAdvg8WkZtySdMku5IE9Bvk1GpnVdSy-B8GAbuMA6ce8D1nuPZYz3n1Dtr-bvDRFK9UU4GlnKKB2MCAAAB8FIAAAADaAEHmQNFQEBw_cUdxYjnmcIesOx-x6vpGHALWx-4sD_om-ByR55rZjTgn11oeqBjVeBcLjt0sdBVJMHe861OqrQ_z2G09VkC-SRbwwcwVVtIm6T6zx7g5sACvAQeBEHVESWBAeHBWPdoWSY_Zpt2oBMHZXGyg2wL2w_yZ1VImVjcYh_nqJFDR5TsHdLzoNhxpseU6rtBGTTxR5_h63r2EDI13eKp0kz2Z9XaX4iYaa2L2mUdkD-OONsZFtjkYsvKPJYqzZqyl3dli5hN-2u5gJr6aCJrrMdBC12dboo_GELDVD1324v1w3w0RFnCklql9iUB2d1hsCuNkYM1vuTiPMcc4bdf3DB3JW3DNblSrYdW2Zaq4c6OKVVXxkvKE2M85XOCUhsAf4Ot0vuVNYwj5_7-pLV4bXSLmx8yUadeEq4qkjn3prjf3APvxFFfST2zMeE25GbuDbD7U6As6ocO2MJlLQE1iZel0XF0ErgTo78gsqMMOjG-Mg5Zoj26J4b5ajBooT-ExLySGZLi0tHjedtoSEiv5HfOkfBt1gRtQPjfw5SgfzHzwhwhAt_JGmgz6lYxHUE5H_yR0lhgezfAx-aPOL0MXj4vksZV58eLPXa7rgN63bNCnFlAE6ssYABL3Q9uypvQR1RLQ63_qYTTl0U2_6Odrm7lo00ncrmHo1Z_aOMX6TwZJxYAqZBu_IuXNfAD_N6tVSC2dYaANJ9EwuoRqvQkQVEpzMtGkRGtpo1IkP5Ptd3ouE0RtjOpNVTLrsENT2-ArnC2-YtL24_J6bxdm9Ry93R1HUJYk_V9rn_r0lGHCwx3rSG_1T5he_A8RuXv8ENtExffVYIiVeSrdLjg--ig6CNMy5PUzt2I8mYQeakYHfSlF7Aw-PC25Q6g4LPZOlUs3ZxO3RG7fVtPUyI6W6wM1S-iuT5LbnJ1jv0Nrp_rxUxvFp-rK2qbCEcApe2kZQQx2dTElO9U73DkPP37ZcqdwJ30txcSi-w-XMXVo_BC1Mtp9k4gMc_HZRVUcMJiydGMSOBWkwK8IqGW6DSnZYf2kKY4eKSXnewj9cEUhnd4qAZYu_7UpiBtXQn0aAydkXSwd3MnpWSz43YWqKPNb3M5Eh5ZITUs

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0BE6 0
20 B 53ms
53ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8792836532977&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0BE6 0
20 B 53ms
53ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8792836532977&version=m202301230201&ct=76&x=1&cor=12424547260197482000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0BE6 86 KB
36 KB 67ms
66ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A2NN_TIhuLxHO3R34xAc6QfTxFr50vOlplWsFH-1B2h6bDIHroghFan0Q-pntRUBMBkLs8MaYPjDzm5e1untziCM8ycX69UPiSygyArDi9DVyXvo68fodLFlWEoXK4yBDpPUqQVEN1psVf-z1UBovLcNCB2mNNZK7IsVkJRnteqb2dCy4&dbm_d=AKAmf-DLbK06gt4-YGD-sh-okIK3JYAoJNJ5KD_Htfq4LmBKC_ZMBCq-19gBpo7zRrt4oZ32zq-KSQ110fFFCOzU5y3FsHTA1qwuaEJrGvnnBcVQ6xeQa2l18DPn0XSoEjAm2fNjW_C6KrMFo8rEYopgZeDLwmyw0nDUMoYLySX-wYXUcjj1DOsXzSo8P3ZW1CMlJQfGPFfnxX7naMrXbCMwtpaZeY3AmTOlwxZqAcIrmg0PmfyZHXtWpYMd9juW9XXed0K6XpaH68RhkBiHjcVDCuLld6lypQ1Yc8QXtxT0uw4DImwWP-Hs0zdgmGjN6OsP2SKX9xUQzOFwe1sN_1LhNORFyrNKOgX9voXJliuzdBZ86nbPCO4ugluu49Hd862vCjdQZhww9_Z5XkcDlzLho2OuCuWZWhusEwT2nn-4m8_RYu3EKcr73Iv7bwBmphvIUuZY_JEhdcPWSiNCZu8NYmBUcGS4C2HJEIcpGnt7OjFd9hx8q0VS180Wzg4dW42X_NKuHR-ykaoeYxLHHuR3h003XI3cqouKCx0YuC3Bxk3d-E6Y5NwcNgfsfmrlG6sTSA6j8jrx5Ib50ZjyNSTSqLe1NWl_fAxjN6X-nA0Cgkw6pjB2CQ0_FARWU4W6VoT-_wD0ELGNX4xYOJTbRHW6nJonUihQQTNluPkoNc5ly5DVmBB2URFDUwzsXBGJutkZvEcO0dUYsKLclid9RT79Df4gRBDMspd7pJCoL2mIqYaxBxdi-DC9P93E1D8qNKq8WA6ReP-J-TsF_kBoTDIteI6YGC5HIOvprbAyb3xlaRZAqYqBQVVU-ZTyjAIxWAP1-g-caYjVaxi6DTH0YHjZoDVLOwBlgnFMZ2drELOHurc-WbY64s_1wldGK3y2PrudHUtDk1hp5Bv0sRY1sK679zBcqBMjENBwqT39mmuclj7fX7aq22jVUWu1bKqunyzfP1UNBgpiFMoWNrcuvLUedxAcHlUZCgnV8dR5ssE9wA8DHHVFZOb4iI4hZGOkZUBpxGxkUy7KebGovTnX7f4mS0FtRVyEd1FAzV9eN6sqycAWM4xOcg1TZHBvwWraLjzMxwIU_opMP2CPD_5fwGvBj6wbSNq4FAllZh-Ik8_e7WVEXP6Fue4YullkygFot2MQfuKc0SmZZtw0GfN9ZuTma6r_CJo3m7axIVkpYmpIn6Nu3CK1KG8L5Wig878SlLt1nRtNTz0Fl04whYLtunjJTJPts5D1zvacZLWt77Y7H9TzP5Axa_ZjWKAu4Klpzwk5HBb-HxVuNz5U-FsddRx7DBO7V4sjTi4OIHOwU0nYq2IQ2FUGWiyUVZCIq1QkfZc_pRTECFSXcv7bmZkHc68M59CYmsyne_Tzxx55GS1Wmc14d6bvliWaGEd0dh4fXxBGCSm-ajr1s4ck3Z2wJo2UzuZBPwnY4mW2xX8W6IzRRAERt828kC8K222KtxqkWhcwHl1-qZtIpozaN_t1PURU00V1Ah6mWLyYl5g25TeloyhSfrDWKyoJkQUndX7suUaLvtlD3vBZRljwJXVhU2HxCCy_oYpA5F3vlQgzTWo-kSIgGrd94L2INQinEvUtlQbhQUSgun7w1qPQSTEPmGjb0ITzOIcteUbj8hxEFG1AFoHSmL11InSBnu9lVs0W0_AK8mCTm4e5qV3G4rgXje_22-Wh7SXEWSpeesMzbsQ-5WTcHRboEPtHHsUSiLgP0kxttPy8uKHrpa6boc8lH9mEMMp0SpPZ3defWT7nXpLySLj5k9L4kXwu9Mf-j7tJzaDtpa-53iqMJPgtNAm3sbo1-MoRuuc-l8npH8gkemraCk44HcHQyuxCAdPneAgUIWtKq3sE0Ke40j6OTJ2Swkof5KiaaGvgnw6Xwd3v24J8PH8SzbuxklAgLI5gOwtGHIhX9zpnIBuuDq0sTkA3l51Stoi3BqwQ5qWZXDEe0_G14Wi9gXDDUW5tHajAt5nPjY4KwuqqbQVjD13_6kC13I_eqjUHxqq0HNPCWZByxiODX5mFKV-pt6VA9ODyZ46BZcYWy3h9cjpJS5rtsGV4iXP4Lo1x1bHduWsb0x5Zr-gu8xuAwPIxzfx3-np3WSEY0qXetQ7wUsPKrFnlRMMpNHa4p-wSfkMVR-IWD5WIE3d3wsIwCIQySiaOH6_I-qO-WFURFHIco6SWmxvQ5JlTNr29Y-MuSqOzhwpZVv4s95WW0Pvrq-klw6eetazcrVsg-uza061Kp_cgm-lQlvYOLjYX4typDpzJ5uxC8i-c-4KeOGiB_u5JSvL0zpbVSHN3bA77j7klaZ6QuNDAXKcAjyNOStVVXu0B4TSxM9DPd7oRdF3xRG329LGn77AHtUUK3UoVLaEJNFX8JMbYXFxt17Bs_Mx_P0oXVxJkGopjWyEpt_k__KDyS1TwdWDObOYoDjBRfzrgq5fuIt3HBMDKpuKTAePWw6QVZyrlw_RFgOP5fYH6oBYb9TJIHkdSDx6jJjH7E_Cc3Ah-4ela4cyQQA1lp_zWir8KOuha2hP9iPwQkVMqcrpZ7l1WyiZbkL988c348Kyqe6iH7FawXRTekTO-aIH2u4BvXQOhgTJmIkYF1LN7cNe8rBgghxygIw95e9SAHsB8in1XUq4fYRpjTOmxpQf18g29hwIZcc5mXa1IKBXJLDaNsI0prNlqBrPzCXONQ0QfiSxT7jtV5IlQ71CSqwRmMBK9fiG8L9TwP1typAfA0czG7yebIBp3P-iBr3Zb7p0qao2llg9XY1V5BWcuZo-VzWsUiXVdvo1XgNBuSzEOi8CmkdKwGDv8iX2651JJBqfIqDMxg7XlKcVbWuA_N9FHHSOX4Bl5rmtG427DpNQQMf-cv5olvVVAl0JQ2_s751eOcSrUEHRxHLf3lbdRFyMWWuBSltWEs7waAl72882NutufzIspQAMNxzJp3zUqiuQPyRKCmdZFKdNkIKfly3dKTa-0zO20cRQGNRtFvIzYc8IBAKZumUDiGyeY6i6FJA6q98I_ZnoYDmVl8jt10XuMxfjgGJReD1a50FaWTEA-eFqRNMVG-Q8Jass6ISaDdFDg7SKXzGOK38vYffUL4_DCvytV7m_Aeum3bHdEO2ZHoUKccez2O-IHb_NnZMnnbqp-HVXuIxSLASBz8lkcqMXxTWNISRtnRWLVYhKBfnPlQvkXrCKQ6ddlx1kgKM8cNZBu58SdmGamDnhbZBEtYDgfEOOLLyEfTs5hidYmzQHfW6d7gdVbpbSml-fVmnZLWbgT2TrBeRc_A2coKAOiWBFRRUY0xHW4lrj0ElrT3uwdoUaWhk_TIWr6WAQBOSLusL3GcV_ucVK5paEh4Ajwq_OIQN14hxApUNHjJe1UfBD4x-JJYfsjyLxfXoDX_xK8bniH50BJwZ3B0nzpNHQpzcOqVlWngtoyLlmrYjJpxN2pLfXcGOEyOFisPuCzgV_ELuTHPX79IlYQMWsRBIEoG2jk18aWKsdGVT7Ny0As0Z63es86vGk&cid=CAQSOwBygQiDyxQs3i8WdIJozgVFq-tdwGMRuUkjoDd4FePdvP3PY5LH1dh_cZm5vHdDuom8Ib5o6ksQpLzoGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.live4d2u.com%2F&ds=l&xdt=1&iif=1&cor=12424547260197482000&adk=943508955&idt=83&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0e0687e9a6abb0b2b03da5c05b5bba581b04c674bcea57d3e5ae5ba1074d89fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36651
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 9846 0
46 B 19ms
18ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~lgtkohsb&c=1477790042392&slotId=738895021196&qqid=CLTyzsiqwP4CFQjsUQodOzwG2A&umsem=0&ape=1&ple=0
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/d315a83c090742bf4ef57164693bd69c.js?tag=video_mra/web_raspberry_ms_cta_adjustment
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:59 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 0BE6 170 KB
59 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
Origin: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 11:36:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14440
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 24 Apr 2023 11:36:19 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230418/r20110914/elements/html/ Frame 0BE6 11 KB
4 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230418/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A2NN_TIhuLxHO3R34xAc6QfTxFr50vOlplWsFH-1B2h6bDIHroghFan0Q-pntRUBMBkLs8MaYPjDzm5e1untziCM8ycX69UPiSygyArDi9DVyXvo68fodLFlWEoXK4yBDpPUqQVEN1psVf-z1UBovLcNCB2mNNZK7IsVkJRnteqb2dCy4&dbm_d=AKAmf-DLbK06gt4-YGD-sh-okIK3JYAoJNJ5KD_Htfq4LmBKC_ZMBCq-19gBpo7zRrt4oZ32zq-KSQ110fFFCOzU5y3FsHTA1qwuaEJrGvnnBcVQ6xeQa2l18DPn0XSoEjAm2fNjW_C6KrMFo8rEYopgZeDLwmyw0nDUMoYLySX-wYXUcjj1DOsXzSo8P3ZW1CMlJQfGPFfnxX7naMrXbCMwtpaZeY3AmTOlwxZqAcIrmg0PmfyZHXtWpYMd9juW9XXed0K6XpaH68RhkBiHjcVDCuLld6lypQ1Yc8QXtxT0uw4DImwWP-Hs0zdgmGjN6OsP2SKX9xUQzOFwe1sN_1LhNORFyrNKOgX9voXJliuzdBZ86nbPCO4ugluu49Hd862vCjdQZhww9_Z5XkcDlzLho2OuCuWZWhusEwT2nn-4m8_RYu3EKcr73Iv7bwBmphvIUuZY_JEhdcPWSiNCZu8NYmBUcGS4C2HJEIcpGnt7OjFd9hx8q0VS180Wzg4dW42X_NKuHR-ykaoeYxLHHuR3h003XI3cqouKCx0YuC3Bxk3d-E6Y5NwcNgfsfmrlG6sTSA6j8jrx5Ib50ZjyNSTSqLe1NWl_fAxjN6X-nA0Cgkw6pjB2CQ0_FARWU4W6VoT-_wD0ELGNX4xYOJTbRHW6nJonUihQQTNluPkoNc5ly5DVmBB2URFDUwzsXBGJutkZvEcO0dUYsKLclid9RT79Df4gRBDMspd7pJCoL2mIqYaxBxdi-DC9P93E1D8qNKq8WA6ReP-J-TsF_kBoTDIteI6YGC5HIOvprbAyb3xlaRZAqYqBQVVU-ZTyjAIxWAP1-g-caYjVaxi6DTH0YHjZoDVLOwBlgnFMZ2drELOHurc-WbY64s_1wldGK3y2PrudHUtDk1hp5Bv0sRY1sK679zBcqBMjENBwqT39mmuclj7fX7aq22jVUWu1bKqunyzfP1UNBgpiFMoWNrcuvLUedxAcHlUZCgnV8dR5ssE9wA8DHHVFZOb4iI4hZGOkZUBpxGxkUy7KebGovTnX7f4mS0FtRVyEd1FAzV9eN6sqycAWM4xOcg1TZHBvwWraLjzMxwIU_opMP2CPD_5fwGvBj6wbSNq4FAllZh-Ik8_e7WVEXP6Fue4YullkygFot2MQfuKc0SmZZtw0GfN9ZuTma6r_CJo3m7axIVkpYmpIn6Nu3CK1KG8L5Wig878SlLt1nRtNTz0Fl04whYLtunjJTJPts5D1zvacZLWt77Y7H9TzP5Axa_ZjWKAu4Klpzwk5HBb-HxVuNz5U-FsddRx7DBO7V4sjTi4OIHOwU0nYq2IQ2FUGWiyUVZCIq1QkfZc_pRTECFSXcv7bmZkHc68M59CYmsyne_Tzxx55GS1Wmc14d6bvliWaGEd0dh4fXxBGCSm-ajr1s4ck3Z2wJo2UzuZBPwnY4mW2xX8W6IzRRAERt828kC8K222KtxqkWhcwHl1-qZtIpozaN_t1PURU00V1Ah6mWLyYl5g25TeloyhSfrDWKyoJkQUndX7suUaLvtlD3vBZRljwJXVhU2HxCCy_oYpA5F3vlQgzTWo-kSIgGrd94L2INQinEvUtlQbhQUSgun7w1qPQSTEPmGjb0ITzOIcteUbj8hxEFG1AFoHSmL11InSBnu9lVs0W0_AK8mCTm4e5qV3G4rgXje_22-Wh7SXEWSpeesMzbsQ-5WTcHRboEPtHHsUSiLgP0kxttPy8uKHrpa6boc8lH9mEMMp0SpPZ3defWT7nXpLySLj5k9L4kXwu9Mf-j7tJzaDtpa-53iqMJPgtNAm3sbo1-MoRuuc-l8npH8gkemraCk44HcHQyuxCAdPneAgUIWtKq3sE0Ke40j6OTJ2Swkof5KiaaGvgnw6Xwd3v24J8PH8SzbuxklAgLI5gOwtGHIhX9zpnIBuuDq0sTkA3l51Stoi3BqwQ5qWZXDEe0_G14Wi9gXDDUW5tHajAt5nPjY4KwuqqbQVjD13_6kC13I_eqjUHxqq0HNPCWZByxiODX5mFKV-pt6VA9ODyZ46BZcYWy3h9cjpJS5rtsGV4iXP4Lo1x1bHduWsb0x5Zr-gu8xuAwPIxzfx3-np3WSEY0qXetQ7wUsPKrFnlRMMpNHa4p-wSfkMVR-IWD5WIE3d3wsIwCIQySiaOH6_I-qO-WFURFHIco6SWmxvQ5JlTNr29Y-MuSqOzhwpZVv4s95WW0Pvrq-klw6eetazcrVsg-uza061Kp_cgm-lQlvYOLjYX4typDpzJ5uxC8i-c-4KeOGiB_u5JSvL0zpbVSHN3bA77j7klaZ6QuNDAXKcAjyNOStVVXu0B4TSxM9DPd7oRdF3xRG329LGn77AHtUUK3UoVLaEJNFX8JMbYXFxt17Bs_Mx_P0oXVxJkGopjWyEpt_k__KDyS1TwdWDObOYoDjBRfzrgq5fuIt3HBMDKpuKTAePWw6QVZyrlw_RFgOP5fYH6oBYb9TJIHkdSDx6jJjH7E_Cc3Ah-4ela4cyQQA1lp_zWir8KOuha2hP9iPwQkVMqcrpZ7l1WyiZbkL988c348Kyqe6iH7FawXRTekTO-aIH2u4BvXQOhgTJmIkYF1LN7cNe8rBgghxygIw95e9SAHsB8in1XUq4fYRpjTOmxpQf18g29hwIZcc5mXa1IKBXJLDaNsI0prNlqBrPzCXONQ0QfiSxT7jtV5IlQ71CSqwRmMBK9fiG8L9TwP1typAfA0czG7yebIBp3P-iBr3Zb7p0qao2llg9XY1V5BWcuZo-VzWsUiXVdvo1XgNBuSzEOi8CmkdKwGDv8iX2651JJBqfIqDMxg7XlKcVbWuA_N9FHHSOX4Bl5rmtG427DpNQQMf-cv5olvVVAl0JQ2_s751eOcSrUEHRxHLf3lbdRFyMWWuBSltWEs7waAl72882NutufzIspQAMNxzJp3zUqiuQPyRKCmdZFKdNkIKfly3dKTa-0zO20cRQGNRtFvIzYc8IBAKZumUDiGyeY6i6FJA6q98I_ZnoYDmVl8jt10XuMxfjgGJReD1a50FaWTEA-eFqRNMVG-Q8Jass6ISaDdFDg7SKXzGOK38vYffUL4_DCvytV7m_Aeum3bHdEO2ZHoUKccez2O-IHb_NnZMnnbqp-HVXuIxSLASBz8lkcqMXxTWNISRtnRWLVYhKBfnPlQvkXrCKQ6ddlx1kgKM8cNZBu58SdmGamDnhbZBEtYDgfEOOLLyEfTs5hidYmzQHfW6d7gdVbpbSml-fVmnZLWbgT2TrBeRc_A2coKAOiWBFRRUY0xHW4lrj0ElrT3uwdoUaWhk_TIWr6WAQBOSLusL3GcV_ucVK5paEh4Ajwq_OIQN14hxApUNHjJe1UfBD4x-JJYfsjyLxfXoDX_xK8bniH50BJwZ3B0nzpNHQpzcOqVlWngtoyLlmrYjJpxN2pLfXcGOEyOFisPuCzgV_ELuTHPX79IlYQMWsRBIEoG2jk18aWKsdGVT7Ny0As0Z63es86vGk&cid=CAQSOwBygQiDyxQs3i8WdIJozgVFq-tdwGMRuUkjoDd4FePdvP3PY5LH1dh_cZm5vHdDuom8Ib5o6ksQpLzoGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.live4d2u.com%2F&ds=l&xdt=1&iif=1&cor=12424547260197482000&adk=943508955&idt=83&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d95ea547b0974a09d61104fa136f5eb6973466b6358fb06d997cc7f20ee71b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 16:58:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81532
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4123
x-xss-protection: 0
server: cafe
etag: 4541610132340792384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 May 2023 16:58:07 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230418/r20110914/ Frame 0BE6 28 KB
11 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230418/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fcaaacbe09be7babfecfbcad09df9c01257b0ea95ee996105d6756ba75f41aa3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 20:11:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 69924
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10768
x-xss-protection: 0
server: cafe
etag: 11141491900784070631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 May 2023 20:11:35 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/13771070629071542653/ Frame B75A 21 KB
4 KB 29ms
29ms Document
text/html 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d44342b604d0e5f355687d4ab91e08157c778a9c457ce21439bd4a53940956eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sun, 23 Apr 2023 15:36:59 GMT
expires: Mon, 22 Apr 2024 15:36:59 GMT
last-modified: Tue, 06 Apr 2021 17:43:28 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0BE6 0
0 67ms
66ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstvGENQxu3Jvb5udQ7gzqarCMNKre_VjnRSsj_Tk4GRHZjwyINUqcG71IRgtjWuMXormb5D8AbNKXOXIoPIJBSDt6ZTKn9FhJdxTRWSVhz2CyNbrszJTWuMjQqJEtvvMMZDPpoC8UowNDjkwNRK2GadOPD9Q18C5hhJRNQmq8BHz-5zNQC6khS9-kwToW5NNCPVCtIg36HqMzgqQIHu4pILTgEq1vyvNK-da8TN6t1r1aYYDVa4SrNDXokBHyZPwaP0osrbQEfVS2-JpFtdFdp8xT3TRKXfLkaF4MMdWbkuHrYn07G64KcpXJtEvetO9vgCaVYQtfC-2qG9kSiM868tDlIVJ_bb3zYBsglzkrGgkIa3eBZ44rTDDf0tbnqYT9DBIdGyZGPvFllwrc47wtSOqyNekvmBiVzoyr2BNi_WJxtAUhg4rGwLOe6wy1FPXAwSl6SaXKgx_6061kx9UzXtyNcQg5G9ZKRMx2bsAg_oECETPQHK9JrVM41PTGPmpWsdCNB5m1Uj8rscVXBhWgpDrzqVNGqx30IO0kb955ja9FQkziV1pm2hhVjHdm4aBFZus88Pq_IMse9Ffc4wf60EKrniNlG0SALJnRE1WGw6sySRbmPlYH0e6fwYfzXAkuAjjAa6yazJ7NBuTw3i68itWK5GvVN69Kfic55TGVl70HJShrHbd7rq16DZP3gPFm0wOQNptyO2gqZ0P5hi7WVcpKSGjudugXKig01YfnDw3lBkafnPcHekidyoVzOtVUH4Mu5L-tPfngsl31XJwE-pQonOqHe2knLo7Y0Ay6e-OEzWXZdY5-P6vBraHTPT8rx6tQdll0MfSbG5aPBkcVs8dg0rjxeS_MHY1gyoawEfnCyfHYvx5QiJ5bmTP2flCcxu17lnPxblvG5TPjSDjeorNiSSB-vk4CjcVELStyVM0AteEI9xX4eeGJ3NAzAErqpDDNvK0uKORB4vnNglpJUhUNYlZM6zaWCUqPrOPJIYhbQJdon0Opdz5fDbwn4aH2oqNs_GRBvxz-UjoDxMxwoKFD2DZGXx_KIiUVbDeOF7I3sbd-jwVpIx1z3HsooDDvHIisOnMuA28pvfWT-KQTq4D9ReevuDiSdWt9aBWV0WVdNMK7YyfMQirm8v7ufaqhLfaNIW1Vjamy6YqzSUI3wGPo6QhEOpeNm-Hh0DLvFVs71zOd26eznPbfAJtdlnFCyywsSZwC9cfuD5vhQKT1YinNcDIYNcyFnUkvyxRq0pbshLg8Y0NJFBA0xhLzCHUXgddUXejQwlRH_DKq0p9jpc6TFQtBZtsKS28NLmny7mGMg3xdkqdjdOQON3kn4LdE6WUKsXDK5ZaZReJyRmdZ7mPVTRZ9mmpKi3ZTw0uCUOYEk&sai=AMfl-YRiipN0X3K5h32xTxcTjdWRUqAfUb6vOaQkrue0Pm9abM_OwzY582MWPS5X7bykiIoE2qjK2omEK7FyOGaucksc3a34fbODvX7fZaCx5QpxngQS4akIykCOju2eukqcAr67QNDsjCTxfK6WjZk3UlLTDX3RxDc0ExNB4YTvUf_5SYN4yzYRlSUtfOrgRnY0kMp0IyR__17IjGToqtMBCAoUrbmY-5nXYWlbsR4OcBJdzwLwqUfjv7pxlCrnqbmhiHsG&sig=Cg0ArKJSzO0hK75AUroQEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=78&cbvp=1&cstd=75&cisv=r20230418.49083&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 23 Apr 2023 15:36:59 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sun, 23 Apr 2023 15:36:59 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 0BE6 41 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 06:02:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 120897
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 06:02:02 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame C61D 1 KB
643 B 20ms
20ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

age: 74194
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 19:00:25 GMT
etag: 48472445140208031
expires: Sun, 23 Apr 2023 19:00:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0BE6 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1e6610370bd559a32ad514fb266b9383bb0bdf0c6de6795dc8d672375d3b812

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 gwdpage_style.css
s0.2mdn.net/sadbundle/13771070629071542653/ Frame B75A 55 B
103 B 37ms
32ms Stylesheet
text/css 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13771070629071542653/gwdpage_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2afb3cf38deea01d461f29b961c8aab0da4f121a84a9c843f49dc7cced99b6a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:00:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 210964
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 17:43:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 20 Apr 2024 05:00:55 GMT

GET
H3 200 gwdpagedeck_style.css
s0.2mdn.net/sadbundle/13771070629071542653/ Frame B75A 731 B
271 B 39ms
34ms Stylesheet
text/css 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13771070629071542653/gwdpagedeck_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3974624ff80521dbd81d3ed32f8ec10c7baef11c272f46626a6284538e90e44b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 05:06:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37802
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 234
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 17:43:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Apr 2024 05:06:57 GMT

GET
H3 200 gwdimage_style.css
s0.2mdn.net/sadbundle/13771070629071542653/ Frame B75A 281 B
187 B 34ms
29ms Stylesheet
text/css 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13771070629071542653/gwdimage_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d3251d937d209def48e958bfeec683ca39dc0f15eb22f99bc3e7035995cd552

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 05:03:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38017
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 158
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 17:43:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Apr 2024 05:03:22 GMT

GET
H3 200 gwdtaparea_style.css
s0.2mdn.net/sadbundle/13771070629071542653/ Frame B75A 157 B
144 B 36ms
31ms Stylesheet
text/css 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13771070629071542653/gwdtaparea_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20160b923de864cdf44fa26bfd6281a9e0aba7eb800fac86804d9a41a93c2394

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:06:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 210658
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 115
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 17:43:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 20 Apr 2024 05:06:01 GMT

GET
H3 200 gwdattached_style.css
s0.2mdn.net/sadbundle/13771070629071542653/ Frame B75A 26 B
74 B 35ms
30ms Stylesheet
text/css 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13771070629071542653/gwdattached_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fffa14e9a3c576087a9202af54e8f11669f29c37617df0c6f728ca24d95f60bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 17:18:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80312
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 17:43:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 17:18:27 GMT

GET
H3 200 gwdgooglead_style.css
s0.2mdn.net/sadbundle/13771070629071542653/ Frame B75A 24 B
72 B 33ms
28ms Stylesheet
text/css 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13771070629071542653/gwdgooglead_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e52ad60cf8269c44381d5e0833e69b9b8f3b9f9346b7066b1dc5a52b390feedc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 05:03:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38017
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 17:43:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Apr 2024 05:03:22 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame B75A 4 KB
645 B 50ms
45ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700|Roboto

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

12a3831e778d8969aad8052ad463f9ecc63745c97c994c4e8b15c04e46f49b39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 23 Apr 2023 15:36:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 23 Apr 2023 15:06:38 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 23 Apr 2023 15:36:59 GMT

GET
H3 200 gwd_webcomponents_v1_min.js Show response
s0.2mdn.net/sadbundle/13771070629071542653/ Frame B75A 22 KB
7 KB 37ms
32ms Script
application/x-javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13771070629071542653/gwd_webcomponents_v1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9a33ec776768fa334c72f00a352a3a846b0e12c556f8cfc45a28bbac0a9bbab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 18:12:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77090
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6662
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 17:43:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 18:12:09 GMT

GET
H3 200 googbase_min.js Show response
s0.2mdn.net/sadbundle/13771070629071542653/ Frame B75A 247 B
229 B 36ms
31ms Script
application/x-javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13771070629071542653/googbase_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

503621190c75700c18c84fd3ec0977bf31b083d66e331d1009bb9cd17cdb85da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 18:33:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75794
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 196
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 17:43:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 18:33:45 GMT

GET
H3 200 gwdpage_min.js Show response
s0.2mdn.net/sadbundle/13771070629071542653/ Frame B75A 3 KB
1 KB 36ms
32ms Script
application/x-javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13771070629071542653/gwdpage_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

257c9947bb8a45c4a0519f4ddc8769ecc7f889e268a046b0f05c17dfc7912eee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 17:27:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79797
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1306
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 17:43:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 17:27:02 GMT

GET
H3 200 gwdpagedeck_min.js Show response
s0.2mdn.net/sadbundle/13771070629071542653/ Frame B75A 9 KB
3 KB 36ms
32ms Script
application/x-javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13771070629071542653/gwdpagedeck_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f8824550d66192669812c7d9ae059153bba3451b9df24f438336093106199fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 05:03:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38017
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3316
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 17:43:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Apr 2024 05:03:22 GMT

GET
H3 200 Enabler_01_242.js Show response
s0.2mdn.net/879366/ Frame B75A 107 KB
37 KB 43ms
38ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_242.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7effa4abb1004ac11058d1fc73b1ebb9cbf993bc96dd96be50ba81ba895bd69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 17:37:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79191
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37452
x-xss-protection: 0
last-modified: Thu, 06 Feb 2020 15:49:50 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Apr 2023 17:37:08 GMT

GET
H3 200 gwdimage_min.js Show response
s0.2mdn.net/sadbundle/13771070629071542653/ Frame B75A 5 KB
2 KB 37ms
33ms Script
application/x-javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13771070629071542653/gwdimage_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e4b576d6a9386565d76626c0f705638f30b178aea840ab41d4ef06e3be10238

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 18:12:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77090
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2002
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 17:43:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 18:12:09 GMT

GET
H3 200 gwdtaparea_min.js Show response
s0.2mdn.net/sadbundle/13771070629071542653/ Frame B75A 5 KB
2 KB 39ms
35ms Script
application/x-javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13771070629071542653/gwdtaparea_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d30cb8c727c9036e31d47a5b07929fe79bf74a0f49a0e0d039a54d783139c37d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 06:07:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 120586
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2096
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 17:43:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 06:07:13 GMT

GET
H3 200 gwd-events-support.1.0.js Show response
s0.2mdn.net/sadbundle/13771070629071542653/ Frame B75A 5 KB
1 KB 40ms
35ms Script
application/x-javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13771070629071542653/gwd-events-support.1.0.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97cdf067606c37c831a54b3ffc71cafb94ff1f4db84a1ba620b2e9e43cc1084d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 05:00:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 210964
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1215
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 17:43:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 20 Apr 2024 05:00:55 GMT

GET
H3 200 gwdattached_min.js Show response
s0.2mdn.net/sadbundle/13771070629071542653/ Frame B75A 1 KB
624 B 46ms
42ms Script
application/x-javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13771070629071542653/gwdattached_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b1b78dc0bec6c4c5e65036a6d67c15a91ae2fc807f61ddab5ddccc3483cb9c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 05:14:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 296568
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 587
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 17:43:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 19 Apr 2024 05:14:11 GMT

GET
H3 200 gwdtexthelper_min.js Show response
s0.2mdn.net/sadbundle/13771070629071542653/ Frame B75A 7 KB
3 KB 45ms
40ms Script
application/x-javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13771070629071542653/gwdtexthelper_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6e5ce3d445492935371c45cadaad6cf91382180fa9cb2d6e75bac3a7d88f3c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 05:03:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38017
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2850
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 17:43:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Apr 2024 05:03:22 GMT

GET
H3 200 gwdgooglead_min.js Show response
s0.2mdn.net/sadbundle/13771070629071542653/ Frame B75A 14 KB
4 KB 40ms
36ms Script
application/x-javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13771070629071542653/gwdgooglead_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71845dab85643db96df7504da7ef22381a632340afd99b87bef88709b171afda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 17:27:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79797
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4516
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 17:43:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 17:27:02 GMT

GET
H3 200 gwdgpadataprovider_min.js Show response
s0.2mdn.net/sadbundle/13771070629071542653/ Frame B75A 3 KB
1 KB 37ms
33ms Script
application/x-javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13771070629071542653/gwdgpadataprovider_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fabe68b63d6140786250c4aa8afb26bd1d69d2b7af3527be611e3e70ed2ff6f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 05:03:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38017
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1285
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 17:43:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Apr 2024 05:03:22 GMT

GET
H3 200 gwddatabinder_min.js Show response
s0.2mdn.net/sadbundle/13771070629071542653/ Frame B75A 5 KB
2 KB 37ms
33ms Script
application/x-javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13771070629071542653/gwddatabinder_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f94da61df33854f21c6df7a5ef4574368905bd23ac88229b69478bf87ea4a84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13771070629071542653/index.html?e=69&leftOffset=0&topOffset=0&c=9k7US48isT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 06:29:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119233
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2320
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 17:43:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 21 Apr 2024 06:29:46 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8D1B 22 KB
8 KB 20ms
20ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 60948
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 22:41:11 GMT
expires: Sun, 21 Apr 2024 22:41:11 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C61D
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGv7RXEk7zrqDWiX_AyDy1c&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGv7RXEk7zrqDWiX_AyDy1c&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=eGc3dXhPTEoxUFFCTFI1&google_gid=CAESEGv7RXEk7zrqDWiX_AyDy1c&google_cver=1&google_push=Aer7DvI_HuZlSDqQ-O7rV-AeAC_17J6RMGeF5MTPD1QiykE...

170 B
188 B

41ms
40ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=eGc3dXhPTEoxUFFCTFI1&google_gid=CAESEGv7RXEk7zrqDWiX_AyDy1c&google_cver=1&google_push=Aer7DvI_HuZlSDqQ-O7rV-AeAC_17J6RMGeF5MTPD1QiykELmd034ShK-HIlRafdvCMIc08oag6UkrnwewZ16JgHtcIXpNkWwjuv

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 23 Apr 2023 15:36:59 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-775-g5f74e41#rel-ec2-master i-0bdcd692e53b93ca1@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=eGc3dXhPTEoxUFFCTFI1&google_gid=CAESEGv7RXEk7zrqDWiX_AyDy1c&google_cver=1&google_push=Aer7DvI_HuZlSDqQ-O7rV-AeAC_17J6RMGeF5MTPD1QiykELmd034ShK-HIlRafdvCMIc08oag6UkrnwewZ16JgHtcIXpNkWwjuv
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C61D
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEF1lzOj7VWS2LK2OMU8u_pw&google_cver=1&google_push=Aer7DvIi7yf17TFhHPxWHrcObRfd_t46vbZRk7hl5LjXr-yMQlHAHwKzwvGQLWu1PI1yAccQbrprIeNIft5NZjtC4YZv...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEF1lzOj7VWS2LK2OMU8u_pw&google_cver=1&google_push=Aer7DvIi7yf17TFhHPxWHrcObRfd_t46vbZRk7hl5LjXr-yMQlHAHwKzwvGQLWu1PI1yAccQbrprIeNIft5NZj...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aer7DvIi7yf17TFhHPxWHrcObRfd_t46vbZRk7hl5LjXr-yMQlHAHwKzwvGQLWu1PI1yAccQbrprIeNIft5NZjtC4YZvclaYj_UZ&google_hm=tco_1oDRR8ifBr-AwX9u1w==

170 B
188 B

43ms
42ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aer7DvIi7yf17TFhHPxWHrcObRfd_t46vbZRk7hl5LjXr-yMQlHAHwKzwvGQLWu1PI1yAccQbrprIeNIft5NZjtC4YZvclaYj_UZ&google_hm=tco_1oDRR8ifBr-AwX9u1w==

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aer7DvIi7yf17TFhHPxWHrcObRfd_t46vbZRk7hl5LjXr-yMQlHAHwKzwvGQLWu1PI1yAccQbrprIeNIft5NZjtC4YZvclaYj_UZ&google_hm=tco_1oDRR8ifBr-AwX9u1w==
date: Sun, 23 Apr 2023 15:36:59 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C61D
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=6M1tIA7LTv2VfhdjtvHhPw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

53ms
42ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=6M1tIA7LTv2VfhdjtvHhPw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aer7DvIn9q_YqXAngy9jxiHl915Hb5PR08h9RRHrw9bsfDI_iH0l1YhkFVBnTcIW7NyPZnKNZq9p1yu1MqWitOXVlspzJM2VTQvl

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=6M1tIA7LTv2VfhdjtvHhPw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aer7DvIn9q_YqXAngy9jxiHl915Hb5PR08h9RRHrw9bsfDI_iH0l1YhkFVBnTcIW7NyPZnKNZq9p1yu1MqWitOXVlspzJM2VTQvl
date: Sun, 23 Apr 2023 15:36:59 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C61D
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJ0HtupVsMb2ygETqL3f7AM&google_cver=1&google_push=Aer7DvIDh3hGhjeqKqW3yy900o0KKUN3_HKau7enxzsQaFJN-i_swL0fqrNFO6j2PP7WxaScf9n...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEdUS09KN0ktMUUtQ1NQRA==&google_push=Aer7DvIDh3hGhjeqKqW3yy900o0KKUN3_HKau7enxzsQaFJN-i_swL0fqrNFO6j2PP7WxaScf9nvmL8Op7kbOZxRnTWZ-b2oPXNS

170 B
188 B

54ms
43ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEdUS09KN0ktMUUtQ1NQRA==&google_push=Aer7DvIDh3hGhjeqKqW3yy900o0KKUN3_HKau7enxzsQaFJN-i_swL0fqrNFO6j2PP7WxaScf9nvmL8Op7kbOZxRnTWZ-b2oPXNS

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEdUS09KN0ktMUUtQ1NQRA==&google_push=Aer7DvIDh3hGhjeqKqW3yy900o0KKUN3_HKau7enxzsQaFJN-i_swL0fqrNFO6j2PP7WxaScf9nvmL8Op7kbOZxRnTWZ-b2oPXNS
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: cc9654c54e9aa67bf2b10be1073297a8
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C61D
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESENxpvYTs2aejo2s2dEbz0Mc&google_cver=1&google_push=Aer7DvIf3SG-p0JhbUG32txqiYpbB2lOfMc-fRPuAUirmo-utYKlUKHb2e27aHwfZ-EyDPKmMrDaYVUj9QMkOoJ-f...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESENxpvYTs2aejo2s2dEbz0Mc&google_cver=1&google_push=Aer7DvIf3SG-p0JhbUG32txqiYpbB2lOfMc-fRPuAUirmo-utYKlUKHb2e27aHwfZ-EyDPKmMrDaYVUj9QMkOoJ-f...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aer7DvIf3SG-p0JhbUG32txqiYpbB2lOfMc-fRPuAUirmo-utYKlUKHb2e27aHwfZ-EyDPKmMrDaYVUj9QMkOoJ-f54_Me_Y8kOk&google_hm=Gh4osGZH7IYlRhJQTjuRBmQr

170 B
188 B

44ms
43ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aer7DvIf3SG-p0JhbUG32txqiYpbB2lOfMc-fRPuAUirmo-utYKlUKHb2e27aHwfZ-EyDPKmMrDaYVUj9QMkOoJ-f54_Me_Y8kOk&google_hm=Gh4osGZH7IYlRhJQTjuRBmQr

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 23 Apr 2023 15:36:59 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aer7DvIf3SG-p0JhbUG32txqiYpbB2lOfMc-fRPuAUirmo-utYKlUKHb2e27aHwfZ-EyDPKmMrDaYVUj9QMkOoJ-f54_Me_Y8kOk&google_hm=Gh4osGZH7IYlRhJQTjuRBmQr
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame C61D 0
75 B 242ms
22ms Image
text/plain 185.86.138.155
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESECpsekLZOh2Nh2VtI-jF_4w&google_cver=1&google_push=Aer7DvKo7lqWyY2nD88N9mwtOO-7vG4Hz9rxXjsBGhKq8NyKyUGCbYld2A81R5zLpc8gwXw5E0IRO6lxnMe924sP41Rf6AH-Xt59
Requested by: Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.155 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:58 GMT
content-length: 0

GET
H2

200

/
onetag-sys.com/match/ Frame C61D
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEMA_j00mtatFqRw4JG5J5bE&google_cver=1&google_push=Aer7DvIXJ1kkcZffW1A6_lSwA8KXNhCrfspX85MzgntuS4KlYmf808cRA9NSwjYAC5XOkLWh2w3w63u4UBd...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aer7DvIXJ1kkcZffW1A6_lSwA8KXNhCrfspX85MzgntuS4KlYmf808cRA9NSwjYAC5XOkLWh2w3w63u4UBdjh1UO92GmKNkiyK6Gzw
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

22ms
22ms

Image
text/plain

51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame C61D 0
12 B 40ms
39ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K8zVkhrU2Z0OiBX_Z0Rc3xs5FP5n5zQV9DIjTt_leme7ffE2NK8kOhlkj_UA-3a-ZgS6NUlA

Requested by

Host: a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
URL: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:59 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F818 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=197553942103&version=m202301230201&ct=76&x=1&cor=6689856002831847000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9853 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=87128995749&version=m202301230201&ct=76&x=1&cor=11522231580715979000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame B75A 15 KB
16 KB 35ms
19ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700|Roboto

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 17:04:15 GMT
x-content-type-options: nosniff
age: 81164
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 17:04:15 GMT

GET
H3 200 FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js Show response
pagead2.googlesyndication.com/bg/ Frame 8D1B 36 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15e6712bec4c5346c30a338c6e89046998e0eaf53cc5a4b6e1bc922c3779b5e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 13:47:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 265742
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14264
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 14:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Apr 2024 13:47:57 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0BE6 0
0 58ms
58ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstvGENQxu3Jvb5udQ7gzqarCMNKre_VjnRSsj_Tk4GRHZjwyINUqcG71IRgtjWuMXormb5D8AbNKXOXIoPIJBSDt6ZTKn9FhJdxTRWSVhz2CyNbrszJTWuMjQqJEtvvMMZDPpoC8UowNDjkwNRK2GadOPD9Q18C5hhJRNQmq8BHz-5zNQC6khS9-kwToW5NNCPVCtIg36HqMzgqQIHu4pILTgEq1vyvNK-da8TN6t1r1aYYDVa4SrNDXokBHyZPwaP0osrbQEfVS2-JpFtdFdp8xT3TRKXfLkaF4MMdWbkuHrYn07G64KcpXJtEvetO9vgCaVYQtfC-2qG9kSiM868tDlIVJ_bb3zYBsglzkrGgkIa3eBZ44rTDDf0tbnqYT9DBIdGyZGPvFllwrc47wtSOqyNekvmBiVzoyr2BNi_WJxtAUhg4rGwLOe6wy1FPXAwSl6SaXKgx_6061kx9UzXtyNcQg5G9ZKRMx2bsAg_oECETPQHK9JrVM41PTGPmpWsdCNB5m1Uj8rscVXBhWgpDrzqVNGqx30IO0kb955ja9FQkziV1pm2hhVjHdm4aBFZus88Pq_IMse9Ffc4wf60EKrniNlG0SALJnRE1WGw6sySRbmPlYH0e6fwYfzXAkuAjjAa6yazJ7NBuTw3i68itWK5GvVN69Kfic55TGVl70HJShrHbd7rq16DZP3gPFm0wOQNptyO2gqZ0P5hi7WVcpKSGjudugXKig01YfnDw3lBkafnPcHekidyoVzOtVUH4Mu5L-tPfngsl31XJwE-pQonOqHe2knLo7Y0Ay6e-OEzWXZdY5-P6vBraHTPT8rx6tQdll0MfSbG5aPBkcVs8dg0rjxeS_MHY1gyoawEfnCyfHYvx5QiJ5bmTP2flCcxu17lnPxblvG5TPjSDjeorNiSSB-vk4CjcVELStyVM0AteEI9xX4eeGJ3NAzAErqpDDNvK0uKORB4vnNglpJUhUNYlZM6zaWCUqPrOPJIYhbQJdon0Opdz5fDbwn4aH2oqNs_GRBvxz-UjoDxMxwoKFD2DZGXx_KIiUVbDeOF7I3sbd-jwVpIx1z3HsooDDvHIisOnMuA28pvfWT-KQTq4D9ReevuDiSdWt9aBWV0WVdNMK7YyfMQirm8v7ufaqhLfaNIW1Vjamy6YqzSUI3wGPo6QhEOpeNm-Hh0DLvFVs71zOd26eznPbfAJtdlnFCyywsSZwC9cfuD5vhQKT1YinNcDIYNcyFnUkvyxRq0pbshLg8Y0NJFBA0xhLzCHUXgddUXejQwlRH_DKq0p9jpc6TFQtBZtsKS28NLmny7mGMg3xdkqdjdOQON3kn4LdE6WUKsXDK5ZaZReJyRmdZ7mPVTRZ9mmpKi3ZTw0uCUOYEk&sai=AMfl-YRiipN0X3K5h32xTxcTjdWRUqAfUb6vOaQkrue0Pm9abM_OwzY582MWPS5X7bykiIoE2qjK2omEK7FyOGaucksc3a34fbODvX7fZaCx5QpxngQS4akIykCOju2eukqcAr67QNDsjCTxfK6WjZk3UlLTDX3RxDc0ExNB4YTvUf_5SYN4yzYRlSUtfOrgRnY0kMp0IyR__17IjGToqtMBCAoUrbmY-5nXYWlbsR4OcBJdzwLwqUfjv7pxlCrnqbmhiHsG&sig=Cg0ArKJSzO0hK75AUroQEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=413&vt=11&dtpt=335&dett=3&cstd=75&cisv=r20230418.49083&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 23 Apr 2023 15:36:59 GMT

OPTIONS
H2 200 custom
upskittyan.com/ Frame 0
0 14ms
14ms Preflight
text/plain 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://upskittyan.com/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.live4d2u.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.live4d2u.com
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Sun, 23 Apr 2023 15:36:59 GMT
server: nginx

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 72ms
71ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202304180101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abcaa4cbf0d517e1dae42fdc14d75406f06d8401e3394d07cd5963c019a65bdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11083
x-xss-protection: 0

POST
H2 200 custom Show response
upskittyan.com/ 39 B
327 B 15ms
15ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://upskittyan.com/custom

Requested by

Host: www.live4d2u.com
URL: https://www.live4d2u.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.live4d2u.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: da0688a4c4b395c4bef0311b8b4c11a0
date: Sun, 23 Apr 2023 15:36:59 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.live4d2u.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 39

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1FCA 42 B
64 B 58ms
58ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss_Xyv8Bfk1P6HTfZsR8pAziyGTk588c2Lu1BL4IdJ8MwXTFibT9HbMuOssZlR2EWRWLKS1Xj3UZHE_RfcNO-U8xfUGttQhH3zIZhi3JaRy8-jRXJzCVNe1PKxW5OalKz0ZdE0zXg&sai=AMfl-YRA0qr1p261nfzduMUyy9SyTF6UBCQctyKgW_hWiAUDzptwLyD7ZfzDW2dPWGYzs6Bwd2bNCY8upDoA&sig=Cg0ArKJSzGW0DOWbLJ7FEAE&cid=CAQSGwBygQiDv5jW7dFmxxQx62nw4Gyf2pg9E5ZFKhgB&id=lidar2&mcvt=1033&p=0,0,124,1005&mtos=255,896,1033,1033,1033&tos=255,641,137,0,0&v=20230419&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1682264217955&rpt=546&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6516 42 B
64 B 58ms
58ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst581dj-2CB4SqKD-xoXauQDAX7Fb0IOU8V-fNI6bNdmFSIjGROCt9RtqqdwjyX_shUNC8HT4fAGxq4SQ2yYJ0ZQjpWNvtUIXsXP03bwQx_332rdr26k1hcmXhyVsBI1sqeHvufew&sai=AMfl-YS6RZwQWxXE6HWpBfktMJ101z8uAXQ40VDGMr3iJkgHaKFFQ6fJi9VtoANOl-RS4BtzVfREZOMoBh9k&sig=Cg0ArKJSzChyZKbJsX6KEAE&cid=CAQSGwBygQiDv5jW7dFmxxQx62nw4Gyf2pg9E5ZFKhgB&id=lidar2&mcvt=1034&p=0,0,600,160&mtos=1034,1034,1034,1034,1034&tos=1034,0,0,0,0&v=20230419&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1682264217953&rpt=375&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A44C 42 B
64 B 58ms
57ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstEGZPqstAd-zpGSkhvMR2dd2IGXUJMf5TVW2cTIfRD_82rxTg7y1LtvS9J-2OizkoCaXY5yxvekvpAsZOro3c-TcbQCCQ2u2IuKYa5maP29QOeI2iv-ZP5gPCh5KpJkr7MgK9BFAAim41ji3iQPmPW8U0QtzOjC0oMCEELLhsX-jhtUO_dApvZnGanezAEYmZ9NP_hE1GsCC5sf8d4J-5jwqYQSq1UrjXfWHg2VTyVAEhuqIo8YfgKqlIAnLIb63ENuVycNLcNNOZ_r8oANffWPayj3OTFTaXLSQpzTg0Vi2iJb2BE6QYMws8uZZuFTYl_CMIA23XJyE7ZEh5BNmreyTJ8jyTf1uzfS_be-RLtscT60U763oRnX840LvDhqd0sLdVgaVhNvI4V6CHc3Namy05zqn5Yd2YRVrRXxYmIem9GdWyuAlCIs2ANkmBgyTLt_1acpvWO65LqKpIPSZL7FjNLeEtju2Fk-cfUQvkCOkF-K5l8LgeyPOFzQ0RA0zVbSe8NweE9OONuFHLXVExqlXZUeUSLggNIpt6-7qSaXhw_7oI8iPu9AhoGuxEPxGI5MIfYgSYTg3cuY4pn7jv8ePbpxz3ObneQPZbi6TNgFdQHckrs3ZVf6jJsXA0_AfIfoCmmxlo48uGVpxYyoJn4ZRDjV6Ko_b2ivu8DPIvs_LViSYyEBgIUbRSaMEvuTkr8S6m5QwFb_SVi6trF7Fh5Vka68IK6VNojDPv82pqeV_tDR5Lis2x3U051SQVnJ1K_u7gY1gjOYVSWoK7k0gtQaVAosstKWCIuvLsp5frqY7KGox-KSe1h_hERZmH3kAETcl3t7qFUlvFsTdX7vDhldhOhmhE3vortiBYps3ECwB3r_8j7DjB2sU4cWuHqH6ZMqeXygwDkIcPI6_hLJSNPXh1LIykF2p2yEhnl8pzv1WfmTWM&sai=AMfl-YREXSJHvrDUswjN3pWlvyiX9daVEMK_Ra-IA9JEyx2HiGMYUgd66tynefKhamrlZo4Q8HPjP6pq2lmiwVQaaXsG7GJcZJCN6w&sig=Cg0ArKJSzOdbVoaHIGGbEAE&cid=CAQSGwBygQiDv5jW7dFmxxQx62nw4Gyf2pg9E5ZFKhgB&id=lidar2&mcvt=1023&p=0,0,600,200&mtos=1023,1023,1023,1023,1023&tos=1023,0,0,0,0&v=20230419&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1682264217949&rpt=519&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:36:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:36:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 23 Apr 2023 15:36:59 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 34D6 13 KB
5 KB 20ms
20ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.live4d2u.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 5418
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 23 Apr 2023 14:06:41 GMT
expires: Mon, 22 Apr 2024 14:06:41 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame C41D 783 B
536 B 31ms
31ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9b04ff6848206e78d8f403027c8a56421a1953ad3fd94fc9d37438c055347cf8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-deOq-9UQJwgLkHw5YNql_A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.live4d2u.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-deOq-9UQJwgLkHw5YNql_A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 23 Apr 2023 15:36:59 GMT
expires: Sun, 23 Apr 2023 15:36:59 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C41D 0
0 55ms
54ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202304180101&jk=4459930239540501&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

GET
H3 200 FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js Show response
pagead2.googlesyndication.com/bg/ Frame 34D6 36 KB
14 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/FeZxK-xMU0bDCjOMbokEaZjg6vU8xaS24bySLDd5teM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15e6712bec4c5346c30a338c6e89046998e0eaf53cc5a4b6e1bc922c3779b5e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 13:47:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 265742
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14264
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 14:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Apr 2024 13:47:57 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8D1B 0
20 B 58ms
58ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BvXtom1BFZKmxAvLbx_APxfWSsAEAAAAAOAHgBAI&bg=!2tml2Y3NAAYfNdXmPzU7ADkAdvg8Wrz5AcJODnztTq1p4mKDxpjCbSb8VbngytuwQZQiLEAcrQT7qTr2QPDFKOOa5fzaimV9z_MCAAABOVIAAAADaAEHCgBIG8kEylnWVwnBFF8xPbwq0E8RHU3NmV8xiQBZMur8j-0hgS2wV3IkmjvjgVkcmPFf3q7qzQ1wJf2X_VKo4QRF1NHHpy7-EZC7mQMUzCMEUUuACXMIizH7gm8OvrzxakmIYhPKqfIpVsz9Pb3LXlFAHeiQmTi8_bB8B5ukrDUlHha370JvHiMPao2zhKdrJzGf2REKIYz47QMn_i6n9lBM-xPSQSpz-e6lZImOn67gK60w16IzfeAbdh42h6bk-BWJeTWtPhb_Q94UZGrkl6Mz6msPnaav3vyB1ZM_QRmSkb6kU9KRIeBPGSh691T0WuyJOdzIbkHfHqMnrYts-YODItrz4518mKbDDHH6oecaMRPALIbSFTI4ykN5cOpwsHHyWciIt4-yRCcXh0Pchane1B7ZRN8mr7diNT-VCHemzVQZICHeZKGYEsZwV_ntWZ3D6WGuLf-PnvzvviWmh-reCoNzBEc9EwWs6SGdeeP2i9xUpoR6QOIYMMwTbv4MfOF7Xz2RZhYI_NZXySz1ednB1QMWIubdQACb97exnVrJRZGjnK3ACQYUIGWzARhAu7cxtzoQXOMnHpl-lZ6tR2nB2GlQhib6vDQAK8qUF8ysvtFoxeGHVCCC7SSeuZETfkww9BIpAC_pG37l1_Tld3b4N4wQMx3lRx3py3YiF_O_x6sUX3CeWa-9zWrPV6kgGCSnF1yZnVFZq09jghw-xfAktYtlPh_IfgNn45btc_Cr3Xt5vPwZyXLb6styZQLCgMf5FxJiR0hGwtOIUNauQdpx1ZZz6RlWyj4qu1AEfPTB04NleDJaWqUp2DEQ8pMJn89aDIMvpk6FwcIhtujJOFD7MQknXNAGrRFP3cE9fiQkpga7O5o9dKf57R4JgOdVGsrkshbgGdCX_K3jMI8baLhsrk45r_CRJniNGXrAdIr2riCmCJXnvcv9DUO24kvi2u3yvtLqhEzqDt2IhxUufGGud2siSPAIeNRTjpeFvoEwU5UaWH-lrmxyeJL3yJDdk91-S8vCszSGrjE3qzvhbCniqCPD0UzKynx813RUS6AaajpA9PxdFzPBbGAOfprAmSU8ExrEoYuPLMNGy89jKZRqgPHokCm5aQm8S41018dvKq24os6xyw53Ew25QW8Fn5I

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:37:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 34D6 0
12 B 24ms
23ms Image
text/plain 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?jeNXIA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 15:37:00 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0BE6 42 B
64 B 62ms
62ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuphvh5MOVo7nsMKPaLLLZEw0U5qx3Ed8rcoSf3xZg_MZCg-wpyies370ApZZOEwfguQgoex-owS1_1cRIBNY2EYsHEnW2EXdkqnJx8PMmmDe45i6PHf_JupsynvoIRVtBum1D33A&sai=AMfl-YQKXxApHDt1NMEXfpmo1M6_DSh68fyWlnGys17N-0Cuwq3xhRYzZnv0BK9fvNtnj-Y2rgH_iD6wrukhPd89OVDbFzK-DaiRAHbx1UsQh72dfHsgX8CIpDdx67k&sig=Cg0ArKJSzKZ-Nx0XZdVBEAE&cid=CAQSOwBygQiDyxQs3i8WdIJozgVFq-tdwGMRuUkjoDd4FePdvP3PY5LH1dh_cZm5vHdDuom8Ib5o6ksQpLzoGAE&id=lidar2&mcvt=1000&p=820,1264,1100,1600&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230419&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3424586254&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1682264218678&rpt=585&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:37:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0BE6 0
20 B 54ms
53ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8792836532977&version=m202301230201&ct=76&x=1&cor=12424547260197482000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:37:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 57ms
56ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202304180101&jk=4459930239540501&bg=!ZGelZzPNAAYfNdXmPzU7ADkAdvg8WoctmfLnWQjh1IwdstN0PzPCLl1P5p7YOaha2CZ9eSd_xIKWYP2V6hACIPw3HSwaXa45E_sCAAABDlIAAAACaAEHmQLrD7otht0VWqRkQ1qrwfMynocV7-6pafLhhnghR3GviNO224aTzhPb5UZI52lavuLZt1ysJ0KWzMckaLL_7aWPpG2Sm6vC-LFfa0DP6LiGxHXXZtS9uhAXoDq5ppdPZm7Z2osCf9n2cr5XFjcpZGnhjPl_X04zC8d3uJ6XEJDGb0DW99y2eclftbGbap5guXPGA-xeq9K-NdGuIhcTjeHaqiZPpnhZ8-4D5SZ7ZoTGMSJATIytRJX1yqW2qgCV7sClN-w6MOFmZSQi1pUwDS3hZv_lJQl9OFUWl3TZBc0yMXg1GutLVQD8n0W42zHU-i1hLaXmJJxU0raHeG3Hp6LrHBg_c-YuzvuPOKl91oZpnwp6aCH_5RcTAWr-XdNfQFdvJbQXNiPqYnI8DfwtbvbpzK-P5h9MILuEnuSRgv1JDqsbMGX1XNME0lflwbyGCZ0eoGdL4cQbVVNRIyGZcV3mHaDkUf5JmCOHdP15fWJP0mNAfdOzOyAdhs_u7GVbapGh33utcxTKp-gtAkqm5ciVN7E5MCZfAS-QRec_49xxWHZiOcuHsOkcdXVcIDugzDDc_Bl-a7GlCTALhMC5gtxSvUgdw1Zb-XNkAs4A_7kN9RkURpYAZunlxL4ZXuNlq-4VRgud97TkKhxr4R1Qz80K98hQp21t3h8VAseKh-vGeQ0G5GtPrQIsYAzG4ul2VY1NIe5hbDnJzCm7GEShUjEgGWQKDlL4cW8TEu79hMyUzj6cSddl-nhsNRp6CAaiEwIw9IYH4iKbPOwxszhmTILEMZnBdq4WKG1_dRZIPlHb5jWzeA-nNPnSjo8WmEiMtfECFC9FVa7vtjET3y2xQF0ijPkSyEPL88neR3OGpfs-H69P6J9G9PFfBIW1Q4LW9tKY2p1EZkqgqpPnhl18PjKT0C00XZQmPeyqpOkpqGHECMJk9nmlrvHBDQMXeG5bpP3zGE0Ei9JamNmhcaEUZ0aLQTZl8ofX4zwP9fRE
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.live4d2u.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

GET
H2 200 dc_oe=ChMIwY_uyKrA_gIVT9kRCB0Bjgc1EAAYACDx1etaQhMI47DHyKrA_gIVRJCFCh0L4Avy;met=1;&timestamp=1682264228505;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame F818 42 B
401 B 113ms
55ms Image
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIwY_uyKrA_gIVT9kRCB0Bjgc1EAAYACDx1etaQhMI47DHyKrA_gIVRJCFCh0L4Avy;met=1;&timestamp=1682264228505;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:37:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMI3Zv4yKrA_gIVT9kRCB0Bjgc1EAAYACDx1etaQhMI5LDHyKrA_gIVRJCFCh0L4Avy;met=1;&timestamp=1682264228542;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 9853 42 B
107 B 79ms
59ms Image
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI3Zv4yKrA_gIVT9kRCB0Bjgc1EAAYACDx1etaQhMI5LDHyKrA_gIVRJCFCh0L4Avy;met=1;&timestamp=1682264228542;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:37:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMI6erGyarA_gIV8u0RCB3FugQWEAAYACDF1fc-QhMItrWXyarA_gIVFEwbCh31GQOZ;met=1;&timestamp=1682264229588;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 0BE6 42 B
107 B 56ms
56ms Image
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI6erGyarA_gIV8u0RCB3FugQWEAAYACDF1fc-QhMItrWXyarA_gIVFEwbCh31GQOZ;met=1;&timestamp=1682264229588;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Apr 2023 15:37:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

81 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

22 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.live4d2u.com/	1970-01-20 20:53:44	Name: _ga Value: GA1.2.689703812.1682264217
.live4d2u.com/	1970-01-20 11:19:10	Name: _gid Value: GA1.2.1548984852.1682264217
.live4d2u.com/	1970-01-20 11:17:44	Name: _gat_gtag_UA_31910035_1 Value: 1
my.rtmark.net/	1970-01-20 20:03:20	Name: ID Value: 45a3419e1da04b5ca4dc5211109e7e83
.live4d2u.com/	1970-01-20 20:39:20	Name: __gads Value: ID=2c98092368c4de49:T=1682264216:S=ALNI_MYhtDGKe-vD-KGwVPPsMQOmNxeCqA
.live4d2u.com/	1970-01-20 20:39:20	Name: __gpi Value: UID=00000c08adf47f2b:T=1682264216:RT=1682264216:S=ALNI_MacOjCefPxFBak9FbKCIwd7fMU_8A
.doubleclick.net/	1970-01-20 20:39:20	Name: IDE Value: AHWqTUkDIPlsN0ID1xh4GiF3lAz2RFjputV_eE3oAUfFO8cCReTAangnIvoLnUvl
.adnxs.com/	1970-01-20 13:27:20	Name: uuid2 Value: 2500600150409405643
.casalemedia.com/	1970-01-20 20:03:20	Name: CMID Value: ZEVQmcHOC-T7xfcHcdkozgAA
.casalemedia.com/	1970-01-20 13:27:20	Name: CMPS Value: 5241
.casalemedia.com/	1970-01-20 13:27:20	Name: CMPRO Value: 5241
.doubleclick.net/	1970-01-20 11:17:47	Name: DSID Value: NO_DATA
.adnxs.com/	1970-01-20 13:27:20	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVPi(N@U!]tcw8i_iqf!oN/@E'zz<Z0QXD0/O^SriXfVaAbdqESBfMt)z!]#$/%eBYiTD._PlZ[C[-kX-9Hy^f
.pubmatic.com/	1970-01-20 11:19:10	Name: KTPCACOOKIE Value: YES
.lijit.com/	1970-01-20 20:03:20	Name: ljt_reader Value: Gh4osGZH7IYlRhJQTjuRBmQr
.pubmatic.com/	1970-01-20 20:03:20	Name: KADUSERCOOKIE Value: E8CD6D20-0ECB-4EFD-957E-1763B6F1E13F
.w55c.net/	1970-01-20 20:47:58	Name: wfivefivec Value: xg7uxOLJ1PQBLR5
.w55c.net/	1970-01-20 12:00:56	Name: matchgoogle Value: 5
.bidswitch.net/	1970-01-20 20:03:20	Name: tuuid Value: b5ca3fd6-80d1-47c8-9f06-bf80c17f6ed7
.bidswitch.net/	1970-01-20 20:03:20	Name: c Value: 1682264219
.bidswitch.net/	1970-01-20 20:03:20	Name: tuuid_lu Value: 1682264219
.bidswitch.net/	1970-01-20 11:17:44	Name: google_push Value: Aer7DvIi7yf17TFhHPxWHrcObRfd_t46vbZRk7hl5LjXr-yMQlHAHwKzwvGQLWu1PI1yAccQbrprIeNIft5NZjtC4YZvclaYj_UZ

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
network	error	URL: https://yads.c.yimg.jp/js/yads-async.js Message: Failed to load resource: the server responded with a status of 403 ()
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1#RS-3-&adk=1812271801&client=ca-pub-3078197180359812&fa=1&ifi=7&uci=a!7&btvi=4&xpc=mUMPPMLxu4&p=https%3A//www.live4d2u.com Message: The resource https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20230418/r20110914/zrt_lookup.html?fsb=1#RS-1-&adk=1812271803&client=ca-pub-3078197180359812&fa=3&ifi=5&uci=a!5&btvi=2&xpc=zuRVUBW67S&p=https%3A//www.live4d2u.com Message: The resource https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a3d6ef91cb9249513776f1470cfa1c48.safeframe.googlesyndication.com
ade.googlesyndication.com
adservice.google.com
adservice.google.nl
ap.lijit.com
cm.g.doubleclick.net
cpt.geniee.jp
csi.gstatic.com
dsum-sec.casalemedia.com
eephaush.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
image6.pubmatic.com
live4d2u.com
my.rtmark.net
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
pm.w55c.net
rr5---sn-5hne6ns6.googlevideo.com
s0.2mdn.net
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
tpc.googlesyndication.com
upskittyan.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.live4d2u.com
x.bidswitch.net
yads.c.yimg.jp
133.186.12.16
139.45.195.8
139.45.197.236
139.45.197.251
142.250.184.226
142.250.185.130
18.198.72.223
182.22.31.252
185.64.189.115
185.80.39.216
185.86.138.155
185.89.210.180
2001:4860:4802:32::3
216.52.2.86
216.58.212.162
2a00:1450:4001:801::2002
2a00:1450:4001:809::2003
2a00:1450:4001:80b::2001
2a00:1450:4001:80b::2002
2a00:1450:4001:810::2002
2a00:1450:4001:810::200e
2a00:1450:4001:811::2008
2a00:1450:4001:812::2002
2a00:1450:4001:813::200a
2a00:1450:4001:829::2004
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2006
2a00:1450:4001:82f::2001
2a00:1450:4001:830::2002
2a00:1450:400e:3::a
2a06:98c1:3120::3
2a06:98c1:3121::3
51.89.9.254
54.93.65.156
69.173.144.138
00526e46a0cd4e0849012e53b5a9a2d003af41042d22f7cd4d6e2aaeb38577fd
06cc594a8068fbe5badf7a24325b0035011f9b96440fcb2d3d718b9e97ea64d3
079330dc0edae3efff746773d76a6348237b0963407c1d22d88cc15d8fd9cf63
0af9e0becb8cdf4232454b4a6c87ca2a4f1c9b6bbb1385744c4d8771777d3f13
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e0687e9a6abb0b2b03da5c05b5bba581b04c674bcea57d3e5ae5ba1074d89fb
11d03e5a32438446a53f604cdfd7954bf0f564a07547ec2c48fa51ab76970e05
1261ad719aa5342a3d5a84d53397546c8c7fcf499e4778b632330cbf7bdf0cb2
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12a3831e778d8969aad8052ad463f9ecc63745c97c994c4e8b15c04e46f49b39
15b5f22a28063d035ffae63c56b203963bf05b34ba3dc62bf789ac772c637422
15e6712bec4c5346c30a338c6e89046998e0eaf53cc5a4b6e1bc922c3779b5e3
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1e4b576d6a9386565d76626c0f705638f30b178aea840ab41d4ef06e3be10238
20160b923de864cdf44fa26bfd6281a9e0aba7eb800fac86804d9a41a93c2394
21e4f59cfd262f541623bed8ed5a907798a3ed1cb3b72a908b29e4a6f0496782
245000748b65546469ffadc97eb02d3a7cd1e4e21be33084dcb382df30d034fa
257c9947bb8a45c4a0519f4ddc8769ecc7f889e268a046b0f05c17dfc7912eee
278d9790939a72f372a5ab0b8ae0c0847097e7021b3204f908361b8308dec5e1
2afb3cf38deea01d461f29b961c8aab0da4f121a84a9c843f49dc7cced99b6a5
2db6489d44c93f3301f1969a58df60a3d7e36c3c892fc0976dadf1f761d569cc
2dc359b9ca450ead7258b1f8a26dc6f2d8daf0a784f34b3e31ca53d64b471fcf
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3259012887c5a4aa033124259fd97c2b418c85a644de8b3cdab3c80ab49afeb6
34326ebdb27755334a204e97415d391f9f18d02c45e7305cd12de6e2bc24bfcb
366e9aa6fb12aed18c8a40ba8d233fcc34bee21c4c7270c24ed1cb9b7dd74ffb
3974624ff80521dbd81d3ed32f8ec10c7baef11c272f46626a6284538e90e44b
39dcff53a502f4e7f0b3f64573803a09a3721791c01971f55d899772726dfecc
3a44a5f1f6f364d6f62a11cab7b02b80ec01d3b104889a820a59ba288663bff8
3b1b78dc0bec6c4c5e65036a6d67c15a91ae2fc807f61ddab5ddccc3483cb9c5
3bb947281051e58bdecf1097a12de077d1aedb181ac2ba63dc6747bd194ca8d2
3d3251d937d209def48e958bfeec683ca39dc0f15eb22f99bc3e7035995cd552
3e4e65e7db3c40d4bb9c16f3e85e1e7ed107d564d25c56e3170b38da5460506f
3f8824550d66192669812c7d9ae059153bba3451b9df24f438336093106199fb
3fa9c295f76cd029cc3800a61a9bba75cd9062851924561e3ce1a18a9ae6b843
400fabe35a47597142482001174f415493a18dc7e1d35f2f66385013b7dd1e02
416aefad976ead118a49aae709d84fe09656753c031e9282256ca9917b9e5cde
4283b7de52bd36949abd99c7f8f7a1301ecf3d67f60658fa8c6854eadcb91950
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
45a61a04904fc2115c440a349a65dc93d2965b0b24dc5a8172bd8b792bdbf103
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143
48cff7397a65266604a87d05e604a1a1ee50f2c35aa089517678abb6b3b79f9c
4a79defccb18bd8924a0cebb8e95b9c177c153aa44bead38f3ac13888601065a
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c956c576bbc552fa6a482bb93736e91250ac37eba98a89a10979f579d93bb8d
4eea4750c34468268bf626acb1a6b6954fd99a6c2e2408e8a8b9e4ef3080e84e
4fabe68b63d6140786250c4aa8afb26bd1d69d2b7af3527be611e3e70ed2ff6f
4fe1732b358a00a4c8f34245a3ca175d3f9ebe3f993734e135aa6ac09f06297b
503621190c75700c18c84fd3ec0977bf31b083d66e331d1009bb9cd17cdb85da
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
53ae3ed5ba1384a72c98abc0c00bf0a734dc388ce75af142778880befe392ee8
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56cb66844b6e4806082b345cc9bf870b3e2493a6f4e277b865d85666f0fac439
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61fbd2e8455c532c3876b5863f299deb7dc9859430731047bf6961843fd98334
620f78285fcec185cf13e3f850abbdd5aced51cf669f48d53fe2f36cf2df331d
62404c692127b6474af44eaca44141e40047f9af6871819b602149f289518c21
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bc71cfda8cdbff80ce2c9aa77a78e156d2788759d461279093b625a3e67041e
6c9736f159ea78dd1d61e8139b723521113cfdcffaf5ed37e4caa089309e90a3
6d95ea547b0974a09d61104fa136f5eb6973466b6358fb06d997cc7f20ee71b2
6f94da61df33854f21c6df7a5ef4574368905bd23ac88229b69478bf87ea4a84
71845dab85643db96df7504da7ef22381a632340afd99b87bef88709b171afda
73af4b9c559e7b68617638448119b956ab7f196be3d2a024b256fea17f097a17
78f2cf6e19f5c280e954561d71c566f413d03998b96457d28cc54a1a02a169d3
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7b23e3a7155161323573e58616ff1bfdaffd0560483db31315d181f6b394ddd5
7f1e92cb16f20bd83190f07fc52abd60414f15f81f8b83eeefbc3f9e2b9103fc
7f51b1bfaf2b906d1b6fe618c0a157da1742ad2d1ad56509171ddeaabafc6294
81cacd6b187878c8eb795e61e66c648ee76c410dafc63852de35290c1e56f9f1
837bf9a5269ffa75feec1c38e7c6478a3e84f182e55522c85e691f489637e30e
8460aaf36b73e229c6b0fcaf7bac791e23c3145e87de6a04d0d91541e39289b6
84a5e9a46e2c9bd8b6ccd99aafbb8623105a8ed4db5ada26aecd973482f98444
85f5fa4e4e018f353a57795fac053b8440905db9cda4a7d18147d48e8d77e233
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
883f7ec366a3fde889c5b1f7d320fb7b0421fe2817839c3dabf282f44b505bc3
893b253b58c18dd8d45a5a761eb5af63d1ff88a3694200f08197fd4585bfde4f
8e6402b9370cc0670cc9c0b0b2af59803bc36676b7a6b58c1a0a34595375f7c8
8fb69ff3d18a80dc359f8998113b8219aab0d5ab3f630fb8bd6d8457d065c12a
929732c77c22652665aa1a8bc95af878318fe3177b4249ba579670fe4c5d141b
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
97cdf067606c37c831a54b3ffc71cafb94ff1f4db84a1ba620b2e9e43cc1084d
99ed37a70d28ef92ed0f8a5509f552666aaffd35c39efbc3d30eae701db77c20
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b04ff6848206e78d8f403027c8a56421a1953ad3fd94fc9d37438c055347cf8
9c53a407fc61ca95792d5fa8f35557c94f41771b54fad35e94780e0b0df92875
9d303198d97359f6bc9102b9e4fa97d19d2f8392a1ec462b0b6eae0cc5b92635
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
abcaa4cbf0d517e1dae42fdc14d75406f06d8401e3394d07cd5963c019a65bdf
ad3995ed8857c7c6c71609fb70c4c77bc564d9279424bc5b9945134720730d24
af3db37cd37f8c6425e168cdde71e01053db2350a26ce758c1393820a2497453
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1e6610370bd559a32ad514fb266b9383bb0bdf0c6de6795dc8d672375d3b812
b6e5ce3d445492935371c45cadaad6cf91382180fa9cb2d6e75bac3a7d88f3c8
b8959c76b62cb0a1d55b546b00d4d8563bdbaee45fd7cc2e77a7721ff219a39f
bae059fd5774acd8c940c02acd1708b584696f2511ef5ffec8be01f1b2fd8776
bc65c0c296ccbf07de8e551b9dbe13b3b6f057c22626842a7d8e4753ea183587
bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66
c0d674926591125b2533618175d1334d26f7704e3ac7fdec0d75f1497543c51d
c655a50bd0d775ce29cad2ccfe471421fce3a4069d729b0771a827d37cd80d06
c7f42fd7e961148cbacb3643b669d55768ded74e587cd30d429a4e8112c05a5c
c8c31557e60941dc1626ba78570f96f5c2e496f14df3da2aa1df51e963e5a015
c92274682a6f141ebd59c7645ee94423f3bb0b12173b849e86ce4237a774659f
ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93
d03e99f0aff5436a6c0e55736133a1d51caead38e13ae380114341e007b723ca
d30cb8c727c9036e31d47a5b07929fe79bf74a0f49a0e0d039a54d783139c37d
d44342b604d0e5f355687d4ab91e08157c778a9c457ce21439bd4a53940956eb
d7cfc6d02351949b96a3db5388d66150213c2dc212ea11f51f01324af7daf39b
d7effa4abb1004ac11058d1fc73b1ebb9cbf993bc96dd96be50ba81ba895bd69
d9a33ec776768fa334c72f00a352a3a846b0e12c556f8cfc45a28bbac0a9bbab
dbd705cda459a9a60a204815d09fce7a6bdba66f7f8f1ce86e82104ac244768f
de6abb13d18034381d44305dd72a0cffb005690a9552da6b594dd6c738d887b3
df3f86e8cb9abbc7c08d77f3d0b9a74eb950a97edd59710f2020e8b1b2e7a241
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e52ad60cf8269c44381d5e0833e69b9b8f3b9f9346b7066b1dc5a52b390feedc
ec0fbcc690f02ac846b47ff7f1b59edd3dc82deaf19a64739d23e1edbb2bdc29
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f323fc9e13fd6a7758914ff9eefe58a1828eceaf1fe979659b1117694910c1e4
f3543e422b70c27b92cad0467ab812c07009c851cb96b5450e9c4df4abd18b47
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
fcaaacbe09be7babfecfbcad09df9c01257b0ea95ee996105d6756ba75f41aa3
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
fffa14e9a3c576087a9202af54e8f11669f29c37617df0c6f728ca24d95f60bc

www.live4d2u.com Open in urlscan Pro 2a06:98c1:3121::3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

262 Requests

93 %HTTPS

53 %IPv6

27 Domains

37 Subdomains

32 IPs

7 Countries

2787 kBTransfer

8475 kBSize

22 Cookies

0 Outgoing links

Page URL History

Redirected requests

262 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 14 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.live4d2u.com Open in urlscan Pro
2a06:98c1:3121::3 Public Scan

Screenshot
Live screenshot

Full Image

262
Requests

93 %
HTTPS

53 %
IPv6

27
Domains

37
Subdomains

32
IPs

7
Countries

2787 kB
Transfer

8475 kB
Size

22
Cookies

262 HTTP transactions
14 data transactions