villainessturnshourglass.online Open in urlscan Pro
2a06:98c1:3120::3 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://villainessturnshourglass.online/
Submission: On December 21 via manual (December 21st 2022, 11:48:29 pm UTC) from DE — Scanned from NL

Summary HTTP 271 Redirects Behaviour Indicators

Summary

This website contacted 38 IPs in 7 countries across 32 domains to perform 271 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is villainessturnshourglass.online.
TLS certificate: Issued by E1 on December 3rd 2022. Valid for: 3 months.

This is the only time villainessturnshourglass.online was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
27	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:1b	20446 (STACKPATH...) (STACKPATH-CDN)
6	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
2	13.32.27.27 13.32.27.27	16509 (AMAZON-02) (AMAZON-02)
1	199.232.16.193 199.232.16.193	54113 (FASTLY) (FASTLY)
6	2606:4700::68... 2606:4700::6812:e134	13335 (CLOUDFLAR...) (CLOUDFLARENET)
30	52.204.242.76 52.204.242.76	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:1b	20446 (STACKPATH...) (STACKPATH-CDN)
10	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
31	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
2	205.185.216.10 205.185.216.10	20446 (STACKPATH...) (STACKPATH-CDN)
3	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:400d:803::2002	15169 (GOOGLE) (GOOGLE)
35	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
4	2606:4700:20:... 2606:4700:20::681a:9a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 4	51.89.9.254 51.89.9.254	16276 (OVH) (OVH)
2	147.75.85.234 147.75.85.234	54825 (PACKET) (PACKET)
2	54.154.5.50 54.154.5.50	16509 (AMAZON-02) (AMAZON-02)
2	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
2	34.237.159.44 34.237.159.44	14618 (AMAZON-AES) (AMAZON-AES)
2	34.107.148.139 34.107.148.139	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a06:98c1:3122:: 2a06:98c1:3122::	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
31	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:806::2004	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:400d:802::2001	15169 (GOOGLE) (GOOGLE)
4	104.96.145.246 104.96.145.246	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2a00:1450:400... 2a00:1450:400d:806::2002	15169 (GOOGLE) (GOOGLE)
2	2602:803:c003... 2602:803:c003:200::51	26667 (RUBICONPR...) (RUBICONPROJECT)
4 11	142.251.39.34 142.251.39.34	15169 (GOOGLE) (GOOGLE)
2 4	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2 3	185.89.210.82 185.89.210.82	29990 (ASN-APPNEX) (ASN-APPNEX)
2	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2006	15169 (GOOGLE) (GOOGLE)
1 1	185.29.132.245 185.29.132.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 2	172.64.154.237 172.64.154.237	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	216.52.2.30 216.52.2.30	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
2 2	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
271	38

27 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

villainessturnshourglass.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:1b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.27.27 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-27.fra56.r.cloudfront.net

cdn.purpleads.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.16.193 (Vienna, Austria)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6812:e134 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 52.204.242.76 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-242-76.compute-1.amazonaws.com

api.purpleads.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:1b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

a.exdynsrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 205.185.216.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map2.hwcdn.net

cdn.psdn.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:400d:803::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

e6d054d95d762ca565d1bb3d58179dc6.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
8d7393c1e66d24c697ecb58c46392eb8.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
0f974652e490bdeb6e8fc05a8780a2f1.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c53869c191bc3e659bd34e977428922e.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ed1ab487481d00003573b79799d3602f.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:20::681a:9a9 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 51.89.9.254 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip254.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 147.75.85.234 (Schiphol, Netherlands)

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.154.5.50 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-5-50.eu-west-1.compute.amazonaws.com

ads.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.237.159.44 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-237-159-44.compute-1.amazonaws.com

hb.minutemedia-prebid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.107.148.139 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 139.148.107.34.bc.googleusercontent.com

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3122:: (United States)

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:806::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:400d:802::2001 (Ireland)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.96.145.246 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a104-96-145-246.deploy.static.akamaitechnologies.com

ads.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:806::2002 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2602:803:c003:200::51 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

smarttag.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 142.251.39.34 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: bud02s38-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.80.39.216 (Canada) 2 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.89.210.82 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.2 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.245 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Tuttlingen, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.64.154.237 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.30 (United States) 2 redirects

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.18 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
73	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 101 e6d054d95d762ca565d1bb3d58179dc6.safeframe.googlesyndication.com 8d7393c1e66d24c697ecb58c46392eb8.safeframe.googlesyndication.com 0f974652e490bdeb6e8fc05a8780a2f1.safeframe.googlesyndication.com c53869c191bc3e659bd34e977428922e.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 139 7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com ed1ab487481d00003573b79799d3602f.safeframe.googlesyndication.com	378 KB
46	doubleclick.net 4 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 192 googleads.g.doubleclick.net — Cisco Umbrella Rank: 34 cm.g.doubleclick.net — Cisco Umbrella Rank: 208 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 297	1 MB
32	purpleads.io cdn.purpleads.io — Cisco Umbrella Rank: 34915 api.purpleads.io — Cisco Umbrella Rank: 27259	42 KB
27	villainessturnshourglass.online villainessturnshourglass.online	381 KB
15	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 374	326 KB
14	google.com adservice.google.com — Cisco Umbrella Rank: 72 www.google.com — Cisco Umbrella Rank: 2	5 KB
10	gstatic.com fonts.gstatic.com	204 KB
6	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 513 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 419	5 KB
6	rubiconproject.com ads.rubiconproject.com — Cisco Umbrella Rank: 2891 smarttag.rubiconproject.com — Cisco Umbrella Rank: 16023 secure-assets.rubiconproject.com — Cisco Umbrella Rank: 835	20 KB
6	4dex.io script.4dex.io — Cisco Umbrella Rank: 1884 mp.4dex.io — Cisco Umbrella Rank: 1980	50 KB
6	google.nl adservice.google.nl — Cisco Umbrella Rank: 13489	1 KB
6	onesignal.com cdn.onesignal.com — Cisco Umbrella Rank: 3416 onesignal.com — Cisco Umbrella Rank: 1310 img.onesignal.com — Cisco Umbrella Rank: 6621	162 KB
6	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 37	4 KB
4	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 690	1 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 210	3 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 188	141 KB
2	3lift.com 2 redirects eb2.3lift.com — Cisco Umbrella Rank: 335	957 B
2	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 581	1 KB
2	media.net prebid.media.net — Cisco Umbrella Rank: 1148	2 KB
2	minutemedia-prebid.com hb.minutemedia-prebid.com — Cisco Umbrella Rank: 3277	422 B
2	creativecdn.com prebid-eu.creativecdn.com — Cisco Umbrella Rank: 6196	387 B
2	servenobid.com ads.servenobid.com — Cisco Umbrella Rank: 1615	1 KB
2	a-mo.net prebid.a-mo.net — Cisco Umbrella Rank: 858	422 B
2	psdn.xyz cdn.psdn.xyz — Cisco Umbrella Rank: 61025	224 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 29	20 KB
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1427	584 B
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 1782	174 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 434	862 B
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 267	206 KB
1	exdynsrv.com a.exdynsrv.com — Cisco Umbrella Rank: 66697	40 KB
1	imgur.com i.imgur.com — Cisco Umbrella Rank: 5965	51 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 686	33 KB
271	32

	Domain	Requested by
35	pagead2.googlesyndication.com	securepubads.g.doubleclick.net villainessturnshourglass.online tpc.googlesyndication.com 7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com www.googletagservices.com googleads.g.doubleclick.net
31	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com villainessturnshourglass.online 7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com googleads.g.doubleclick.net
31	securepubads.g.doubleclick.net	cdn.purpleads.io securepubads.g.doubleclick.net villainessturnshourglass.online www.googletagservices.com
30	api.purpleads.io	cdn.purpleads.io
27	villainessturnshourglass.online	villainessturnshourglass.online
15	cdn.ampproject.org	securepubads.g.doubleclick.net
11	cm.g.doubleclick.net	4 redirects googleads.g.doubleclick.net 7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com
10	fonts.gstatic.com	fonts.googleapis.com
8	www.google.com	tpc.googlesyndication.com 7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com villainessturnshourglass.online
6	adservice.google.com	securepubads.g.doubleclick.net
6	adservice.google.nl	securepubads.g.doubleclick.net
6	fonts.googleapis.com	villainessturnshourglass.online securepubads.g.doubleclick.net cdn.purpleads.io
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	onetag-sys.com	1 redirects cdn.psdn.xyz 7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com
4	script.4dex.io	cdn.psdn.xyz script.4dex.io
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	www.googletagservices.com	securepubads.g.doubleclick.net 7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com
3	onesignal.com	cdn.onesignal.com
2	eb2.3lift.com	2 redirects
2	ap.lijit.com	2 redirects
2	ssum-sec.casalemedia.com	2 redirects
2	googleads4.g.doubleclick.net	googleads.g.doubleclick.net
2	googleads.g.doubleclick.net	7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com villainessturnshourglass.online
2	7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	secure-assets.rubiconproject.com	villainessturnshourglass.online smarttag.rubiconproject.com
2	smarttag.rubiconproject.com	ads.rubiconproject.com
2	ads.rubiconproject.com	securepubads.g.doubleclick.net
2	mp.4dex.io	cdn.psdn.xyz
2	prebid.media.net	cdn.psdn.xyz
2	hb.minutemedia-prebid.com	cdn.psdn.xyz
2	prebid-eu.creativecdn.com	cdn.psdn.xyz
2	ads.servenobid.com	cdn.psdn.xyz
2	prebid.a-mo.net	cdn.psdn.xyz
2	cdn.psdn.xyz	cdn.purpleads.io
2	www.google-analytics.com	villainessturnshourglass.online www.google-analytics.com
2	cdn.onesignal.com	villainessturnshourglass.online cdn.onesignal.com
2	cdn.purpleads.io	villainessturnshourglass.online
1	ed1ab487481d00003573b79799d3602f.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	dsp.adfarm1.adition.com	1 redirects
1	tr.blismedia.com	7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com
1	sync.mathtag.com	1 redirects
1	s0.2mdn.net	7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com
1	c53869c191bc3e659bd34e977428922e.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	0f974652e490bdeb6e8fc05a8780a2f1.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	8d7393c1e66d24c697ecb58c46392eb8.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	e6d054d95d762ca565d1bb3d58179dc6.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	img.onesignal.com	villainessturnshourglass.online
1	a.exdynsrv.com	villainessturnshourglass.online
1	i.imgur.com	villainessturnshourglass.online
1	code.jquery.com	villainessturnshourglass.online
271	50

This site contains no links.

Subject Issuer	Validity	Valid
*.villainessturnshourglass.online E1	`2022-12-03` - `2023-03-03`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.purpleads.io Amazon	`2022-10-31` - `2023-11-29`	a year	crt.sh
*.imgur.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-03-16`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-03` - `2023-06-02`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
exdynsrv.com R3	`2022-12-12` - `2023-03-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
psdn.xyz E1	`2022-11-29` - `2023-02-27`	3 months	crt.sh
*.google.nl GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
script.4dex.io Cloudflare Inc ECC CA-3	`2022-11-23` - `2023-11-22`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-10` - `2023-01-03`	a year	crt.sh
*.a-mo.net R3	`2022-12-04` - `2023-03-04`	3 months	crt.sh
ads.servenobid.com Amazon	`2022-05-29` - `2023-06-27`	a year	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-17` - `2023-04-12`	a year	crt.sh
hb.minutemedia-prebid.com Amazon	`2022-02-03` - `2023-03-04`	a year	crt.sh
*.media.net Sectigo RSA Domain Validation Secure Server CA	`2022-04-06` - `2023-05-04`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-17` - `2023-04-04`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
tr.blismedia.com GTS CA 1D4	`2022-12-14` - `2023-03-14`	3 months	crt.sh

This page contains 36 frames:

Primary Page: https://villainessturnshourglass.online/
Frame ID: 1FE32A79005A01C8593F75A457A03E12
Requests: 60 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: DF8235F036BABA8B6DA149985DC70DCA
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 4CEED7B8F45C2C963A3D2060E29C1B96
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: F3D755D1ED680B9389B33BBE8AD5AED9
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: E06069E270C48D799C708AFECD471740
Requests: 9 HTTP requests in this frame

Frame: https://cdn.psdn.xyz/prebid-2022-12-14.js
Frame ID: EE5C39E994C024A74499A42A78A38F9C
Requests: 10 HTTP requests in this frame

Frame: https://e6d054d95d762ca565d1bb3d58179dc6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: D96BD1DE0DA700AF79FF752F08E32936
Requests: 1 HTTP requests in this frame

Frame: https://8d7393c1e66d24c697ecb58c46392eb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: C1B481C96C139FAD298E528241C22042
Requests: 1 HTTP requests in this frame

Frame: https://0f974652e490bdeb6e8fc05a8780a2f1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 6E6F93F424C780D73DE7465F64A511F0
Requests: 1 HTTP requests in this frame

Frame: https://c53869c191bc3e659bd34e977428922e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 0C4A5BA280C9C3A3C01A0D02764171BE
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 5FD5DF7C9E52DC7FD36D2220F7C7B3CC
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 7231DC10A7C7137E1D070C3110944AD9
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs
Frame ID: 4EC153FBFAB0D294CCD1C5D8693D6B5A
Requests: 15 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvK2ZPihwfjb3um3InZVTW-_CY7dTk_AupRJpi0z_dKKV_Kb7kJPnWF4YO8VDiW76amXCMDzAEMqLYtFnfKWviUNsDJAI3S0tvuq4ev1-he00lRLytahfWBSM1hnY8weET3bOtbauODuwRqjDSvtrQmDlLXCzZcfmNk8GPnMHHlWCk1D93GjTdxo3I_vjiBXUobbdnYZGDeZPrvgFOWXzwsOucKnSMMZM3xnEtH1655ALpb2e9v-OPsQrYNavDEmdNLGIBBb9SFOTVKd_IIdFmg1A_-i845dvRlx4JKoD-NwlpzhOfjDGwr0nixaaMSuWLnh2kXRi-8xYm8jTLHEbft2XKCyXoLuEkL06dImoYy7IX0LGadjmA2oJXplwCGp9xlKPUDyClcf0vrj6NKHl7AuVcdCOXWtzznm_VgefvoLurIovo1N9ztrXu76Cifb0K4vbj-KRBzgm1Nif5aQUMn0soKjvFIkA4dtz1QFbbp5VqO_fo6JUUwvLdblOwfaWQ&sai=AMfl-YQLnE1GHDY9uQJLT3B4nXsYZ1Dx_XpoSVOIwD6udlXCrl7Y1re2BaonU_mYtwCh3WJW5vOpIQmMeXyBzGM2XmSToYLZwl6qmt0AVsfTd5yUGveUlfYlfjskf9glklTndQXC0HSrxxeAkDUln15sZQ&sig=Cg0ArKJSzC6l-Cybzpz9EAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: D8BCC580D0AB0802BD5FDC384EEE7B2F
Requests: 7 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs
Frame ID: 7380335084BD10F76988A355BBF3B1D1
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 0120B0299249AD4A653D44551C8101F5
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 60CBD53A939DB5F775833186EFA0BF50
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvDEz18ykvCs0n8gEBm85RNfYbapJgyyvcKalNoYlgTaeseKM1usIFyEw7E5K0Cf2BvqW0lzoHTDC0VCh2iW3GeO64gi2xFPNoMms80igRJa3U6t_H3a8fR2P6aLfNMl85Vp7xxLT1Lx_py75AFAQFPtABVqETLI4v1IntLiTKDoYMtoxyTJMTJhHehmnLbpYemfwVzUWV4XHRjTHrUrz-4v0bvEABfkpo-FGFH6YiwUa7e2IJcGxj9Od6lAfAspb6yCKFEicpxW9gp0m8iVdtNTt9XaPo7CIeGuUbvMJ4skkrIx5ZzRFmzFHgf_Q1HdSOvtfoRmTRtFxEuCjet_mbljHgDja_gh9T3uZZIuNnvK1kszRD0HNs5F44lcrVhaJ7AhpnKLy5H1iabFO4dXEmOPeGaNKajrzkHk_zwIrDTRVw8Kt8ITw3OPOV2bs-awwmimKTE6Z8JPptKo7C1sv80MQvtYYmvxC3QMVIRQwc2KDMoIiVxS6sQQpseFswCdlU&sai=AMfl-YTkE6oJaFyEnwIM53h6Mb2fI1Rh5ITqqRLtbcQBm3ZPep8lhEJ3Ix8KYjmsAfQo3cqThwnKsjYizTdAi-5QMy5Xr7kaKlq8yzg5VGGvzybyxuCa1kyrai9J6na_MIsplWlVD4DWxOZLbqPSaRdOeQ&sig=Cg0ArKJSzPKv3PxwtvkuEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 8B83C066663CEBD9D9392FF92F36A095
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 884869EB816AEA23E32BDFE3CAA040E5
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: BAB628E821C21FF468F28A3D987628A7
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 4A17D4B22D964A1E3D766E4275204488
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 897FAF0CAE69CAFECFD1034F6B0C0867
Requests: 2 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Lato&display=swap
Frame ID: 2655EED28A0F260C86858E7BDAC8BE50
Requests: 12 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 118384EB0A9B9F902C448B0F2E8F822E
Requests: 9 HTTP requests in this frame

Frame: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 3443227A6E6A6B2CD5D0C9F49E5C795E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 6292101000083B1DDA3FF18309385438
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 26CED3F09D8EE4B99CDC29A10E21D8E4
Requests: 2 HTTP requests in this frame

Frame: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: DC3073F943CF1C0F3B416245909AAB50
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN8DELWUQxiz8t_bATAB&v=APEucNUwGarhTl_qogzKuVZ5UFI2eB9q_EzlnlOd2sb-C8dKROZt3hHyfxGNHh5NGd4x7B9tBDrHeCAyxuds6IMDgF_HCoD_n5pQEkgdxX5mXZeqiAgTEfhRSqZi_M2PwaMRJi_-UTWpnrRLBwxi9KZTOK4Pg09rO8Jc_pVmpUdeF52DrYHhUDs
Frame ID: 36252EACB8A02EA1FAA6CA0E0EB81D25
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Lato&display=swap
Frame ID: EF6C7A13F6D6E952B91A3CE56AA8FAAA
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 8680C0B64F65A3DB227D6FF347400545
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 12C2BF8D58E08117F7297A5C50A9EF10
Requests: 3 HTTP requests in this frame

Frame: https://ed1ab487481d00003573b79799d3602f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: EF717B4BFBC55FC0708CA798D421EE8A
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs
Frame ID: 3CE2635E088DEFBF674B5BF854951C3C
Requests: 16 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 1149EDC9938F96D7290449095669C67C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 3DF22FC982ADD9B8A0772A36FD667E59
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

The Villainess Turns the Hourglass Manga online

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

OneSignal (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

cdn\.onesignal\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Underscore.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

underscore.*\.js(?:\?ver=([\d.]+))?

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

271
Requests

96 %
HTTPS

50 %
IPv6

32
Domains

50
Subdomains

38
IPs

7
Countries

3335 kB
Transfer

8675 kB
Size

20
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 221

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHfP6LMNl4mskYLwpRIbUzA&google_cver=1

Request Chain 222

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y6ObScSgmLtA5PsXtXBcxwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHfP6LMNl4mskYLwpRIbUzA&google_cver=1

Request Chain 223

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEPZvO0Lct7VhvfGI4GAMM1Q&google_cver=1

Request Chain 224

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODk2NTk1ODQzNDQ1MjcyNjQwMw%3D%3D

Request Chain 238

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESENlUpTCD319xRNzgIv3aCrA&google_cver=1&google_push=AavPq0PozNhyPKB2Jc1P8C2q-LbdZl7oBK59Vn3YFka0Zg1aW1xvamZ4SfRa3pZ7iUV4uBWKDupA6DXK19FF1_G_jdkX4QHlQMFOrw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AavPq0PozNhyPKB2Jc1P8C2q-LbdZl7oBK59Vn3YFka0Zg1aW1xvamZ4SfRa3pZ7iUV4uBWKDupA6DXK19FF1_G_jdkX4QHlQMFOrw

Request Chain 240

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEOes0t3HNphXO4fB3TaoHoY&google_cver=1&google_push=AavPq0Pghx7DyowzcgcRJsFqLtbozmLDj3BLVrD7fB1viPoVhgcacBYRnoxE2N0dvUZFTcCPvFFa5G-TTVForEsn_lFyUNZum2Hi HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE3OTc1Mjk2ODgwOTA4NTA4MQ%3D%3D&google_push=AavPq0Pghx7DyowzcgcRJsFqLtbozmLDj3BLVrD7fB1viPoVhgcacBYRnoxE2N0dvUZFTcCPvFFa5G-TTVForEsn_lFyUNZum2Hi

Request Chain 241

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECmwI_uaGzcaETa2GEs5kOI&google_cver=1&google_push=AavPq0NukSYzH100VjVBxUqf0k7hpfkmCqHAxWTxFcuCaKJDEX4FEspx2Wy3wjO9ifbnUrQl2IK_kyA-V2L3zeyFwMwCD0ZfLtR83g HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESECmwI_uaGzcaETa2GEs5kOI&google_push=AavPq0NukSYzH100VjVBxUqf0k7hpfkmCqHAxWTxFcuCaKJDEX4FEspx2Wy3wjO9ifbnUrQl2IK_kyA-V2L3zeyFwMwCD0ZfLtR83g&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESECmwI_uaGzcaETa2GEs5kOI&google_hm=Y6ObSQiBYR4lDizMXJshwgAABGYAAAIB&google_nid=index&google_push=AavPq0NukSYzH100VjVBxUqf0k7hpfkmCqHAxWTxFcuCaKJDEX4FEspx2Wy3wjO9ifbnUrQl2IK_kyA-V2L3zeyFwMwCD0ZfLtR83g

Request Chain 242

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEDyXI7qfrksMj8Mv72H3-s8&google_cver=1&google_push=AavPq0OQJO7_-NqRdxINVduT-wx4jaXQHxoYoDdOQBb5NXM-oOJZMQlAH8hNT8aad6kGRWr72nR-5Y23INP75EyLf6aF62_PV9Uy HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEDyXI7qfrksMj8Mv72H3-s8&google_cver=1&google_push=AavPq0OQJO7_-NqRdxINVduT-wx4jaXQHxoYoDdOQBb5NXM-oOJZMQlAH8hNT8aad6kGRWr72nR-5Y23INP75EyLf6aF62_PV9Uy&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AavPq0OQJO7_-NqRdxINVduT-wx4jaXQHxoYoDdOQBb5NXM-oOJZMQlAH8hNT8aad6kGRWr72nR-5Y23INP75EyLf6aF62_PV9Uy&google_hm=F2w0uGZH0WzKZ9PEQum7lbFM

Request Chain 243

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEJo9cPurxf-PO0d92kflMyQ&google_cver=1&google_push=AavPq0OogVbxoEXh-T4zD8-Ao4idCKzSe3_r8c-lxGJD9ElrcxJTCCRpbM4U8EHIXJZyGpauE03lGxAbxo4QP_B4pqV1fp2OYd19Hg HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AavPq0OogVbxoEXh-T4zD8-Ao4idCKzSe3_r8c-lxGJD9ElrcxJTCCRpbM4U8EHIXJZyGpauE03lGxAbxo4QP_B4pqV1fp2OYd19Hg&google_gid=CAESEJo9cPurxf-PO0d92kflMyQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTE5MzA4NjQyMzEzMDg0OTgxMjc4Nw%3D%3D&google_push=AavPq0OogVbxoEXh-T4zD8-Ao4idCKzSe3_r8c-lxGJD9ElrcxJTCCRpbM4U8EHIXJZyGpauE03lGxAbxo4QP_B4pqV1fp2OYd19Hg

Request Chain 244

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEP1-KSgV3Fq8ertxfvSxyig&google_cver=1&google_push=AavPq0PB6YjAi1madPHaZAMjX-QnT9yVyc7bhLmKA8i78gt3byvODkDHj_ikEoWxWJSdR2y2Wzl3gyFk81Y191A0AWqPf8LxIOQwnQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AavPq0PB6YjAi1madPHaZAMjX-QnT9yVyc7bhLmKA8i78gt3byvODkDHj_ikEoWxWJSdR2y2Wzl3gyFk81Y191A0AWqPf8LxIOQwnQ HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

271 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
villainessturnshourglass.online/ 85 KB
18 KB 724ms
653ms Document
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: 6231398da535e277fa219e44ff9972a07623d40ab24ba73d6d0b373b8bfc59f6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 77d4820beb940b4b-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 21 Dec 2022 23:48:21 GMT
expires: Wed, 21 Dec 2022 23:48:20 GMT
last-modified: Wed, 21 Dec 2022 17:25:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WIcGp%2BVLKzv6UnFlzbMP0rxtTtnYWz2YJ3vHgtLZd7ynhjv7bZKt2NcGKWOKoNhpgKZwcwaFkqozhw9Fq3qNZGh8x5RI%2ByXzJGAACaes%2Bb6IDTygbJZPpKmwajzA0Sk8QX6wcjZx7RpCHtpQ3JtYkr5u8c6Asrw4Q4FHnWcn"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,Accept-Encoding
x-powered-by: PHP/7.4.33
x-turbo-charged-by: LiteSpeed

GET
H2 200 jquery-1.11.3.min.js Show response
code.jquery.com/ 94 KB
33 KB 171ms
29ms Script
application/javascript 2001:4de0:ac18::1:a:1b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.11.3.min.js
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: gzip
x-sp-metadata: HS256.CNXSjp0GEo8BCiRjYzgxZmM3MC0yOWEzLTQ4ZDYtOGJmMC1kYjczZjM3M2MwMDYQ+OiCoKvU+wIaBgjFto6dBiIUMmEwMDoxNjMwOjI6MWMwMzo6MTUoytIDMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogM2U5YjIwNjEwMDk4YjZjOWJmZjk1Mzg1NmU1ODAxNmEaLAgBEiQ2ODE2YjAyMy03M2RkLTQwNTgtOWI3Yy1jYWZkODQ3MGFlZWEY7YMCIhgIAhIUY2RzMDEwLmFtNS5od2Nkbi5uZXQ=.D0eQ41Ila7MhsKLPI12/z0dovecIZp8wM05tVLNiceQ=
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-176d5"
vary: Accept-Encoding
x-hw: 1671666501.dop004.am5.t,1671666501.cds250.am5.hn,1671666501.cds010.am5.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 33261

GET
H2 200 style.min.css
villainessturnshourglass.online/wp-includes/css/dist/block-library/ 79 KB
11 KB 654ms
651ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-includes/css/dist/block-library/style.min.css
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 06 Oct 2021 17:56:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gWQ8Zvo4lg8AWOGh3cmrX%2BLcMOBV4O6SNGV9L%2FPxu5mEarpWyCM%2F70DCu7YjdbmXVbxh8RMWa%2FAmEPQnn4Zdaq2tk1ParlEqNJ8MitjrDLCcpHjFDt4rQSD7HfngsLEHhtACM0RstBzcmpPtIVjdgphtH0EKtPs%2BxHtycZwQ"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 77d482100c2b0b4b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 21 Dec 2023 23:48:21 GMT

GET
H2 200 styles.css
villainessturnshourglass.online/wp-content/plugins/contact-form-7/includes/css/ 3 KB
1 KB 476ms
473ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-content/plugins/contact-form-7/includes/css/styles.css
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 070edfef42e0980783d0acf8fa9ca6a9833b994eca13ffaa94e9a2deb47c92cf

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 05 Oct 2021 20:52:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=slDGrs7wUxStXMw2E%2BfUTUFCH18BIxgmLPQ0renvwTeF77xqwD%2BztvJGgFIh%2FUkv14PigixgIMTFLCQ13qdRuncZZkJJ9lj%2B%2Bmda%2BFgAaEPDi4nQhm09CJt3AJylhO%2FKWF4N9JmJ%2BkBA52YItoxV9keYZrFY%2BkCYbs7NSGNW"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 77d482100c2c0b4b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 21 Dec 2023 23:48:21 GMT

GET
H2 200 frontend.css
villainessturnshourglass.online/wp-content/plugins/wp-dark-mode//assets/css/ 29 KB
4 KB 498ms
496ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-content/plugins/wp-dark-mode//assets/css/frontend.css
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6146e850afd9ba2175c55d58300dd7412223a95c7987cdbad5eee5060a6b3adf

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 06 Oct 2021 17:57:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6eLjqEiTr%2BthOAGwEYo7c%2BT15Gl3cPTF0rHE89IyFCszzUutnd1%2B%2F1Q%2BzryIEjoZ3xVgNyg3BKTlw4QT%2B0s9OEXQ2o%2BpMjHFV09vhDGfMYI8nzdPvhhD7L0FnU1%2F8BAr%2FQ6R5gO3NEQJLfHMwHCGysnGXx2t7RNBWlWi6gWt"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 77d482100c2d0b4b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 21 Dec 2023 23:48:21 GMT

GET
H2 200 bootstrap.css
villainessturnshourglass.online/wp-content/themes/Ifenzi/css/ 122 KB
21 KB 672ms
670ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-content/themes/Ifenzi/css/bootstrap.css
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 068a51dcd4d054caf1b2fdbc4370b8e8ac16e5ec3609846d8ed1158d2d723813

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 05 Oct 2021 20:52:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jpVVJoBPNW0Hyl5hT8hOhCNQDerHtMX74INhjGX93NODgFIHzciQXNCn57ghsPXOTNuDoBv7cH2keHz5PSLO64OHdeH6TizINqjRBn%2F8pRVfE4T1RSc8zWWo%2Bj6gdbNw%2Br0PmqGqV2CM8xoCzuWAQHi0%2FxX3E6UGKhpwzgcu"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 77d482100c2e0b4b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 21 Dec 2023 23:48:21 GMT

GET
H2 200 style.css
villainessturnshourglass.online/wp-content/themes/Ifenzi/ 24 KB
7 KB 483ms
481ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-content/themes/Ifenzi/style.css
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b358fb569197e71a9e01ba7cffddd59643ddeebb16862542c60f4bd621160320

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 05 Oct 2021 20:52:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T6GX%2FrIhRvFFXoALKyNs5jMO5NHau7zqYJuFrsI3q%2F3W6WmHNYqmLciaLq5ln3nPsLtdVDuaaOrjTfLcefRXMlqAuOGrCK0JvAkoAmiLn4ZYam3hEZDpvjcfk3cCV%2BcxWPygJabCtBDcI7KbfSOLC%2F5mQ1HTPwpReebHaRlE"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 77d482100c2f0b4b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 21 Dec 2023 23:48:21 GMT

GET
H2 200 font-awesome.min.css
villainessturnshourglass.online/wp-content/themes/Ifenzi/font-awesome/css/ 23 KB
6 KB 510ms
508ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-content/themes/Ifenzi/font-awesome/css/font-awesome.min.css
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 05 Oct 2021 20:52:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HNeZfPJtGp8VAWgYkuU6jfAh2%2FAkIvxNgoOPPLYLYRpxtg7kr%2FYUTG2kXGI4w%2Fo%2BO5tguRMOGFTfjzLg0jBYxOAM8RYgB1P4V66iGQr%2Bp4j8vErjHZN1ziwz8tubTz%2BU6JFrRaFMXviRJYtEo%2FcggIXRSqB0l7o2QaSpSEXk"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 77d482100c300b4b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 21 Dec 2023 23:48:21 GMT

GET
H2 200 css
fonts.googleapis.com/ 7 KB
1 KB 199ms
45ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400,300italic,700,700i|Source+Sans+Pro:400,400italic

Requested by

Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7d9e1488be90235f9cec4b6690a0184ee3215fb123469bc141b82699abb6bbb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 21 Dec 2022 22:56:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 21 Dec 2022 23:48:21 GMT

GET
H2 200 easy-social-share-buttons.min.css
villainessturnshourglass.online/wp-content/plugins/easy-social-share-buttons3/assets/css/ 71 KB
11 KB 680ms
679ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-content/plugins/easy-social-share-buttons3/assets/css/easy-social-share-buttons.min.css
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e9f66bc80ade82afeee6d178ee563011c16c68547cbf33e742f07f70028ddcca

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sat, 24 Sep 2022 00:38:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GGWQfq8ovIVt3Bav%2BuxUeOrejGjQGqMjFqskxoHSlVX2ERHEyE5gh2JjlqtcPn%2Boj%2F9OqFHhAICS8OlvHVQ1hM%2Fw5E4Z%2FG6UwFUiALnpxIxwJ1U8pk4WHwQEd0vN7VZw5Zq7IaKcxZnb7ct%2FjhS62mDp9izNjvcV3TzY1wwK"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 77d482100c310b4b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 21 Dec 2023 23:48:21 GMT

GET
H2 200 jquery.min.js Show response
villainessturnshourglass.online/wp-includes/js/jquery/ 87 KB
32 KB 762ms
760ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-includes/js/jquery/jquery.min.js
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 06 Oct 2021 17:56:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fcGOxlam8yFhL38%2FauXT0jZaVDgyGQF%2FBWOFBxdXkOYuWJIR5fK9tuT5ZzVZcJuuoHctE45B%2F%2FlUf4EqyW0L4S%2BCOhhrLw%2FOeq0ESCobIi0ASBCKacW2PhcwsZ8vNJzSupQPLEfy1dRNPpP1Xo8QaCZ3OjfIba0kKXhJqK12"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 77d482100c320b4b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 21 Dec 2023 23:48:21 GMT

GET
H2 200 dark-mode.js Show response
villainessturnshourglass.online/wp-content/plugins/wp-dark-mode//assets/js/ 111 KB
30 KB 42ms
40ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-content/plugins/wp-dark-mode//assets/js/dark-mode.js
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8277612008fbd4b33ad1ad2f5d357517be701fee46e184bb283c5f42c5a02cb6

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 31076
cf-polished: origSize=183317
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 06 Oct 2021 17:57:10 GMT
server: cloudflare
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=guNM73gqKD%2Fj%2FrOhJyr3cDzEikux0LBHV6Sn9Ssexh7a2CbRlKyZAMh89S3JUy%2Fu7arF%2FfzafcG0QkZWfdr65IYn6YGG2aVyXIHPUcVa9uX0bV4XOFev4QtCoOPjAhfDhxdt%2FQZNWplRIMvPHUpc1lVkmoXaAHTtqyfnCOIA"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 77d482100c330b4b-AMS
expires: Thu, 21 Dec 2023 15:10:24 GMT

GET
H2 200 agent.js Show response
cdn.purpleads.io/ 65 KB
19 KB 55ms
48ms Script
application/javascript 13.32.27.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.purpleads.io/agent.js?publisherId=fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-27.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 46cce4c9a098122fafa7c570d1e91a20c695decf19a2e65dee2e8ce57cda9e88

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 14:44:57 GMT
content-encoding: gzip
via: 1.1 dca6db3c8f31f3cd48bb06d78a8be624.cloudfront.net (CloudFront)
last-modified: Thu, 15 Dec 2022 10:53:45 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C2
age: 32605
etag: "bf50d3fb07f697488c398a5cb8c8db3a"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 19305
x-amz-cf-id: XJRNieD8h2iLiAGviXig5F1wqH0ljQz8fVFdx1_PvIxfJgIQ-QK5SA==

GET
H2 200 load.js Show response
cdn.purpleads.io/ 35 KB
9 KB 187ms
38ms Script
application/javascript 13.32.27.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.purpleads.io/load.js?publisherId=fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-27.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3a8ded135053e9ec32f3bbf8aa5a3c728d8110f02a4f709f3dfce447cfa19a65

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 14:44:58 GMT
content-encoding: gzip
via: 1.1 dca6db3c8f31f3cd48bb06d78a8be624.cloudfront.net (CloudFront)
last-modified: Wed, 07 Dec 2022 12:43:44 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C2
age: 32604
etag: "9b33eb26127112a735040cdf2bf73369"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 8656
x-amz-cf-id: NY6EmjTCP1ObrxstwWiSVjdgzO-Nspnd_hCCyUZ3x96JVOEcnYlAdg==

GET
H2 200 TQJyck5.jpg
i.imgur.com/ 51 KB
51 KB 156ms
47ms Image
image/jpeg 199.232.16.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/TQJyck5.jpg

Requested by

Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.16.193 Vienna, Austria, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

082dad19fa9f0f35c15027a26a3d1e1f7bb9eabfbd1af1ee9235a3ca96a8cbf4

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:22 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
age: 3175543
x-cache: HIT, HIT
content-length: 52196
x-served-by: cache-iad-kcgs7200035-IAD, cache-vie6368-VIE
last-modified: Sat, 01 May 2021 14:53:26 GMT
server: cat factory 1.0
x-timer: S1671666502.065325,VS0,VE1
etag: "56a558aa7c5161bf7346f410b2ccea75"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H3 200 icons.css
villainessturnshourglass.online/wp-content/plugins/shortcodes-ultimate/includes/css/ 37 KB
9 KB 603ms
602ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-content/plugins/shortcodes-ultimate/includes/css/icons.css
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c087c3e6882fae966a431bb979d17bf8af58ce38101213a5eafa6c10bf7e0ac

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:22 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 03 Nov 2022 03:14:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NDtYzo5blAEembyZXWislTe2QzekcERI95aKT46u4S5wOLgawT8PGD1TXFe02DZpS%2BMUZ%2FZ3Nc6TG2%2FlvZKMG9GQG6l2b7K5TTXrIQm9%2F6qm6K04vtBjBwKyLbMUtQ7a3Kq0CkiKJHe%2Bw06lbwY3HpnnNMcRl8nraJ7kBXjX"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 77d482145d500eb4-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 21 Dec 2023 23:48:22 GMT

GET
H3 200 shortcodes.css
villainessturnshourglass.online/wp-content/plugins/shortcodes-ultimate/includes/css/ 44 KB
9 KB 35ms
35ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-content/plugins/shortcodes-ultimate/includes/css/shortcodes.css
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1690266a4def354da2feda545468781eefe065dab28c28e115ef23160308206b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 742116
cf-polished: origSize=45539
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 03 Nov 2022 03:14:40 GMT
server: cloudflare
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m3sBW1ZDzP3YibJJHBD0sZVTNj264vK%2BMaDz0H0mFpMu%2FkXjg9V78eHFAJvbykvsb4aiWO87%2BgQAf6J7troe7o5%2FnqbYjWrzi5BdKwueBBx5%2F5L8VcMiKPsTBCiEdV55ZGexvBLWzAh51uqD6lkM4Bk8%2FYo7Q1aJel79YHTy"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 77d48214fdd20eb4-AMS
expires: Wed, 13 Dec 2023 09:39:45 GMT

GET
H3 200 regenerator-runtime.min.js Show response
villainessturnshourglass.online/wp-includes/js/dist/vendor/ 6 KB
3 KB 35ms
34ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-includes/js/dist/vendor/regenerator-runtime.min.js
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e87a1c5e24f9a7c7dcb437417f0b05b0a3c12947ce32d65c990c988a8b5ed4d7

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Oct 2021 17:56:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4300464
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9jAPR5o1vaC6Kmj3Xq3r5Cl1qnCjUPDK%2F8IoLnXIWGP4tmOsiygUDW9WfQm6c6MQDj%2BWVZ4jBYy1BOyGW4VOL5mLc%2FoEo4rTU%2BaTJ4ShlYlIGx%2FjsytFq20RcyRHUO4J0NtjLUEHOYywR6h9475XB0k5Jt7q5zjztyxslUhD"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 77d482152dee0eb4-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 02 Nov 2023 05:13:56 GMT

GET
H3 200 wp-polyfill.min.js Show response
villainessturnshourglass.online/wp-includes/js/dist/vendor/ 16 KB
7 KB 64ms
58ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-includes/js/dist/vendor/wp-polyfill.min.js
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 293913879d30bab7499013e935009f5183facbddd63bfc9656a859622590b80b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Oct 2021 17:56:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3140977
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zY0qxoqt4jrE5kJiO%2BB%2F%2B1LfRYe7fbbElhOUMWJOJhdNNjNoQTT9xVfeAe6GgTs8Qxi9kzN6vMWFV6lTPs9i0gsobmil%2F%2F0JIE7NpJ0cagPh8KKgIE996HxPGegU%2FEFsLRtSIiXS%2BisN3bTklmX2n6OVjiDBiZuNc8UyoaY8"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 77d482152df40eb4-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Wed, 15 Nov 2023 15:18:44 GMT

GET
H3 200 index.js Show response
villainessturnshourglass.online/wp-content/plugins/contact-form-7/includes/js/ 13 KB
5 KB 39ms
34ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-content/plugins/contact-form-7/includes/js/index.js
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eea0b9621509f98be77c5af1e9b5c952a675bda2b27c419876364017069e0c19

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4300465
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 05 Oct 2021 20:52:34 GMT
server: cloudflare
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tUBu6n9iuycbp3Q%2BiIHgi2qetbWUdUFT4hR%2Bji9B2GD99Q9EfJxEpLczwCXSqXHUDYFG7jA8mCnDF0JMAZFs9Tex6Mr4NemWuuP3iJhHjy76KZ04MeVfal%2F0KcBeM47XXFWjz%2F6S1ZtAXBJI8dTM%2BS6TZLqwPwb%2FnR3QxIER"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 77d482152df60eb4-AMS
expires: Thu, 02 Nov 2023 05:13:56 GMT

GET
H3 200 underscore.min.js Show response
villainessturnshourglass.online/wp-includes/js/ 19 KB
8 KB 88ms
83ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-includes/js/underscore.min.js
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5dacc86b8a64742e60d70192353e5643da219a3f84c0b26cf6116b06b67fff32

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Oct 2021 17:56:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4300464
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CwqMtVck0W%2FemkuG8AVYyi0TGYD%2B%2BgSBU6p5eUGAVlFqDm6THK116jnggAZeQ2sDzcqv%2F42aqP5H13ytsnTEGkbiSL%2ByUMRKe5N0YE8epspOgDZkSEoWE6UpHpjHpHGeXnUgSs%2BSuV8Qm0uIQmzayHbjU20evssLcT2e76pm"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 77d482152df70eb4-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 02 Nov 2023 05:13:56 GMT

GET
H3 200 wp-util.min.js Show response
villainessturnshourglass.online/wp-includes/js/ 1 KB
1 KB 91ms
86ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-includes/js/wp-util.min.js
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8e78b48acc08ce31457aff168d6fb2c814d51a8739a97693cdba585d60f5b35

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Oct 2021 17:56:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1917772
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pAfscmtLYKXKb2ElZfI7Z5%2Bx2KwRHmhMCHp%2F%2BrGlpOJFIQp80KFwYcoIXOvP1P3pPcfZVaUd0qr%2BI3dfUN0kmp2xaMbKxmcJExsYLbpVrUm8ylzIMa01ubYvSXcjvgA7UcZFpM21xXtGZYSZYu0fmo66cwIE7l2zXE0SiQwY"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 77d482152df80eb4-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Wed, 29 Nov 2023 19:05:29 GMT

GET
H3 200 frontend.min.js Show response
villainessturnshourglass.online/wp-content/plugins/wp-dark-mode//assets/js/ 5 KB
2 KB 92ms
87ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-content/plugins/wp-dark-mode//assets/js/frontend.min.js
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9dd3a1326f714eee263d0cf46a7d3e04da82774573de40c6a2ff9094654e7dbd

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Oct 2021 17:57:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4300465
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bWxP0R%2FOw4CFr9uJhn80CSOgDPViwdyfw6ifb5daiXMQPihFPtSDy8xVlfcJQpoPNAR9q3Ru%2FJ0eb5JTlWHqQvSRCvOyZYfafw%2Fzj8uae%2Biv%2FL4vAr2Xvgj3yMhKcDfC6L4M7oG0verWU8k0unVt%2F8OsmIKVnfTClEZhIgcY"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 77d482152dfa0eb4-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 02 Nov 2023 05:13:56 GMT

GET
H3 200 bootstrap.js Show response
villainessturnshourglass.online/wp-content/themes/Ifenzi/js/ 36 KB
10 KB 59ms
54ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-content/themes/Ifenzi/js/bootstrap.js
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 835f79262dd6633b91d8bbfeb62f78afa60dbd0a40072b402c1d3ed2a6d4a410

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 527334
cf-polished: origSize=36790
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 05 Oct 2021 20:52:34 GMT
server: cloudflare
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=leVe9%2FOZ1pK9HwmqExGfDVGJzsHW9ISvkZb2JFGjmK4X6xDn6gV6yfbiOfXiSS%2F3XegVbPi08eHznJzvHaTg%2BQEbcni%2FsM8O%2Bu1x0r%2BUd%2BJMEGi4oSVfIO72cUCOt3KJg%2B5IPB97NZN4TBJCVecSUkNTQAZPSLItJxxkI%2BHq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 77d482152dfc0eb4-AMS
expires: Fri, 15 Dec 2023 21:19:27 GMT

GET
H3 200 skip-link-focus-fix.js Show response
villainessturnshourglass.online/wp-content/themes/Ifenzi/js/ 588 B
846 B 88ms
83ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-content/themes/Ifenzi/js/skip-link-focus-fix.js
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b2ff39ccfc80daf66110e4b104956bc70911dec5c51764de1c19422439a34ba5

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4300465
cf-polished: origSize=751
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 05 Oct 2021 20:52:34 GMT
server: cloudflare
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S7J%2FCSQPsVEWKGuVfLIe%2FyG%2FtrQQcKn%2BVbMyI7H1NuZquQSgL4vpdszRUwKg%2Frw77UWpBrA9EHOeWDiOyibZMFqOF2Z70U8rKPlmI5m7rleN4dJbGsRmQsJ14v%2FQAalW8ZEXDNLfhXeC76yN64a38VAHl%2Bk0C%2Fv2mILlZKKg"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 77d482152dfd0eb4-AMS
expires: Thu, 02 Nov 2023 05:13:56 GMT

GET
H3 200 lighthouse.js Show response
villainessturnshourglass.online/wp-content/themes/Ifenzi/js/ 1010 B
938 B 36ms
31ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-content/themes/Ifenzi/js/lighthouse.js
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 110c7932b78e1f27d049f7a3718b9099a8aba3fba09a65e7e22d771661c58022

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 742116
cf-polished: origSize=1100
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 05 Oct 2021 20:52:34 GMT
server: cloudflare
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=93IEwIlV1PX5949f7%2Bc1Ck7yHopKB8iS3aLoyV7MrNpX8o%2BTmPZ4qZSQlQRTkP3lFUSCUSzs4auOfYAqCozCJElqTaS%2FB%2FWIo6hGhYWjHAMLvNucYohL0locvOAeGX81v8%2BZ59eVbZMYKYKeiAyMuemOQzrzT9rhCrKHg1Pi"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 77d482152dfe0eb4-AMS
expires: Wed, 13 Dec 2023 09:39:45 GMT

GET
H3 200 wp-embed.min.js Show response
villainessturnshourglass.online/wp-includes/js/ 1 KB
1 KB 88ms
83ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-includes/js/wp-embed.min.js
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 05 Oct 2021 20:52:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4300465
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mUonoEixR10oRJvddfIUx%2B1HRKCeAiRUxMxhM3k3qQOYkrmY6hYZyYItMzAMMz4kdtG6%2B2S%2B10cqzl8cGpBR6LdYI8UBKJoKqSWyLTQi8X54UAMyhnC%2BrrOY7wnLejHOInJk1iricqQrRCL5cwvlDoK%2F7DRYSS%2BdZEt4AoLh"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 77d482152e000eb4-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 02 Nov 2023 05:13:56 GMT

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 101ms
36ms Script
application/javascript 2606:4700::6812:e134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalSDK.js?

Requested by

Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d12c6745eca14e06d4dea70f4c2bd875769b349770d04300477ab18d0db005d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:22 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 681
etag: W/"ae63ef8ff03da61fffaa7f165729897a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 77d482159996b8bb-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sat, 24 Dec 2022 23:48:22 GMT

GET
H3 200 index.js Show response
villainessturnshourglass.online/wp-content/plugins/shortcodes-ultimate/includes/js/shortcodes/ 15 KB
5 KB 91ms
86ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-content/plugins/shortcodes-ultimate/includes/js/shortcodes/index.js
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 340360366739b1523bc21f969f4a95b9dd94014c07afa9d4789f639b54094d24

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3140977
cf-polished: origSize=15792
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 03 Nov 2022 03:14:40 GMT
server: cloudflare
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6PsGjLoP0tzXYPhpOTfYJgqWVorEKVEYpEMFFpCibnfgsjnT84EF7dJGEH1T4d6eZnoiRD4rAzojqUf1NmXCcxImjwggt7Gr8vIpXafNQuClgiYkvb%2FLW32traIZXSRX69HomYm%2B8gMAjz3IWMTJZtRIuvj1sUG%2Fy5gEDWll"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 77d482152e020eb4-AMS
expires: Wed, 15 Nov 2023 15:18:44 GMT

GET
H3 200 2566c291e59e185c12a331fef1e235f3.js Show response
villainessturnshourglass.online/wp-content/easysocialsharebuttons-assets/compiled/ 51 KB
13 KB 91ms
87ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-content/easysocialsharebuttons-assets/compiled/2566c291e59e185c12a331fef1e235f3.js
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: db345883b20676c2cba35420a4a0aa209de295947784747e70aa602838652364

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 78455
cf-polished: origSize=51961
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Mon, 11 Apr 2022 01:36:42 GMT
server: cloudflare
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OjbbdR9TSdtiupuFC4E85XdqZbAibSM8fcK5FpSI6%2F4yttHu7c9bYKiPCxQ3TiQlAONBE%2BQFhdQp1cSbutOmbRwJeX8ui6Mh%2BhDRP1CqKNPwFxo6zlCDvCubQ%2F2ML47uIh1ZekdXU3tmifbwI12yvePQHdT9bcKOIdVqbojS"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 77d482152e030eb4-AMS
expires: Thu, 21 Dec 2023 02:00:46 GMT

GET
H3 200 lazyload.min.js Show response
villainessturnshourglass.online/wp-content/plugins/wp-rocket/assets/js/lazyload/16.1/ 8 KB
3 KB 35ms
31ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-content/plugins/wp-rocket/assets/js/lazyload/16.1/lazyload.min.js
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e86a52a9858206302e32036d89907e3ac87762055e7f9c6364aec33221b3e41

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 05 Oct 2021 20:52:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4300465
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PR3h0VFZTdM%2FaUhil8rJVmf30RHYpTH1jjtXP4XLbPAv09R1wmUmPXXl3RTuB6Zepe8cNr6ikVScFatR%2BczOuojH1uK7za8a1OEg855MWfxtSmGY1Yb8sQnb6uRMunmaPcGZ9jfHxK0Xv%2BnCuOoHeERUCTHZ2Hh5Cj2cLDzE"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 77d482152e050eb4-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 02 Nov 2023 05:13:56 GMT

OPTIONS
H2 200 /
api.purpleads.io/x/ Frame 0
0 322ms
101ms Preflight 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/?ts=1671666501934
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://villainessturnshourglass.online
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:22 GMT
x-request-id: 68231689-8564-4768-b688-f2901ea2c5c3

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 123ms
31ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 21 Dec 2022 21:50:44 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 7058
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Wed, 21 Dec 2022 23:50:44 GMT

GET
H2 200 / Show response
api.purpleads.io/x/ 3 KB
2 KB 368ms
164ms Fetch
application/json 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/?ts=1671666501934
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/load.js?publisherId=fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash: 1c9a3419e797140772229ebcf61f8b191ef8e5c1c636843a9cd6449ba8fd2dcc

Request headers

x-request-url: aHR0cHM6Ly92aWxsYWluZXNzdHVybnNob3VyZ2xhc3Mub25saW5lLw==
accept-language: nl-NL,nl;q=0.9
Authorization: Bearer fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://villainessturnshourglass.online/
x-purpleads-version: 1.0.10

Response headers

date: Wed, 21 Dec 2022 23:48:22 GMT
content-encoding: gzip
pa-user-id: 81602fdc-03cc-4c78-83bd-fd72a1d27dd1
etag: W/"d44-ICT/OU1oD4oCrcu+IzBl2DaFYEQ"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://villainessturnshourglass.online
access-control-allow-credentials: true
x-request-id: 451dd149-da17-40f0-bf46-32496365ab0a

GET
H/1.1 200
OK popunder1000.js Show response
a.exdynsrv.com/ 94 KB
40 KB 144ms
32ms Script
application/javascript 2001:4de0:ac19::1:b:1b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.exdynsrv.com/popunder1000.js
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2001:4de0:ac19::1:b:1b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 394e2eff54c931c4def55131d8c46a20775bc1b49d96a6af5b25906942f64b8f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 21 Dec 2022 23:48:22 GMT
Content-Encoding: gzip
Server: nginx
etag: W/"2ca7f70f5b8e8b292b24e1040ee"
X-HW: 1671666502.dop008.am5.t,1671666502.cds113.am5.shn,1671666502.dop008.am5.t,1671666502.cds134.am5.c
Content-Type: application/javascript
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=10800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 40934

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
23 KB 117ms
38ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,300italic,700,700i|Source+Sans+Pro:400,400italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://villainessturnshourglass.online
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 20 Dec 2022 17:07:14 GMT
x-content-type-options: nosniff
age: 110468
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23040
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Dec 2023 17:07:14 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
23 KB 149ms
72ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,300italic,700,700i|Source+Sans+Pro:400,400italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://villainessturnshourglass.online
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 18 Dec 2022 11:05:12 GMT
x-content-type-options: nosniff
age: 304990
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Dec 2023 11:05:12 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ 13 KB
13 KB 110ms
32ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,300italic,700,700i|Source+Sans+Pro:400,400italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://villainessturnshourglass.online
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 19 Dec 2022 17:43:57 GMT
x-content-type-options: nosniff
age: 194665
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13036
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Dec 2023 17:43:57 GMT

GET
H3 200 fontawesome-webfont.woff2
villainessturnshourglass.online/wp-content/themes/Ifenzi/font-awesome/fonts/ 55 KB
56 KB 880ms
880ms Font
font/woff2 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-content/themes/Ifenzi/font-awesome/fonts/fontawesome-webfont.woff2?v=4.3.0
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/wp-content/themes/Ifenzi/font-awesome/css/font-awesome.min.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c

Request headers

Referer: https://villainessturnshourglass.online/wp-content/themes/Ifenzi/font-awesome/css/font-awesome.min.css
Origin: https://villainessturnshourglass.online
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:22 GMT
cf-cache-status: MISS
last-modified: Tue, 05 Oct 2021 20:52:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nH2C5Wb6R2%2Fx7uF5LfEX1Z1ZshgvSh7tLaW8hasU53kG8r1F1qSAKIF7oC401W85tUptIJH7Vpxq0Qp7CBcTAImJdcpZEk0TwVHLtr0pwQaSOHNES8gWnkOJoGLOITA6OsPvtupTull88bQMgzHbKxpMDv7kelwJkvaAYLiu"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: public, max-age=10368000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 77d482161eeb0eb4-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 56780
expires: Thu, 20 Apr 2023 23:48:22 GMT

GET
H3 200 6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ 12 KB
12 KB 100ms
32ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,300italic,700,700i|Source+Sans+Pro:400,400italic

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e286a9ef7d2064a4cf7026449941a557c7123aa84ef2a17cf79a38820f5474bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://villainessturnshourglass.online
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 20:15:45 GMT
x-content-type-options: nosniff
age: 12757
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12580
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:19:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 21 Dec 2023 20:15:45 GMT

OPTIONS
H2 200 init
api.purpleads.io/x/ Frame 0
0 101ms
101ms Preflight 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/init?ts=1671666502167
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://villainessturnshourglass.online
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:22 GMT
x-request-id: 4e36012c-ff49-44c5-a19b-9128dea0b098

GET
H2 200 init Show response
api.purpleads.io/x/ 86 B
393 B 333ms
141ms Fetch
application/json 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/init?ts=1671666502167
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash: da5db7d32efd4567f03c3fb6f91bd363d97c184f81c2f35808e401ca32922cec

Request headers

x-request-url: aHR0cHM6Ly92aWxsYWluZXNzdHVybnNob3VyZ2xhc3Mub25saW5lLw==
accept-language: nl-NL,nl;q=0.9
Authorization: Bearer fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://villainessturnshourglass.online/
x-purpleads-version: 2.3.7

Response headers

date: Wed, 21 Dec 2022 23:48:22 GMT
etag: W/"56-vtCsrNOREAKDS+WJLXp3FqFOMs4"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://villainessturnshourglass.online
access-control-allow-credentials: true
content-length: 86
x-request-id: a5fa4e81-0d93-4532-9f18-176e0ecd2ee6

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 103ms
39ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=998732039&t=pageview&_s=1&dl=https%3A%2F%2Fvillainessturnshourglass.online%2F&ul=en-us&de=UTF-8&dt=The%20Villainess%20Turns%20the%20Hourglass%20Manga%20online&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1987823068&gjid=1544717091&cid=526885979.1671666502&tid=UA-225360440-5&_gid=654322946.1671666502&_r=1&_slc=1&z=1256690759

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://villainessturnshourglass.online/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 21 Dec 2022 23:48:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://villainessturnshourglass.online
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 121ms
120ms Preflight 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=0&pid=a6255054192044719ba7aa4045cb910e&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=ecc4ab14-3c93-48a7-9179-d1384628ddb2&ts=1671666502398
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://villainessturnshourglass.online
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:22 GMT
x-request-id: 3aba2730-8e1f-4b2b-be62-70f059f70ba6

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 103ms
102ms Preflight 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=1&pid=a6255054192044719ba7aa4045cb910e&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=76292c6b-d5e6-4455-b2dd-7686196d7699&ts=1671666502400
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://villainessturnshourglass.online
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:22 GMT
x-request-id: 8e5ac110-7b84-4641-aae0-b365b4c19d90

GET
H2 200 / Show response
api.purpleads.io/x/b/ 2 KB
2 KB 159ms
158ms Fetch
application/json 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=0&pid=a6255054192044719ba7aa4045cb910e&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=ecc4ab14-3c93-48a7-9179-d1384628ddb2&ts=1671666502398
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash: 8f3990f520750adc28d17f3e1f3e8480c8335d6137b7e94b9b75ff7bad2492c9

Request headers

x-request-url: aHR0cHM6Ly92aWxsYWluZXNzdHVybnNob3VyZ2xhc3Mub25saW5lLw==
accept-language: nl-NL,nl;q=0.9
Authorization: Bearer fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://villainessturnshourglass.online/
x-purpleads-version: 2.3.7

Response headers

date: Wed, 21 Dec 2022 23:48:22 GMT
content-encoding: gzip
pa-user-id: fd44f77e-682c-457b-8309-503c00902297
etag: W/"9d3-xyMjW1L9FTXivQ+gVmT8fsPpR/Q"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://villainessturnshourglass.online
access-control-allow-credentials: true
x-request-id: 83d9ec7d-ab82-4c56-9b75-79bfcc74f26f

GET
H2 200 / Show response
api.purpleads.io/x/b/ 2 KB
2 KB 155ms
155ms Fetch
application/json 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=1&pid=a6255054192044719ba7aa4045cb910e&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=76292c6b-d5e6-4455-b2dd-7686196d7699&ts=1671666502400
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash: 16424cca6c89ec7827a4f392fb918b2781f9d3d3f98c1629c8de129c1de5b7d5

Request headers

x-request-url: aHR0cHM6Ly92aWxsYWluZXNzdHVybnNob3VyZ2xhc3Mub25saW5lLw==
accept-language: nl-NL,nl;q=0.9
Authorization: Bearer fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://villainessturnshourglass.online/
x-purpleads-version: 2.3.7

Response headers

date: Wed, 21 Dec 2022 23:48:22 GMT
content-encoding: gzip
pa-user-id: 7a267574-8c73-4203-9f1c-8e70dca4d759
etag: W/"9d3-lOWN4ogOeVQcGEkCZKEk9hFIj/4"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://villainessturnshourglass.online
access-control-allow-credentials: true
x-request-id: 5620056c-a68a-49d7-a424-6947cf7802c9

GET
H3 200 forkawesome-webfont.woff2
villainessturnshourglass.online/wp-content/plugins/shortcodes-ultimate/vendor/fork-awesome/fonts/ 107 KB
108 KB 33ms
33ms Font
font/woff2 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://villainessturnshourglass.online/wp-content/plugins/shortcodes-ultimate/vendor/fork-awesome/fonts/forkawesome-webfont.woff2?v=1.2.0
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/wp-content/plugins/shortcodes-ultimate/includes/css/icons.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8810ba3440bf482ced33d2f74b7803bba711f689d8e4caa7da5c6ae6844a1b49

Request headers

Referer: https://villainessturnshourglass.online/wp-content/plugins/shortcodes-ultimate/includes/css/icons.css
Origin: https://villainessturnshourglass.online
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 948394
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 109916
last-modified: Thu, 03 Nov 2022 03:14:40 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BVa5gThyHnBI9TENz5MyJAi7MqLvY36F5TUNvVZJ94NUoXOtdqYYfZcJfyvn4viWpNLR%2BL7Eu9QOXJrEZWYofO%2FIuBaAFQChcI0LjsEDmE%2FkgtAZG%2FZXIBzCvIx%2BUCLDw6JODexcZxse9gTuTHAwFRI8XFcJJaY%2FIolmjtSz"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: public, max-age=10368000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 77d4821829240eb4-AMS
expires: Mon, 10 Apr 2023 00:21:48 GMT

GET
H3 200 OneSignalPageSDKES6.js Show response
cdn.onesignal.com/sdks/ 283 KB
68 KB 70ms
41ms Script
application/javascript 2606:4700::6812:e134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151514

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

843114448aaeeda7e8caa0cf76d61e0c63b8bffccd34517483363fdb15cdc80c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:22 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 346
etag: W/"2f96824aee4bf927e734cc519e3e726d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 77d48218c9cd1ca2-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sat, 24 Dec 2022 23:48:22 GMT

GET
H2 200 web Show response
onesignal.com/api/v1/sync/7c39e3c9-c2a3-4f4a-b4cf-ce5e1c4c41d3/ 3 KB
2 KB 83ms
69ms Script
text/javascript 2606:4700::6812:e134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/sync/7c39e3c9-c2a3-4f4a-b4cf-ce5e1c4c41d3/web?callback=__jp0

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151514

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7d1f9c9db3c939f3ccaf9eff5fcf3d8f7ceaf74dd05928c783e1773498428b2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:22 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
status: 200 OK
x-envoy-upstream-service-time: 28
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 18ccf87f-49e7-4f00-8a42-3beca3d00daf
x-runtime: 0.026650
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"7d1f9c9db3c939f3ccaf9eff5fcf3d8f"
x-download-options: noopen
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
cf-ray: 77d482198d19b8bb-AMS
access-control-allow-headers: SDK-Version
expires: Thu, 22 Dec 2022 00:48:22 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame DF82 80 KB
27 KB 138ms
51ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d4760a6aa7f6fdba7e29114a884ea592eb532db4e41b6dbbca912c464f45586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27542
x-xss-protection: 0
server: sffe
etag: "1428 / 52 of 1000 / last-modified: 1670587517"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 21 Dec 2022 23:48:22 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 4CEE 80 KB
27 KB 158ms
84ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d4760a6aa7f6fdba7e29114a884ea592eb532db4e41b6dbbca912c464f45586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27542
x-xss-protection: 0
server: sffe
etag: "1428 / 80 of 1000 / last-modified: 1670587517"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 21 Dec 2022 23:48:22 GMT

GET
H3 200 OneSignalSDKStyles.css
onesignal.com/sdks/ 82 KB
9 KB 35ms
35ms Stylesheet
text/css 2606:4700::6812:e134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151514

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:22 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 346
etag: W/"4e9aaefffd5f8ae7dc83361aa2294190"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=2592000
cf-ray: 77d4821a0ac51ca2-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Fri, 20 Jan 2023 23:48:22 GMT

GET
H3 200 icon Show response
onesignal.com/api/v1/apps/7c39e3c9-c2a3-4f4a-b4cf-ce5e1c4c41d3/ 184 B
613 B 81ms
52ms Fetch
application/json 2606:4700::6812:e134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/apps/7c39e3c9-c2a3-4f4a-b4cf-ce5e1c4c41d3/icon

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151514

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c468201a34ec357ea756528c71c9245d13575b33bcda5b1566b607b026de1b3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:22 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
content-encoding: br
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
status: 200 OK
x-envoy-upstream-service-time: 9
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 067dfa0b-6e21-4e54-8d92-033998091600
x-runtime: 0.006631
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"c468201a34ec357ea756528c71c9245d"
x-download-options: noopen
vary: Accept, Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
cf-ray: 77d4821a8bb1b7c6-AMS
access-control-allow-headers: SDK-Version

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 107ms
106ms Preflight 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=2&pid=a6255054192044719ba7aa4045cb910e&sizes=[[160,600],[120,600]]&slotid=a1480228-24cd-48d1-981b-8006b6c644a2&ts=1671666502773
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://villainessturnshourglass.online
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:22 GMT
x-request-id: 4520f193-f82a-435d-b03a-85be59f4090d

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 105ms
105ms Preflight 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=3&pid=a6255054192044719ba7aa4045cb910e&sizes=[[160,600],[120,600]]&slotid=9873314e-3d09-4a7c-8db3-bac08282856c&ts=1671666502773
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://villainessturnshourglass.online
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:22 GMT
x-request-id: 189172f6-c559-4346-8f91-67610f87b6f5

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 108ms
107ms Preflight 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=4&pid=a6255054192044719ba7aa4045cb910e&sizes=[[970,90],[728,90],[468,60],[320,100],[320,50],[300,100]]&slotid=0ed2b775-44cd-4978-b8d9-3ee85e75ca7c&ts=1671666502773
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://villainessturnshourglass.online
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:22 GMT
x-request-id: 31a0ce89-ecab-4e0e-8b92-e1efce623eb1

GET
H2 200 / Show response
api.purpleads.io/x/b/ 2 KB
2 KB 120ms
118ms Fetch
application/json 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=2&pid=a6255054192044719ba7aa4045cb910e&sizes=[[160,600],[120,600]]&slotid=a1480228-24cd-48d1-981b-8006b6c644a2&ts=1671666502773
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash: f64bc725ae1e403427dbeef77c40f9a9d4ea14f9149419cd88946c6b834c779e

Request headers

x-request-url: aHR0cHM6Ly92aWxsYWluZXNzdHVybnNob3VyZ2xhc3Mub25saW5lLw==
accept-language: nl-NL,nl;q=0.9
Authorization: Bearer fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://villainessturnshourglass.online/
x-purpleads-version: 2.3.7

Response headers

date: Wed, 21 Dec 2022 23:48:22 GMT
content-encoding: gzip
pa-user-id: 24dad075-d13f-40b0-ad2c-a1c0f0ead5bf
etag: W/"9ae-Gyww01FMdfVBUV1Ib9H6OdB4Zfg"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://villainessturnshourglass.online
access-control-allow-credentials: true
x-request-id: 5679b3db-6d24-4d99-9fd3-6d86f348052d

GET
H2 200 / Show response
api.purpleads.io/x/b/ 3 KB
2 KB 135ms
132ms Fetch
application/json 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=3&pid=a6255054192044719ba7aa4045cb910e&sizes=[[160,600],[120,600]]&slotid=9873314e-3d09-4a7c-8db3-bac08282856c&ts=1671666502773
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash: a06435a3a79ed963180111494f3dd8af548dd8310fb47cce7bfe94d580985650

Request headers

x-request-url: aHR0cHM6Ly92aWxsYWluZXNzdHVybnNob3VyZ2xhc3Mub25saW5lLw==
accept-language: nl-NL,nl;q=0.9
Authorization: Bearer fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://villainessturnshourglass.online/
x-purpleads-version: 2.3.7

Response headers

date: Wed, 21 Dec 2022 23:48:22 GMT
content-encoding: gzip
pa-user-id: 0d3f798b-755a-4348-a24d-c4b081efed9b
etag: W/"d34-A4TsElp3zcO5EPDjjqCxI7jtnYY"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://villainessturnshourglass.online
access-control-allow-credentials: true
x-request-id: 5f063e64-a1c0-4717-a0a9-ee78fa49464e

GET
H2 200 / Show response
api.purpleads.io/x/b/ 2 KB
2 KB 130ms
129ms Fetch
application/json 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=4&pid=a6255054192044719ba7aa4045cb910e&sizes=[[970,90],[728,90],[468,60],[320,100],[320,50],[300,100]]&slotid=0ed2b775-44cd-4978-b8d9-3ee85e75ca7c&ts=1671666502773
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash: 742147e0e3a1733eb78588826c4c80f376faeebe3fa914de767c59e3d8b399e3

Request headers

x-request-url: aHR0cHM6Ly92aWxsYWluZXNzdHVybnNob3VyZ2xhc3Mub25saW5lLw==
accept-language: nl-NL,nl;q=0.9
Authorization: Bearer fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://villainessturnshourglass.online/
x-purpleads-version: 2.3.7

Response headers

date: Wed, 21 Dec 2022 23:48:22 GMT
content-encoding: gzip
pa-user-id: 604d8563-d5a1-4f93-b424-8e4f12fd7623
etag: W/"9d2-ASXwKS/5EF/V64QFt44hXschewM"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://villainessturnshourglass.online
access-control-allow-credentials: true
x-request-id: 45406566-68be-4eea-a1ba-8261367fdec6

GET
H2 200 b5de7dab-73ba-44dd-9a33-cb14d78a39a6
img.onesignal.com/permanent/ 79 KB
79 KB 647ms
632ms Image
image/png 2606:4700::6812:e134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.onesignal.com/permanent/b5de7dab-73ba-44dd-9a33-cb14d78a39a6

Requested by

Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7da667cff6ec23817a7a9a4635e2bb7254c35e4009526267f1faec0f4fd05bcc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
x-amz-meta-cache-control: public, maxage=604800
cf-cache-status: MISS
strict-transport-security: max-age=15552000; includeSubDomains
x-amz-request-id: NYA0PM9DDQRG6HHV
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 80564
x-amz-id-2: /1FljVnz8iw6Om+Gi/SEGsnWFVuh0vYMAio7sNsCbLUTAwbGbqJaZY+eEi+V6DztS5Nw7Ty2XS8=
last-modified: Thu, 14 Apr 2022 22:57:50 GMT
server: cloudflare
etag: "a7261fcf9535d0075e1e289542ad2024"
vary: Accept-Encoding
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 77d4821b0e53b8bb-AMS
expires: Sat, 21 Jan 2023 23:48:23 GMT

GET
H3 200 pubads_impl_2022120501.js Show response
securepubads.g.doubleclick.net/gpt/ Frame DF82 380 KB
129 KB 108ms
40ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e288c4dc57f72a69a497baef524f41c57e1c6a414b09a5bde22cd5b2f1b7cdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 21:44:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7415
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131905
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 09:36:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 21 Dec 2023 21:44:47 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ Frame DF82 109 B
94 B 111ms
45ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=villainessturnshourglass.online

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

82613693f5ddb7fa0f78e558edfbbeaa939dffc936c57630108a46f5d8cf71fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69
x-xss-protection: 0
expires: Wed, 21 Dec 2022 23:48:22 GMT

GET
H3 200 pubads_impl_2022120501.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 4CEE 380 KB
129 KB 94ms
34ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e288c4dc57f72a69a497baef524f41c57e1c6a414b09a5bde22cd5b2f1b7cdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 21:44:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7415
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131905
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 09:36:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 21 Dec 2023 21:44:47 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ Frame 4CEE 109 B
94 B 112ms
54ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=villainessturnshourglass.online

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

82613693f5ddb7fa0f78e558edfbbeaa939dffc936c57630108a46f5d8cf71fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69
x-xss-protection: 0
expires: Wed, 21 Dec 2022 23:48:22 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame F3D7 81 KB
27 KB 68ms
68ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b4a64ae7b1ff9109e080260dddd91bdcfb69de758a24b2dd0303cac9c77af278

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27666
x-xss-protection: 0
server: sffe
etag: "1428 / 379 of 1000 / last-modified: 1670587582"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 21 Dec 2022 23:48:23 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame E060 81 KB
27 KB 67ms
67ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f9220bc792ffc0a11fa1dfab1a30988b6bd4bacf1f9a9b437dd621a2e5873102

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27666
x-xss-protection: 0
server: sffe
etag: "1428 / 607 of 1000 / last-modified: 1670587582"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 21 Dec 2022 23:48:23 GMT

GET
H2 200 prebid-2022-12-14.js Show response
cdn.psdn.xyz/ Frame EE5C 347 KB
112 KB 99ms
28ms Script
application/javascript 205.185.216.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.psdn.xyz/prebid-2022-12-14.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

205.185.216.10 , United States, ASN20446 (STACKPATH-CDN, US),

Reverse DNS

map2.hwcdn.net

Software

Resource Hash

b0cc0f37d2d9dff52ed354664a1a65f2282a7b66617b35e288c80909f4d2a831

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
last-modified: Wed, 14 Dec 2022 11:19:45 GMT
x-sp-metadata: HS256.CNfSjp0GEokBCiRjOWJkYjg2NC0xNmFhLTQ0ODgtOWEyYS02ZjlmMTRkMmI2M2YQgMGmkNnD+wIaBgjHto6dBiIOMzEuMjA0LjE1MC4xNDQo6JUCMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogM2U5YjIwNjEwMDk4YjZjOWJmZjk1Mzg1NmU1ODAxNmEaLAgBEiQyZDk5YmQwOC01MzMzLTQxMmQtYmZkYy00Njk5NTM1ZDA2NDEYnP0GIhgIAhIUY2RzMjMwLmFtNS5od2Nkbi5uZXQ=.xaGA7TJVQ6WkpKMfB/+wuZTor8wrwHtK7Xyf9+MU94c=
x-amz-request-id: tx0000000000001e3273a2f-006399bc43-34c6886a-nyc3b
etag: "1276363d62a712363e73660fb90e2cd7"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-hw: 1671666503.dop123.am5.t,1671666503.cds219.am5.hn,1671666503.cds230.am5.c
content-type: application/javascript
x-rgw-object-type: Normal
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 114332

GET
H3 200 pubads_impl_2022120601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame F3D7 381 KB
129 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120601.js?cb=31071222

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

949ef00ce71e069fc69a6b829771726245072e18e56b264c536837c459b3febf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 13:37:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 36649
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132161
x-xss-protection: 0
last-modified: Tue, 06 Dec 2022 09:39:55 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 21 Dec 2023 13:37:34 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ Frame F3D7 109 B
94 B 41ms
41ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=villainessturnshourglass.online

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

82613693f5ddb7fa0f78e558edfbbeaa939dffc936c57630108a46f5d8cf71fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69
x-xss-protection: 0
expires: Wed, 21 Dec 2022 23:48:23 GMT

GET
H2 200 integrator.js Show response
adservice.google.nl/adsid/ Frame DF82 107 B
792 B 116ms
42ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=villainessturnshourglass.online

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame DF82 107 B
549 B 283ms
154ms Script
application/javascript 2a00:1450:400d:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=villainessturnshourglass.online

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame DF82 21 KB
10 KB 333ms
332ms XHR
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1870840456077220&correlator=366532767108220&eid=31070873%2C31071094%2C31071299&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fif&iu_parts=21902364955%3A22652385948%2Ccm_pu_villainessturnshourglass.online_arts_and_entertainment_top%2Ccm_pu_villainessturnshourglass.online_arts_and_entertainment_btf_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C468x60%7C200x200%7C320x100%7C320x50%7C300x100&ifi=1&adks=604948289&sfv=1-0-40&eri=4&sc=1&cookie_enabled=1&abxe=1&dt=1671666503157&dlt=1671666502665&idt=468&adxs=276&adys=6265&biw=1600&bih=1200&isw=728&ish=90&scr_x=0&scr_y=0&btvi=1&ucis=3g8kmovkgvd&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=1&url=https%3A%2F%2Fvillainessturnshourglass.online%2F&top=villainessturnshourglass.online&frm=23&vis=1&psz=728x0&msz=728x0&fws=256&ohw=0&ea=0&ga_vid=526885979.1671666502&ga_sid=1671666503&ga_hid=666482646&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

63a3c80a33a3403e62e43a661d908be553b740a9a7770044b7ea36ca7cbf2375

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9869
x-xss-protection: 0
google-lineitem-id: 6133906979
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138407859879
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://villainessturnshourglass.online
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame DF82 14 KB
11 KB 191ms
91ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a8d7b794abba35f933609894cddfe38aef55dc944a63bf1788024017c67bcf06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11140
x-xss-protection: 0

GET
H2 200 container.html Show response
e6d054d95d762ca565d1bb3d58179dc6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D96B 6 KB
3 KB 171ms
45ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e6d054d95d762ca565d1bb3d58179dc6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://villainessturnshourglass.online/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 23:48:23 GMT
expires: Thu, 21 Dec 2023 23:48:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.nl/adsid/ Frame 4CEE 107 B
165 B 101ms
52ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=villainessturnshourglass.online

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 4CEE 107 B
165 B 281ms
176ms Script
application/javascript 2a00:1450:400d:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=villainessturnshourglass.online

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 4CEE 63 KB
13 KB 306ms
306ms XHR
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4262348326518811&correlator=679612916075828&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fif&iu_parts=21902364955%3A22652385948%2Ccm_pu_villainessturnshourglass.online_arts_and_entertainment_top%2Ccm_pu_villainessturnshourglass.online_arts_and_entertainment_btf_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C468x60%7C200x200%7C320x100%7C320x50%7C300x100&ifi=1&adks=604948289&sfv=1-0-40&eri=4&sc=1&cookie_enabled=1&abxe=1&dt=1671666503177&dlt=1671666502684&idt=483&adxs=276&adys=527&biw=1600&bih=1200&isw=728&ish=90&scr_x=0&scr_y=0&btvi=0&ucis=bplkrq18xgc3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=1&url=https%3A%2F%2Fvillainessturnshourglass.online%2F&top=villainessturnshourglass.online&frm=23&vis=1&psz=728x0&msz=728x0&fws=256&ohw=0&ea=0&ga_vid=526885979.1671666502&ga_sid=1671666503&ga_hid=172560976&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

63d260da134d65a0bf2f86cefcd75e7d27bb90297e2884820f5096a64ebb46b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13207
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://villainessturnshourglass.online
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 4CEE 15 KB
11 KB 169ms
85ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

24874305f69dd3cbd19559db3bb41099a39b60ee10a9dbfe9389adf14313b740

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11222
x-xss-protection: 0

GET
H2 200 container.html Show response
8d7393c1e66d24c697ecb58c46392eb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C1B4 6 KB
3 KB 292ms
40ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8d7393c1e66d24c697ecb58c46392eb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://villainessturnshourglass.online/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 23:48:23 GMT
expires: Thu, 21 Dec 2023 23:48:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_2022120701.js Show response
securepubads.g.doubleclick.net/gpt/ Frame E060 382 KB
129 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120701.js?cb=31071257

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2f8c7997f52d388163a69b8832524663fd4b607f83cdb13ed9c6e928ad71fac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 09:02:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53173
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132289
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 09:34:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 21 Dec 2023 09:02:10 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ Frame E060 109 B
94 B 40ms
40ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=villainessturnshourglass.online

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

82613693f5ddb7fa0f78e558edfbbeaa939dffc936c57630108a46f5d8cf71fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69
x-xss-protection: 0
expires: Wed, 21 Dec 2022 23:48:23 GMT

GET
H2 200 integrator.js Show response
adservice.google.nl/adsid/ Frame F3D7 107 B
165 B 63ms
62ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=villainessturnshourglass.online

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120601.js?cb=31071222

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame F3D7 107 B
165 B 255ms
199ms Script
application/javascript 2a00:1450:400d:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=villainessturnshourglass.online

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120601.js?cb=31071222

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame F3D7 62 KB
13 KB 295ms
294ms XHR
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3464552633123291&correlator=3597309592486825&eid=31071222&output=ldjh&gdfp_req=1&vrg=2022120601&ptt=17&impl=fif&iu_parts=21902364955%3A22652385948%2Ccm_pu_villainessturnshourglass.online_arts_and_entertainment_top%2Ccm_pu_villainessturnshourglass.online_arts_and_entertainment_btf_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=160x600%7C120x600&ifi=1&adks=240754757&sfv=1-0-40&eri=4&sc=1&cookie_enabled=1&abxe=1&dt=1671666503230&dlt=1671666503013&idt=195&adxs=1&adys=100&biw=1600&bih=1200&isw=160&ish=600&scr_x=0&scr_y=0&btvi=0&ucis=4d7adcdg0dqi&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=1&url=https%3A%2F%2Fvillainessturnshourglass.online%2F&top=villainessturnshourglass.online&frm=23&vis=1&psz=160x0&msz=160x0&fws=256&ohw=0&ea=0&ga_vid=526885979.1671666502&ga_sid=1671666503&ga_hid=391607852&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120601.js?cb=31071222

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6614836fb1cb7b97f4aa7450436ab22eb61cb94beebcd26db2986335e5b8271f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13310
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://villainessturnshourglass.online
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F3D7 14 KB
11 KB 117ms
91ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120601.js?cb=31071222

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fb11f9928c7863fb284d54922f8fbc7a98ba330a3be9d23e721c3b602e2b157

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11078
x-xss-protection: 0

GET
H2 200 container.html Show response
0f974652e490bdeb6e8fc05a8780a2f1.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 6E6F 6 KB
3 KB 149ms
42ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0f974652e490bdeb6e8fc05a8780a2f1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120601.js?cb=31071222

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://villainessturnshourglass.online/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 23:48:23 GMT
expires: Thu, 21 Dec 2023 23:48:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ Frame EE5C 483 B
1015 B 339ms
35ms Script
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: cdn.psdn.xyz
URL: https://cdn.psdn.xyz/prebid-2022-12-14.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 21 Dec 2022 23:48:23 GMT
Content-Encoding: br
CF-Cache-Status: HIT
Last-Modified: Wed, 23 Nov 2022 15:43:18 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Age: 2445431
ETag: W/"922cffdd75f7192f75231d92684885aa"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4ymGVRNFlZvryBlIHrm7Ca6zYLV09dyyNxWcSWRDpmTpg75U4n4goYsI%2FzvvOujGO0BFS62BXV6zod6WSuPOftW1mfOluF2alKDftfuSlJgV8kmBF0uaTIpsi6SJdHZceayu5iA4CjR0DcG4"}],"group":"cf-nel","max_age":604800}
Cache-Control: public, max-age=1800
Connection: keep-alive
CF-RAY: 77d4821f6f4d1c98-AMS

POST
H2 200 prebid-request Show response
onetag-sys.com/ Frame EE5C 15 B
379 B 116ms
35ms XHR
application/json 51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: cdn.psdn.xyz
URL: https://cdn.psdn.xyz/prebid-2022-12-14.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://villainessturnshourglass.online/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://villainessturnshourglass.online
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: no-transform, no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

POST
H2 204 c Show response
prebid.a-mo.net/a/ Frame EE5C 0
288 B 167ms
94ms XHR
text/plain 147.75.85.234
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: cdn.psdn.xyz
URL: https://cdn.psdn.xyz/prebid-2022-12-14.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.85.234 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://villainessturnshourglass.online/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:23 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 68
server: envoy
vary: origin, Accept-Encoding

POST
H2 200 adreq Show response
ads.servenobid.com/ Frame EE5C 669 B
658 B 382ms
45ms XHR
application/json 54.154.5.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=2967
Requested by: Host: cdn.psdn.xyz
URL: https://cdn.psdn.xyz/prebid-2022-12-14.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.154.5.50 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-154-5-50.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 2dbe53260adb43c727a018143a98f178b80cfdd7e7248ad591548cc303344de3

Request headers

Referer: https://villainessturnshourglass.online/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://villainessturnshourglass.online
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame EE5C 0
194 B 156ms
28ms XHR
text/plain 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.psdn.xyz
URL: https://cdn.psdn.xyz/prebid-2022-12-14.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://villainessturnshourglass.online/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:23 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

POST
H2 200 hb-mm-multi Show response
hb.minutemedia-prebid.com/ Frame EE5C 105 B
422 B 740ms
105ms XHR
application/json 34.237.159.44
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by: Host: cdn.psdn.xyz
URL: https://cdn.psdn.xyz/prebid-2022-12-14.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.237.159.44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-237-159-44.compute-1.amazonaws.com
Software: /
Resource Hash: a08c94e9486aa1e46a87a47ebb3d6d603ee63372803ef6a1dc3c5caf9f240672

Request headers

Referer: https://villainessturnshourglass.online/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
x-reason: maxmind hosting provider
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://villainessturnshourglass.online
content-type: application/json
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length: 105

POST
H2 200 prebid Show response
prebid.media.net/rtb/ Frame EE5C 1 KB
981 B 138ms
40ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CU2BX48Z
Requested by: Host: cdn.psdn.xyz
URL: https://cdn.psdn.xyz/prebid-2022-12-14.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 0856d9929d74cd3d5e500bba67a7ccfb4f2f03f38fa16e731ef1664b5ff6516e

Request headers

Referer: https://villainessturnshourglass.online/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://villainessturnshourglass.online
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Wed, 21 Dec 2022 23:48:23 GMT

POST
H2 200 prebid Show response
mp.4dex.io/ Frame EE5C 114 B
525 B 113ms
41ms XHR
application/json 2a06:98c1:3122::
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: cdn.psdn.xyz
URL: https://cdn.psdn.xyz/prebid-2022-12-14.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3122:: , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aae647740085ee3853f6fb6cf10de92db9b74452a75d6a12d09dbafd96f5d14a

Request headers

Referer: https://villainessturnshourglass.online/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

x-version: 3.0.0-gcp-ams
date: Wed, 21 Dec 2022 23:48:23 GMT
x-err: Shapings: no adunits with size and seat and mapping
via: 1.1 google
cf-cache-status: DYNAMIC
content-encoding: gzip
x-warn: Process Seats Booster. unable to get the seat booster engine for organization: 1263
pragma: no-cache
server: cloudflare
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://villainessturnshourglass.online
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 77d4821e198228ac-AMS
expires: 0

GET
H3 200 integrator.js Show response
adservice.google.nl/adsid/ Frame E060 107 B
122 B 120ms
44ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=villainessturnshourglass.online

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120701.js?cb=31071257

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame E060 107 B
165 B 164ms
163ms Script
application/javascript 2a00:1450:400d:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=villainessturnshourglass.online

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120701.js?cb=31071257

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame E060 21 KB
10 KB 233ms
233ms XHR
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4482409417709231&correlator=986840045700428&eid=31071257%2C31068826&output=ldjh&gdfp_req=1&vrg=2022120701&ptt=17&impl=fif&iu_parts=21902364955%3A22652385948%2Ccm_pu_villainessturnshourglass.online_arts_and_entertainment_top%2Ccm_pu_villainessturnshourglass.online_arts_and_entertainment_btf_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=970x90%7C728x90%7C468x60%7C320x100%7C320x50%7C300x100&ifi=1&adks=3514055143&sfv=1-0-40&eri=4&sc=1&cookie_enabled=1&abxe=1&dt=1671666503320&dlt=1671666503043&idt=256&adxs=315&adys=1105&biw=1600&bih=1200&isw=970&ish=90&scr_x=0&scr_y=0&btvi=0&ucis=dzfl5cd918og&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=1&url=https%3A%2F%2Fvillainessturnshourglass.online%2F&top=villainessturnshourglass.online&frm=23&vis=1&psz=970x0&msz=970x0&fws=256&ohw=0&ea=0&ga_vid=526885979.1671666502&ga_sid=1671666503&ga_hid=770109858&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120701.js?cb=31071257

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a904c1a3e665c4f9d7b699e18c893d7459488f22b9ed83d3a9f6eeb8d925cfc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9870
x-xss-protection: 0
google-lineitem-id: 6133906979
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138407859888
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://villainessturnshourglass.online
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame E060 14 KB
11 KB 47ms
47ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120701.js?cb=31071257

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fa8f76313e50c6a5ba89ba20c3e24a01997a00a88f78c08facfca998ce093f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11099
x-xss-protection: 0

GET
H2 200 container.html Show response
c53869c191bc3e659bd34e977428922e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0C4A 6 KB
3 KB 134ms
41ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c53869c191bc3e659bd34e977428922e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120701.js?cb=31071257

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://villainessturnshourglass.online/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 23:48:23 GMT
expires: Thu, 21 Dec 2023 23:48:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 4CEE 17 KB
7 KB 128ms
54ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 21 Dec 2022 23:48:23 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame DF82 17 KB
6 KB 131ms
62ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 21 Dec 2022 23:48:23 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F3D7 17 KB
6 KB 136ms
68ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120601.js?cb=31071222

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 21 Dec 2022 23:48:23 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame E060 17 KB
6 KB 113ms
70ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120701.js?cb=31071257

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 21 Dec 2022 23:48:23 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 5FD5 13 KB
5 KB 242ms
120ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://villainessturnshourglass.online/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 7412
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 21:44:51 GMT
expires: Thu, 21 Dec 2023 21:44:51 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 7231 783 B
1 KB 118ms
44ms Document
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a9614ae9e8d2d194b8a5fa2ce66303df50acda89f3abf159704e08c032f6a156

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-urdePD25L7IWDq5GMpki5w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://villainessturnshourglass.online/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-urdePD25L7IWDq5GMpki5w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 23:48:23 GMT
expires: Wed, 21 Dec 2022 23:48:23 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012211060024000/ Frame 4EC1 221 KB
61 KB 180ms
48ms Script
text/javascript 2a00:1450:400d:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01f9f2f5ba1812441a49f7f1dc0b04fb56a18b486005289b8df4212381f10ce

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 01:38:32 GMT
age: 79791
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61592
x-xss-protection: 0
server: sffe
etag: "a2fca7132416d151"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 21 Dec 2023 01:38:32 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 4EC1 14 KB
5 KB 306ms
175ms Script
text/javascript 2a00:1450:400d:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 01:38:32 GMT
age: 79791
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5218
x-xss-protection: 0
server: sffe
etag: "abd4378f71571d78"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 21 Dec 2023 01:38:32 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 4EC1 94 KB
28 KB 309ms
178ms Script
text/javascript 2a00:1450:400d:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 01:38:32 GMT
age: 79791
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28809
x-xss-protection: 0
server: sffe
etag: "dd6615029de85e23"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 21 Dec 2023 01:38:32 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 4EC1 5 KB
2 KB 322ms
191ms Script
text/javascript 2a00:1450:400d:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 01:38:32 GMT
age: 79791
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
etag: "403438c4d550ee88"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 21 Dec 2023 01:38:32 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 4EC1 40 KB
13 KB 323ms
192ms Script
text/javascript 2a00:1450:400d:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 01:38:32 GMT
age: 79791
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12946
x-xss-protection: 0
server: sffe
etag: "0bacd3f1ce38a7db"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 21 Dec 2023 01:38:32 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 4EC1 8 KB
895 B 110ms
45ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 21 Dec 2022 23:29:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 21 Dec 2022 23:48:23 GMT

OPTIONS
H2 200 i
api.purpleads.io/x/a/00d6429cb0b93f9f9c342de96b8717d4:5ea971f776d285454ff778b8c1afc9fe4df7a3c567c8fe17c2bc897feb3118b8e8fbd38adf15e9c0057ff3a495c546f58525126a83c7e75f327d9ea5cf6a27c62e63d40d014c888... Frame 0
0 103ms
103ms Preflight 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/00d6429cb0b93f9f9c342de96b8717d4:5ea971f776d285454ff778b8c1afc9fe4df7a3c567c8fe17c2bc897feb3118b8e8fbd38adf15e9c0057ff3a495c546f58525126a83c7e75f327d9ea5cf6a27c62e63d40d014c88827e1c8a0fd0e8016384a90cda172627e02fa11698cc0b3f99810b6e7ade0471d07c8c04e27a6c79324029586ee7b7ff0d9a630154aa8254c03942030f80b5a33d88eda5b8b44ab7518f8c0ed89ea1690770b0525d74311cd6/i?id=83d9ec7d-ab82-4c56-9b75-79bfcc74f26f&ts=1671666503516
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://villainessturnshourglass.online
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:23 GMT
x-request-id: 107ed239-b1fa-4704-9d55-0adbcd323f07

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 4EC1 2 KB
2 KB 243ms
146ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 09:39:53 GMT
x-content-type-options: nosniff
server: cafe
age: 50910
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 22 Dec 2022 09:39:53 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 4EC1 295 B
319 B 270ms
172ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 20:35:33 GMT
x-content-type-options: nosniff
server: cafe
age: 11570
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 22 Dec 2022 20:35:33 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 4EC1 0
0 79ms
79ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CJg64R5ujY8ioDsv_7_UPvc-Y2APbrbKFbuXupq_WEPPW9P0IEAEg8tO5e2CRhKCFjBigAauX-LcoyAEJ4AIAqAMByAMKqgTDAk_QEhj4GIJh5cDd--qyPRY3DDazP15UQkxNVxdAo8Pg-a25r6rMYnccBhgGtJvaf_1C3szsRIxFnmIuJsqxswCZUOEmdp55NelgIxRS9FIODX5puTCNRpeu6v52mYiL4YElZJwtLm0Lt6HgNNYbfuWU4FsN_HCLtj23zXd6_Wakb9qrf2hCEYYRCgVAYOCZBCrZcbxAAIUmtDM3pipl9l-Z2GQg-HeYNTEGExFsCIKhfJEoDUk6IiUdgfGYT_Us86qylECKO_zK6sGZyFcm1XNFDGDt9JIWrGrBTtiA7_L6gsHmrH-Td2dwd_FCkytQfNFRqhihR2cVSVr71eQpzPcv8D8IgTzsOKWz1eK52kMz8A29UkvsNWbhWpK0d4_qG_kQCuxrAT7rma6IRtGCTqfdHAZ4sMLwNO0niQ2pbHfrMw2AwASV_4GglgTgBAGSBQQIBBgBkgUECAUYBKAGLoAHq8_IlwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBD3igHSCBEIgOGAEBABGB0yAqoCOgKAQIAKA8gLAdgTDdAVAYAXAbIXHgocCAASFHB1Yi01NDEzMzI5NTQ0MDQwOTQ3GMGMdA&sigh=IM5lXb-dZ3I&uach_m=[UACH]&cid=CAQSTADq26N9SGaR2grGjMYAkyAOoP6zQ7De20YLsCNFRUkIAZ_4ptsUezji-rNq7xRkhQn8xVRFe_yzhGMMyXl1flMAQQ7Q5S1Zq_TmDAUYASAT&template_id=5000
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H2 204 i
api.purpleads.io/x/a/00d6429cb0b93f9f9c342de96b8717d4:5ea971f776d285454ff778b8c1afc9fe4df7a3c567c8fe17c2bc897feb3118b8e8fbd38adf15e9c0057ff3a495c546f58525126a83c7e75f327d9ea5cf6a27c62e63d40d014c888... 0
0 174ms
173ms Fetch 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/00d6429cb0b93f9f9c342de96b8717d4:5ea971f776d285454ff778b8c1afc9fe4df7a3c567c8fe17c2bc897feb3118b8e8fbd38adf15e9c0057ff3a495c546f58525126a83c7e75f327d9ea5cf6a27c62e63d40d014c88827e1c8a0fd0e8016384a90cda172627e02fa11698cc0b3f99810b6e7ade0471d07c8c04e27a6c79324029586ee7b7ff0d9a630154aa8254c03942030f80b5a33d88eda5b8b44ab7518f8c0ed89ea1690770b0525d74311cd6/i?id=83d9ec7d-ab82-4c56-9b75-79bfcc74f26f&ts=1671666503516
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

x-request-url: aHR0cHM6Ly92aWxsYWluZXNzdHVybnNob3VyZ2xhc3Mub25saW5lLw==
accept-language: nl-NL,nl;q=0.9
Authorization: Bearer fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://villainessturnshourglass.online/
x-purpleads-version: 2.3.7

Response headers

access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:23 GMT
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
x-request-id: 95eda0e5-3bc4-4bbf-a2b9-dac0a4e8d4a0

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/5238594716255546121/ Frame 4EC1 26 KB
26 KB 240ms
148ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5238594716255546121/14763004658117789537?w=400&h=209

Requested by

Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66fc6ca2760f4dd4df304739a23db941cd151c46b55dadedeada1535e83511a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 19 Dec 2022 05:04:48 GMT
x-content-type-options: nosniff
age: 240215
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26951
x-xss-protection: 0
last-modified: Thu, 24 Nov 2022 06:33:06 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 19 Dec 2023 05:04:48 GMT

GET
DATA 200
OK truncated
/ Frame 4EC1 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 4EC1 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 4EC1 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2b8e6102dc8302c36f480ee6093667f327a54e7f1b18924e175e45ddb690464b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

OPTIONS
H2 200 i
api.purpleads.io/x/a/56de92c39330f7d318a13739432baabe:dc99520324d92b4d5bf65ed5b5d37bdf5213a8df3520a694464f68ccf79bf775e656836f063c360ab9e283a8ff80be6977e0a0bbc7f7b27715a09d5a7cd8baad8b668721e2afc78... Frame 0
0 111ms
111ms Preflight 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/56de92c39330f7d318a13739432baabe:dc99520324d92b4d5bf65ed5b5d37bdf5213a8df3520a694464f68ccf79bf775e656836f063c360ab9e283a8ff80be6977e0a0bbc7f7b27715a09d5a7cd8baad8b668721e2afc78f4a99fb1bb5cd338c3fb442e7a3613e7f0ce499df5c5cb2d68cee0f2fe3159ae321b4740720b63a8737b6310892889efef9e9bb2e00f4f9ba7ea14a4d5bae73bbe001347e66b8feb729771725d46d9d9461572a088625e7ae/i?id=5620056c-a68a-49d7-a424-6947cf7802c9&ts=1671666503554
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://villainessturnshourglass.online
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:23 GMT
x-request-id: f995370e-1d6e-448c-9e4e-64538a335c64

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D8BC 0
0 71ms
71ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvK2ZPihwfjb3um3InZVTW-_CY7dTk_AupRJpi0z_dKKV_Kb7kJPnWF4YO8VDiW76amXCMDzAEMqLYtFnfKWviUNsDJAI3S0tvuq4ev1-he00lRLytahfWBSM1hnY8weET3bOtbauODuwRqjDSvtrQmDlLXCzZcfmNk8GPnMHHlWCk1D93GjTdxo3I_vjiBXUobbdnYZGDeZPrvgFOWXzwsOucKnSMMZM3xnEtH1655ALpb2e9v-OPsQrYNavDEmdNLGIBBb9SFOTVKd_IIdFmg1A_-i845dvRlx4JKoD-NwlpzhOfjDGwr0nixaaMSuWLnh2kXRi-8xYm8jTLHEbft2XKCyXoLuEkL06dImoYy7IX0LGadjmA2oJXplwCGp9xlKPUDyClcf0vrj6NKHl7AuVcdCOXWtzznm_VgefvoLurIovo1N9ztrXu76Cifb0K4vbj-KRBzgm1Nif5aQUMn0soKjvFIkA4dtz1QFbbp5VqO_fo6JUUwvLdblOwfaWQ&sai=AMfl-YQLnE1GHDY9uQJLT3B4nXsYZ1Dx_XpoSVOIwD6udlXCrl7Y1re2BaonU_mYtwCh3WJW5vOpIQmMeXyBzGM2XmSToYLZwl6qmt0AVsfTd5yUGveUlfYlfjskf9glklTndQXC0HSrxxeAkDUln15sZQ&sig=Cg0ArKJSzC6l-Cybzpz9EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 21 Dec 2022 23:48:23 GMT

GET
H2 200 22554.js Show response
ads.rubiconproject.com/ad/ Frame D8BC 30 KB
9 KB 197ms
48ms Script
text/javascript 104.96.145.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rubiconproject.com/ad/22554.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.96.145.246 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-96-145-246.deploy.static.akamaitechnologies.com
Software: Apache / PHP/5.3.3
Resource Hash: 1e7adc9a24a57746863ef54f2de5f8905c242ebc6d416713133ff989fb050222

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
server: Apache
x-powered-by: PHP/5.3.3
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=11622
access-control-allow-credentials: true
content-length: 8916
expires: Thu, 22 Dec 2022 03:02:05 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D8BC 153 KB
47 KB 235ms
100ms Script
text/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 21 Dec 2022 23:48:23 GMT

GET
H2 204 i
api.purpleads.io/x/a/56de92c39330f7d318a13739432baabe:dc99520324d92b4d5bf65ed5b5d37bdf5213a8df3520a694464f68ccf79bf775e656836f063c360ab9e283a8ff80be6977e0a0bbc7f7b27715a09d5a7cd8baad8b668721e2afc78... 0
0 157ms
156ms Fetch 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/56de92c39330f7d318a13739432baabe:dc99520324d92b4d5bf65ed5b5d37bdf5213a8df3520a694464f68ccf79bf775e656836f063c360ab9e283a8ff80be6977e0a0bbc7f7b27715a09d5a7cd8baad8b668721e2afc78f4a99fb1bb5cd338c3fb442e7a3613e7f0ce499df5c5cb2d68cee0f2fe3159ae321b4740720b63a8737b6310892889efef9e9bb2e00f4f9ba7ea14a4d5bae73bbe001347e66b8feb729771725d46d9d9461572a088625e7ae/i?id=5620056c-a68a-49d7-a424-6947cf7802c9&ts=1671666503554
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

x-request-url: aHR0cHM6Ly92aWxsYWluZXNzdHVybnNob3VyZ2xhc3Mub25saW5lLw==
accept-language: nl-NL,nl;q=0.9
Authorization: Bearer fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://villainessturnshourglass.online/
x-purpleads-version: 2.3.7

Response headers

access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:23 GMT
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
x-request-id: 05669c56-1f9c-4ae8-ae03-6e2c96ae0388

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012211060024000/ Frame 7380 221 KB
60 KB 201ms
133ms Script
text/javascript 2a00:1450:400d:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120601.js?cb=31071222

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01f9f2f5ba1812441a49f7f1dc0b04fb56a18b486005289b8df4212381f10ce

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 01:38:32 GMT
age: 79791
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61592
x-xss-protection: 0
server: sffe
etag: "a2fca7132416d151"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 21 Dec 2023 01:38:32 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 7380 14 KB
5 KB 174ms
174ms Script
text/javascript 2a00:1450:400d:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120601.js?cb=31071222

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 01:38:32 GMT
age: 79791
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5218
x-xss-protection: 0
server: sffe
etag: "abd4378f71571d78"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 21 Dec 2023 01:38:32 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 7380 94 KB
28 KB 176ms
176ms Script
text/javascript 2a00:1450:400d:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120601.js?cb=31071222

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 01:38:32 GMT
age: 79791
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28809
x-xss-protection: 0
server: sffe
etag: "dd6615029de85e23"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 21 Dec 2023 01:38:32 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 7380 5 KB
2 KB 183ms
183ms Script
text/javascript 2a00:1450:400d:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120601.js?cb=31071222

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 01:38:32 GMT
age: 79791
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
etag: "403438c4d550ee88"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 21 Dec 2023 01:38:32 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 7380 40 KB
13 KB 184ms
184ms Script
text/javascript 2a00:1450:400d:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120601.js?cb=31071222

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 01:38:32 GMT
age: 79791
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12946
x-xss-protection: 0
server: sffe
etag: "0bacd3f1ce38a7db"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 21 Dec 2023 01:38:32 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 7380 8 KB
895 B 44ms
43ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120601.js?cb=31071222

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 21 Dec 2022 22:50:09 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 21 Dec 2022 23:48:23 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7380 2 KB
2 KB 95ms
61ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120601.js?cb=31071222

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 09:39:53 GMT
x-content-type-options: nosniff
server: cafe
age: 50910
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 22 Dec 2022 09:39:53 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7380 295 B
319 B 207ms
172ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120601.js?cb=31071222

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 20:35:33 GMT
x-content-type-options: nosniff
server: cafe
age: 11570
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 22 Dec 2022 20:35:33 GMT

OPTIONS
H2 200 i
api.purpleads.io/x/a/f2024c70ccff1d7c23de646287b8917b:b73d78365a7480dee67ef81a68ed1e8c74af0642d81e7a9d58e40e835d8cc3b8a049a95d30b57d8c07e53cfa48c4a764410cf6008990bbcaa1e74c1be44c404f75e9c91763cb0e3... Frame 0
0 109ms
108ms Preflight 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/f2024c70ccff1d7c23de646287b8917b:b73d78365a7480dee67ef81a68ed1e8c74af0642d81e7a9d58e40e835d8cc3b8a049a95d30b57d8c07e53cfa48c4a764410cf6008990bbcaa1e74c1be44c404f75e9c91763cb0e38c7112c5530992a604c41395c57fb4858fda160491826f966b19b686153b31d8262655a941029b8851249c41333998a3b654ba947600eb42de46630ba6b9245476267d6fd3fabc14724fcd16a171e0dcde0ce23fbcccc0f8c/i?id=5679b3db-6d24-4d99-9fd3-6d86f348052d&ts=1671666503579
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://villainessturnshourglass.online
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:23 GMT
x-request-id: 51a1682e-4897-465b-a1d0-ed392febcdac

GET
H2 204 i
api.purpleads.io/x/a/f2024c70ccff1d7c23de646287b8917b:b73d78365a7480dee67ef81a68ed1e8c74af0642d81e7a9d58e40e835d8cc3b8a049a95d30b57d8c07e53cfa48c4a764410cf6008990bbcaa1e74c1be44c404f75e9c91763cb0e3... 0
0 131ms
128ms Fetch 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/f2024c70ccff1d7c23de646287b8917b:b73d78365a7480dee67ef81a68ed1e8c74af0642d81e7a9d58e40e835d8cc3b8a049a95d30b57d8c07e53cfa48c4a764410cf6008990bbcaa1e74c1be44c404f75e9c91763cb0e38c7112c5530992a604c41395c57fb4858fda160491826f966b19b686153b31d8262655a941029b8851249c41333998a3b654ba947600eb42de46630ba6b9245476267d6fd3fabc14724fcd16a171e0dcde0ce23fbcccc0f8c/i?id=5679b3db-6d24-4d99-9fd3-6d86f348052d&ts=1671666503579
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

x-request-url: aHR0cHM6Ly92aWxsYWluZXNzdHVybnNob3VyZ2xhc3Mub25saW5lLw==
accept-language: nl-NL,nl;q=0.9
Authorization: Bearer fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://villainessturnshourglass.online/
x-purpleads-version: 2.3.7

Response headers

access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:23 GMT
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
x-request-id: 07eb282b-8152-45f0-94a5-3c33864f5c39

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0120 13 KB
5 KB 149ms
119ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://villainessturnshourglass.online/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 7412
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 21:44:51 GMT
expires: Thu, 21 Dec 2023 21:44:51 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 60CB 783 B
740 B 42ms
42ms Document
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b541d4aa2aa035af47e0c5558a2c57590d81a70c0081489d55ac86d27a96a8a5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-WImnOPL4nltxXJuTcAL8wg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://villainessturnshourglass.online/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-WImnOPL4nltxXJuTcAL8wg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 23:48:23 GMT
expires: Wed, 21 Dec 2022 23:48:23 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 2728354180183721846
tpc.googlesyndication.com/simgad/11935953259878694557/ Frame 7380 7 KB
7 KB 235ms
207ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11935953259878694557/2728354180183721846?w=195&h=102

Requested by

Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

39faa21e31fa47676ec25210292375584383c45d17634eba7e30708360870ebe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7633
x-xss-protection: 0
last-modified: Thu, 24 Nov 2022 06:33:09 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 21 Dec 2023 23:48:23 GMT

GET
DATA 200
OK truncated
/ Frame 7380 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 7380 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 7380 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8ba4c1985231e93451aed3ec4ff87c19160ba669e0c772aa653472763d4f942e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

OPTIONS
H2 200 i
api.purpleads.io/x/a/1e99701385f9425c28346357a69e2739:d195b639f251df1ba202f7890baf0559adc66a9b1abbfec57397df404a24501a8cacae6a79d7c2185b11e5e3b8eaa32b5abfad835dc05a91fe5cb8432288eafa1dce7d82efcc8fc... Frame 0
0 123ms
123ms Preflight 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/1e99701385f9425c28346357a69e2739:d195b639f251df1ba202f7890baf0559adc66a9b1abbfec57397df404a24501a8cacae6a79d7c2185b11e5e3b8eaa32b5abfad835dc05a91fe5cb8432288eafa1dce7d82efcc8fcdf9479820a1c4a2c77d62e3dfc7f33194c4ee5566af37b1712f4fdc0479feeffe87898cda0942366ce090681de1c1d96c02d587a300bba743d68c1b7ff673a73d3a4251cf655cb2f6d23d0a97588bdcf32d766ecd6ce9bb0b/i?id=45406566-68be-4eea-a1ba-8261367fdec6&ts=1671666503607
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://villainessturnshourglass.online
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:23 GMT
x-request-id: f554c817-4e3e-41ef-b0d0-91663f35d72f

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8B83 0
0 73ms
72ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvDEz18ykvCs0n8gEBm85RNfYbapJgyyvcKalNoYlgTaeseKM1usIFyEw7E5K0Cf2BvqW0lzoHTDC0VCh2iW3GeO64gi2xFPNoMms80igRJa3U6t_H3a8fR2P6aLfNMl85Vp7xxLT1Lx_py75AFAQFPtABVqETLI4v1IntLiTKDoYMtoxyTJMTJhHehmnLbpYemfwVzUWV4XHRjTHrUrz-4v0bvEABfkpo-FGFH6YiwUa7e2IJcGxj9Od6lAfAspb6yCKFEicpxW9gp0m8iVdtNTt9XaPo7CIeGuUbvMJ4skkrIx5ZzRFmzFHgf_Q1HdSOvtfoRmTRtFxEuCjet_mbljHgDja_gh9T3uZZIuNnvK1kszRD0HNs5F44lcrVhaJ7AhpnKLy5H1iabFO4dXEmOPeGaNKajrzkHk_zwIrDTRVw8Kt8ITw3OPOV2bs-awwmimKTE6Z8JPptKo7C1sv80MQvtYYmvxC3QMVIRQwc2KDMoIiVxS6sQQpseFswCdlU&sai=AMfl-YTkE6oJaFyEnwIM53h6Mb2fI1Rh5ITqqRLtbcQBm3ZPep8lhEJ3Ix8KYjmsAfQo3cqThwnKsjYizTdAi-5QMy5Xr7kaKlq8yzg5VGGvzybyxuCa1kyrai9J6na_MIsplWlVD4DWxOZLbqPSaRdOeQ&sig=Cg0ArKJSzPKv3PxwtvkuEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 22554.js Show response
ads.rubiconproject.com/ad/ Frame 8B83 30 KB
9 KB 141ms
45ms Script
text/javascript 104.96.145.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rubiconproject.com/ad/22554.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120701.js?cb=31071257
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.96.145.246 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-96-145-246.deploy.static.akamaitechnologies.com
Software: Apache / PHP/5.3.3
Resource Hash: 1e7adc9a24a57746863ef54f2de5f8905c242ebc6d416713133ff989fb050222

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
server: Apache
x-powered-by: PHP/5.3.3
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=11622
access-control-allow-credentials: true
content-length: 8916
expires: Thu, 22 Dec 2022 03:02:05 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8B83 153 KB
47 KB 250ms
169ms Script
text/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120701.js?cb=31071257

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 21 Dec 2022 23:48:23 GMT

GET
H2 204 i
api.purpleads.io/x/a/1e99701385f9425c28346357a69e2739:d195b639f251df1ba202f7890baf0559adc66a9b1abbfec57397df404a24501a8cacae6a79d7c2185b11e5e3b8eaa32b5abfad835dc05a91fe5cb8432288eafa1dce7d82efcc8fc... 0
0 105ms
105ms Fetch 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/1e99701385f9425c28346357a69e2739:d195b639f251df1ba202f7890baf0559adc66a9b1abbfec57397df404a24501a8cacae6a79d7c2185b11e5e3b8eaa32b5abfad835dc05a91fe5cb8432288eafa1dce7d82efcc8fcdf9479820a1c4a2c77d62e3dfc7f33194c4ee5566af37b1712f4fdc0479feeffe87898cda0942366ce090681de1c1d96c02d587a300bba743d68c1b7ff673a73d3a4251cf655cb2f6d23d0a97588bdcf32d766ecd6ce9bb0b/i?id=45406566-68be-4eea-a1ba-8261367fdec6&ts=1671666503607
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

x-request-url: aHR0cHM6Ly92aWxsYWluZXNzdHVybnNob3VyZ2xhc3Mub25saW5lLw==
accept-language: nl-NL,nl;q=0.9
Authorization: Bearer fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://villainessturnshourglass.online/
x-purpleads-version: 2.3.7

Response headers

access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:23 GMT
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
x-request-id: 33d4dc81-a5e4-4471-bfcd-bb310d666c38

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8848 13 KB
5 KB 129ms
128ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://villainessturnshourglass.online/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 7412
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 21:44:51 GMT
expires: Thu, 21 Dec 2023 21:44:51 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame BAB6 783 B
536 B 113ms
42ms Document
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

56af42d8b1f0fff68d0f74b929496bcc37e5c9fccd7e41a4f18ce227cd628628

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-j_W5f7oCPNjiKypJMMYT9g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://villainessturnshourglass.online/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-j_W5f7oCPNjiKypJMMYT9g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 23:48:23 GMT
expires: Wed, 21 Dec 2022 23:48:23 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 4A17 13 KB
5 KB 134ms
132ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://villainessturnshourglass.online/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 7412
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 21:44:51 GMT
expires: Thu, 21 Dec 2023 21:44:51 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 897F 783 B
536 B 108ms
41ms Document
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f44c186685862ce05b9a585fb1cf91983b571db5467b3dc424eb1c970625fa9d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-s5Vi6rHZGabIRGjZPDJUlA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://villainessturnshourglass.online/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-s5Vi6rHZGabIRGjZPDJUlA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 23:48:23 GMT
expires: Wed, 21 Dec 2022 23:48:23 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 css
fonts.googleapis.com/ Frame 2655 708 B
367 B 43ms
42ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato&display=swap

Requested by

Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/load.js?publisherId=fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

76b2a103a4feac2ee3aa1bf11ce12032a38d8fa566fb95a39bcac61204811c5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 21 Dec 2022 21:58:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 21 Dec 2022 23:48:23 GMT

GET
H2 200 prebid-2022-12-14.js Show response
cdn.psdn.xyz/ Frame 2655 347 KB
112 KB 31ms
30ms Script
application/javascript 205.185.216.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.psdn.xyz/prebid-2022-12-14.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

205.185.216.10 , United States, ASN20446 (STACKPATH-CDN, US),

Reverse DNS

map2.hwcdn.net

Software

Resource Hash

b0cc0f37d2d9dff52ed354664a1a65f2282a7b66617b35e288c80909f4d2a831

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
last-modified: Wed, 14 Dec 2022 11:19:45 GMT
x-sp-metadata: HS256.CNfSjp0GEokBCiQwNWUzMTg5Zi1iYWIzLTRmYjUtYmQyNC1iMGY4NTQzZDAwNmQQgMGmkNnD+wIaBgjHto6dBiIOMzEuMjA0LjE1MC4xNDQo6JUCMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogM2U5YjIwNjEwMDk4YjZjOWJmZjk1Mzg1NmU1ODAxNmEaLAgBEiRiMDUyNGU1MS1iNWYyLTQzNDEtODVmZi0zZGU3YzdlMjM1ZTEYnP0GIhgIAhIUY2RzMjMwLmFtNS5od2Nkbi5uZXQ=.U92ePhC4fNXtHzML15vQrho8Q4Wp5pbFCgZsiypqnY8=
x-amz-request-id: tx0000000000001e3273a2f-006399bc43-34c6886a-nyc3b
etag: "1276363d62a712363e73660fb90e2cd7"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-hw: 1671666503.dop123.am5.t,1671666503.cds219.am5.hn,1671666503.cds230.am5.c
content-type: application/javascript
x-rgw-object-type: Normal
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 114332

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 4EC1 28 KB
28 KB 35ms
35ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://villainessturnshourglass.online
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 15 Dec 2022 21:35:41 GMT
x-content-type-options: nosniff
age: 526362
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Dec 2023 21:35:41 GMT

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 7380 28 KB
28 KB 46ms
46ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://villainessturnshourglass.online
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 15 Dec 2022 21:35:41 GMT
x-content-type-options: nosniff
age: 526362
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Dec 2023 21:35:41 GMT

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/ Frame EE5C 74 KB
24 KB 89ms
36ms Fetch
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed87a83a9df154b61d76e8b9b53bb9d23db3eea194e66bca6b575e3e4f7a57bf

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 21 Dec 2022 23:48:23 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: ECKP3NW8W8T3MHHD
Age: 2555031
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: 9GS8F/siEqZIDcVzbVwZrmlkK0C8MCv5pn7DoLzb2gTMzibuFv8dSHI/fkHZWX0dLtx6S3O5bN4=
Last-Modified: Tue, 22 Nov 2022 09:44:15 GMT
Server: cloudflare
ETag: W/"c56b6332dacf72f135afcd153ae22448"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TPQq%2FMS5mHP9Appu%2FrLT2Y9x3sKozzURjzfq8wdp%2FzoJOglkfY1dWjTo002E35gYXGBBW6taUeNHz67br3Wt%2BV2E6nB%2FzUhi2JsCDmkdSbYq56o1saLC4F8Y%2FiO2h%2F5CF%2F8KujqbNS9difPF"}],"group":"cf-nel","max_age":604800}
Cache-Control: public, max-age=1800
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
CF-RAY: 77d482204a890a47-AMS

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7231 0
0 186ms
67ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022120501&jk=4262348326518811&rc=
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 60CB 0
0 186ms
67ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022120501&jk=1870840456077220&rc=
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ Frame 2655 23 KB
23 KB 35ms
34ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://villainessturnshourglass.online
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 18 Dec 2022 11:05:12 GMT
x-content-type-options: nosniff
age: 304991
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Dec 2023 11:05:12 GMT

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ Frame 2655 483 B
1 KB 33ms
33ms Script
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: cdn.psdn.xyz
URL: https://cdn.psdn.xyz/prebid-2022-12-14.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 21 Dec 2022 23:48:23 GMT
Content-Encoding: br
CF-Cache-Status: HIT
Last-Modified: Wed, 23 Nov 2022 15:43:18 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Age: 2445431
ETag: W/"922cffdd75f7192f75231d92684885aa"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iqtQ6fY69nj%2FCw04QXg%2BQoFjv4%2B0GxN8Nj2RLS%2FfUUXRgtlbKXhhJ036FroIS2qItAcLqOXtq3whIiAFK1w%2BdZzAZBO5lh%2FEF50JkC4UJw%2FrrtQnnooLAa1aPQ%2FodSuPdODQqYpEWR98gZlJ"}],"group":"cf-nel","max_age":604800}
Cache-Control: public, max-age=1800
Connection: keep-alive
CF-RAY: 77d4822038011c98-AMS

POST
H2 200 prebid Show response
prebid.media.net/rtb/ Frame 2655 1 KB
687 B 40ms
40ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CU2BX48Z
Requested by: Host: cdn.psdn.xyz
URL: https://cdn.psdn.xyz/prebid-2022-12-14.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: c6ea40b571810cf8b05fa0a8655451fcec540db020557ed8f138b7e0a6fa7681

Request headers

Referer: https://villainessturnshourglass.online/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://villainessturnshourglass.online
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Wed, 21 Dec 2022 23:48:23 GMT

POST
H2 200 prebid Show response
mp.4dex.io/ Frame 2655 114 B
191 B 38ms
38ms XHR
application/json 2a06:98c1:3122::
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: cdn.psdn.xyz
URL: https://cdn.psdn.xyz/prebid-2022-12-14.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3122:: , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 10ef4250de7a7edeb8f3d912b293b7982e10746368902fbdcb83bb8dc23e3e9a

Request headers

Referer: https://villainessturnshourglass.online/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

x-version: 3.0.0-gcp-ams
date: Wed, 21 Dec 2022 23:48:23 GMT
x-err: Shapings: no adunits with size and seat and mapping
via: 1.1 google
cf-cache-status: DYNAMIC
content-encoding: gzip
x-warn: Process Seats Booster. unable to get the seat booster engine for organization: 1263
pragma: no-cache
server: cloudflare
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://villainessturnshourglass.online
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 77d482204ab728ac-AMS
expires: 0

POST
H2 204 c Show response
prebid.a-mo.net/a/ Frame 2655 0
134 B 115ms
115ms XHR
text/plain 147.75.85.234
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: cdn.psdn.xyz
URL: https://cdn.psdn.xyz/prebid-2022-12-14.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.85.234 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://villainessturnshourglass.online/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:23 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 88
server: envoy
vary: origin, Accept-Encoding

POST
H2 200 prebid-request Show response
onetag-sys.com/ Frame 2655 15 B
378 B 34ms
34ms XHR
application/json 51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: cdn.psdn.xyz
URL: https://cdn.psdn.xyz/prebid-2022-12-14.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://villainessturnshourglass.online/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://villainessturnshourglass.online
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: no-transform, no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

POST
H2 200 hb-mm-multi
hb.minutemedia-prebid.com/ Frame 2655 105 B
0 315ms
106ms XHR
application/json 34.237.159.44
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by: Host: cdn.psdn.xyz
URL: https://cdn.psdn.xyz/prebid-2022-12-14.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.237.159.44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-237-159-44.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://villainessturnshourglass.online/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
x-reason: maxmind hosting provider
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://villainessturnshourglass.online
content-type: application/json
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length: 105

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame 2655 0
193 B 27ms
27ms XHR
text/plain 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.psdn.xyz
URL: https://cdn.psdn.xyz/prebid-2022-12-14.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://villainessturnshourglass.online/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:23 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

POST
H2 200 adreq Show response
ads.servenobid.com/ Frame 2655 669 B
657 B 43ms
43ms XHR
application/json 54.154.5.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=6631
Requested by: Host: cdn.psdn.xyz
URL: https://cdn.psdn.xyz/prebid-2022-12-14.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.154.5.50 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-154-5-50.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 2dbe53260adb43c727a018143a98f178b80cfdd7e7248ad591548cc303344de3

Request headers

Referer: https://villainessturnshourglass.online/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 21 Dec 2022 23:48:23 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://villainessturnshourglass.online
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/ Frame 2655 74 KB
24 KB 32ms
32ms Fetch
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed87a83a9df154b61d76e8b9b53bb9d23db3eea194e66bca6b575e3e4f7a57bf

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 21 Dec 2022 23:48:23 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: ECKP3NW8W8T3MHHD
Age: 2555031
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: 9GS8F/siEqZIDcVzbVwZrmlkK0C8MCv5pn7DoLzb2gTMzibuFv8dSHI/fkHZWX0dLtx6S3O5bN4=
Last-Modified: Tue, 22 Nov 2022 09:44:15 GMT
Server: cloudflare
ETag: W/"c56b6332dacf72f135afcd153ae22448"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LDyFyCIQwmlA55gWGUaLwet5key8FuRIDrCTS%2FgOqk8kFjMDZ0%2BNE8QKzyhfHwbDZQk%2FVebgEVyOAGQH%2FZYs2qh9GLYwNtc7v6KE243uGfWsky1IV62bYpPU4PkmZa6%2BWM2uAFvBSLB78aLX"}],"group":"cf-nel","max_age":604800}
Cache-Control: public, max-age=1800
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
CF-RAY: 77d48220cb070a47-AMS

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 897F 0
0 67ms
66ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022120701&jk=4482409417709231&rc=
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame BAB6 0
0 66ms
66ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022120601&jk=3464552633123291&rc=
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H2 200 2490514-2.js Show response
smarttag.rubiconproject.com/a/22554/435054/ Frame 8B83 146 B
667 B 134ms
28ms Script
text/javascript 2602:803:c003:200::51
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://smarttag.rubiconproject.com/a/22554/435054/2490514-2.js?&cb=0.3224237127484195&tk_st=1&rf=https%3A//villainessturnshourglass.online/&rp_s=c&p_pos=atf&p_screen_res=1600x1200&ad_slot=435054_2&rp_secure=1
Requested by: Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/ad/22554.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::51 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: f6914cddfb8fcc3e7d99864e104ebdb47934a357ef08d90f9e0acdf48433d6c9

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Dec 2022 23:48:23 GMT
server: nginx/1.21.4
vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: text/javascript
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 146
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 2490514-43.js Show response
smarttag.rubiconproject.com/a/22554/435054/ Frame D8BC 146 B
484 B 133ms
28ms Script
text/javascript 2602:803:c003:200::51
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://smarttag.rubiconproject.com/a/22554/435054/2490514-43.js?&cb=0.20338469737189668&tk_st=1&rf=https%3A//villainessturnshourglass.online/&rp_s=c&p_pos=btf&p_screen_res=1600x1200&ad_slot=435054_43&rp_secure=1
Requested by: Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/ad/22554.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::51 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: b507ba4f4d245b0e9c35427c3697579591f70eedab5f0859bc4ee46e9515c49f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Dec 2022 23:48:23 GMT
server: nginx/1.21.4
vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: text/javascript
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 146
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H3 200 GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js Show response
pagead2.googlesyndication.com/bg/ Frame 0120 36 KB
16 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

182e4ce4dfd537795577b12b9b19a57422a8b21815f5dd92ef8acb3fd872a19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 20 Dec 2022 15:46:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 115302
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16025
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Dec 2023 15:46:41 GMT

GET
H3 200 GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js Show response
pagead2.googlesyndication.com/bg/ Frame 5FD5 36 KB
16 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

182e4ce4dfd537795577b12b9b19a57422a8b21815f5dd92ef8acb3fd872a19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 20 Dec 2022 15:46:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 115302
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16025
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Dec 2023 15:46:41 GMT

GET
H3 200 GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js Show response
pagead2.googlesyndication.com/bg/ Frame 8848 36 KB
16 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

182e4ce4dfd537795577b12b9b19a57422a8b21815f5dd92ef8acb3fd872a19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 20 Dec 2022 15:46:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 115302
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16025
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Dec 2023 15:46:41 GMT

GET
H3 200 GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js Show response
pagead2.googlesyndication.com/bg/ Frame 4A17 36 KB
16 KB 64ms
63ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

182e4ce4dfd537795577b12b9b19a57422a8b21815f5dd92ef8acb3fd872a19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 20 Dec 2022 15:46:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 115302
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16025
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Dec 2023 15:46:41 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 7380 0
0 80ms
79ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CEa2-R5ujY_DYEeCt9u8Pi5mCuA7brbKFbuXupq_WEPPW9P0IEAEg8tO5e2CRhKCFjBigAauX-LcoyAEJ4AIAqAMByAMKqgTGAk_QJNCn-FjQLPh27Gey5wujSi2ZSK7uwBwu2FoP9742omhEQUJXOCx_87nrGPdGTF5UIUdAAG0ST3JxG9roLfVsSkd36LqUW57CGF07C9eopAqbEPc06JSC1q7r2xCV18Srq8NB_tjkborUHtCuL1SesZEXzvElWXRnEXEtNEwByuB_BggaaNHt_zwJieVcqflD2Lpe1SlmzkAWnNvA1kfVvUk3iBMjG5WFBt68YfhBMHhAJTLscEwzS3C0hs5zbk9kP3goPy4jcxbcP3i0obhciSoQmf1NYvjKXxcFzk2CjPCOXRQDbsFD8pIbo6tI2p1Pm1sideUTmUMWZc7Des77KCdVMZTHvogmy3yMl5y6xItekJfJJ2PRfB6hcItARTGHMlwVaW0JT35TUzxySex132rsssPUPCwBrEsBCQsV1ZsjCjpIwASV_4GglgTgBAGSBQQIBBgBkgUECAUYBKAGLoAHq8_IlwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHAxDwLtIIEQiA4YAQEAEYHTICqgI6AoBAgAoDyAsB2BMN0BUBgBcBshceChwIABIUcHViLTU0MTMzMjk1NDQwNDA5NDcYwYx0&sigh=AJycpV-bnWA&uach_m=[]&cid=CAQSTADq26N9X6eEM1u63TVF3yhq8ZRvZ2XB7zfQaw4ytPq307JI-SHEgHgwHMdUY1w_b4vM4kJL-cT78SaKlAXunebCXTIbDZGHE_AvWeMYASAT&template_id=5000&cbvp=2
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H2 200 1x1.png
secure-assets.rubiconproject.com/static/psa/blank/ Frame 8B83 156 B
319 B 46ms
45ms Image
image/png 104.96.145.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-assets.rubiconproject.com/static/psa/blank/1x1.png
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.96.145.246 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-96-145-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 58a617d2c88d378bfd267e2817e2228e82ef0c3f28d8ac3458b18af77335c39e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:24 GMT
content-encoding: gzip
last-modified: Tue, 01 Oct 2019 16:53:58 GMT
server: Apache
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 155

GET
DATA 200
OK truncated
/ Frame 8B83 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f6d95303362090efcbb2284448f63422f60662adc55ddf520f639217d28e85de

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 1x1.png
secure-assets.rubiconproject.com/static/psa/blank/ Frame D8BC 156 B
319 B 45ms
44ms Image
image/png 104.96.145.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-assets.rubiconproject.com/static/psa/blank/1x1.png
Requested by: Host: smarttag.rubiconproject.com
URL: https://smarttag.rubiconproject.com/a/22554/435054/2490514-43.js?&cb=0.20338469737189668&tk_st=1&rf=https%3A//villainessturnshourglass.online/&rp_s=c&p_pos=btf&p_screen_res=1600x1200&ad_slot=435054_43&rp_secure=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.96.145.246 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-96-145-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 58a617d2c88d378bfd267e2817e2228e82ef0c3f28d8ac3458b18af77335c39e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:24 GMT
content-encoding: gzip
last-modified: Tue, 01 Oct 2019 16:53:58 GMT
server: Apache
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 155

GET
DATA 200
OK truncated
/ Frame D8BC 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 359009092ea6b6e84b5b534ef6e51fde01c10fc6e426ea211de2786b0065faf9

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 / Show response
api.purpleads.io/x/ 2 KB
2 KB 132ms
132ms Fetch
application/json 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/?demand=unifiedPb&ts=1671666504126
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/load.js?publisherId=fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash: bb955e438072ca1d1d188f0ec1f6a50db7d1f37a9d1b311eeb4d067adc21c260

Request headers

x-request-url: aHR0cHM6Ly92aWxsYWluZXNzdHVybnNob3VyZ2xhc3Mub25saW5lLw==
accept-language: nl-NL,nl;q=0.9
Authorization: Bearer fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://villainessturnshourglass.online/
x-purpleads-version: 1.0.10

Response headers

date: Wed, 21 Dec 2022 23:48:24 GMT
content-encoding: gzip
pa-user-id: d73827a0-9878-482a-b205-88726b985759
etag: W/"96d-uUenxz9IaEv6ZDJ0J842wVSIvMw"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://villainessturnshourglass.online
access-control-allow-credentials: true
x-request-id: 6f8d2e1c-972c-4efa-a6ca-656c2c35b86f

OPTIONS
H2 200 /
api.purpleads.io/x/ Frame 0
0 103ms
103ms Preflight 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/?demand=unifiedPb&ts=1671666504126
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://villainessturnshourglass.online
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:24 GMT
x-request-id: 462e4e7e-fcbb-4ef1-9649-a7fc7ed4aead

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8B83 0
0 71ms
71ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvCM_xbgzUG7NUujq9azE9dowTuDby8zMHerN1miE9uPM5s1xOxI8GU1QPGGyyvfrLIugOJhze6etudBI8ABuzs_AKRYKdbUeyNS9XOyr9RNxyR0oVvIGQe-_hK6qs5SlLXZ3_HRYIxTMUHN59Bexhhgk-BUwMJ3ydH0G88vR_Jesqisasr_jwBC1CmF0TP5ZWj__VcACfToWwWpDZGHgaQZwb28wp3xCIbrXCfJmSRQcj6WM2_iSV4iHX5_Z4RrPIJm4gx-1r0EnOJtEL7-OcWC18gvxDiO7LndHIDbHCERVwpm1GIUBnPCo5T6wO9zkOTqOOzhOwPjYAuhtznqWdTD--wkp5pZWi6Wrs9vriEyYQrEzfGycgji6w4zlW_5OwCta7lq3iRBmOd9FMUmeMCm4pmcvTEdF8FTCk8UCIpAjpKLEY6TX0HwrLNAnq8xCTf8x1lbYzDR1LmHzA-3lF7QUAWlmwouRwNgO6K075k5KJ9jFfDDWzjHqIbMDF75H-knA&sai=AMfl-YS0zo6cjUwk4gROYZk1BkQzA8SlgccIbU2fLUUmdwIvEmhjw0VvoNSOG3R6auGy7_M9gyBAFgg35SHt7OWPJk4o7Sxo-nFYLsfjsXeVacFnlTYkoNzaeARMKdgi-Vbcq2tR2pzaXZElVXaTyXbIpQ&sig=Cg0ArKJSzLFUmEQy3GV-EAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:24 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 21 Dec 2022 23:48:24 GMT

GET
H2 200 / Show response
api.purpleads.io/x/b/ 2 KB
2 KB 192ms
192ms Fetch
application/json 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=5&pid=a6255054192044719ba7aa4045cb910e&sizes=[[160,600],[120,600]]&slotid=9873314e-3d09-4a7c-8db3-bac08282856c&demand=unifiedPb&ts=1671666504200
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash: ce654b6c4f12fea0ec30261d26e088b38a1d9e637ba021249edd012367f8558d

Request headers

x-request-url: aHR0cHM6Ly92aWxsYWluZXNzdHVybnNob3VyZ2xhc3Mub25saW5lLw==
accept-language: nl-NL,nl;q=0.9
Authorization: Bearer fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://villainessturnshourglass.online/
x-purpleads-version: 2.3.7

Response headers

date: Wed, 21 Dec 2022 23:48:24 GMT
content-encoding: gzip
pa-user-id: 60f5a4a4-69a0-4e3f-8368-884057f2adc1
etag: W/"9ae-HfxuTkSwrAIticAK+4XPkdMTL+A"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://villainessturnshourglass.online
access-control-allow-credentials: true
x-request-id: 6eaa5ca9-d922-43eb-888c-28a2c0e14f83

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 102ms
102ms Preflight 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=5&pid=a6255054192044719ba7aa4045cb910e&sizes=[[160,600],[120,600]]&slotid=9873314e-3d09-4a7c-8db3-bac08282856c&demand=unifiedPb&ts=1671666504200
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://villainessturnshourglass.online
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:24 GMT
x-request-id: c73f0089-bafa-4bab-91e0-811bc195c33f

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D8BC 0
0 71ms
71ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuspZRctyZqq2aFSS6EBuL8aI3LxFwgWGqabq4ow63AtJYhzMk0M3ka4t-N4ImX0Ut_qKmBWjsaADK0XAYzPwiA1yBUmdv8qCXfwzYYvUykDimtHY3qTe4050WOYqlDZXZoIcWFa-C0CY0wbl3caL1p9ynqFs1kE_6EmmnU6Ct1X7plBxSHKCHwR-u0vYc1B_WXbZ5T6AfbWHrqjpq9VHE8wFwIY2TUxt6P_PBw1W9I3GNTvf8Yw6ODgVHg7ub50CKn5Rmo2uLCTC70zAzZFiss9PGNNiDg9JXB2xsVdx-6S17zT1Ic_1krm6NJQ8NhqdTbUkZCDdiUZpJDtHB6CzBaSBrPM9sCAMBroDoBbKm14cvCpVFMjDyIRKv7sFcbc2No3-lvOxmi1JmhlB0FXWfJN_MKa675jxnVC48ZBCVix2dq7JTLspCYRp2nRu9OXFWJw41wgSiFnh9nQb04effcAsTKZghl5TolkFyjlCu45omZJXohq0oeNV50KBHsKj5qnA&sai=AMfl-YRjtxeeccVHpxacv1OUsiQ0eaKgaibMfqf2TpfYwiv4jUcxZejFeKqS9t-9jtPac6DaN-auSxa1Lx-16JWnEgix1Ahoap_PXm2g17ciTLvlq-88ByG-oZRNCD5IAKgmpFk8W6Bl43nZHxsyy3JW-A&sig=Cg0ArKJSzNdBJI-gjIpKEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:24 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 21 Dec 2022 23:48:24 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 5FD5 0
10 B 58ms
58ms Image
text/plain 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?4EIwTg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:24 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 0120 0
10 B 59ms
58ms Image
text/plain 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?2uc4dw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:24 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 4A17 0
10 B 58ms
58ms Image
text/plain 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?OX0WRA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:24 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 8848 0
10 B 58ms
58ms Image
text/plain 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?AXljnQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:24 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 1183 81 KB
27 KB 51ms
50ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f9220bc792ffc0a11fa1dfab1a30988b6bd4bacf1f9a9b437dd621a2e5873102

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27666
x-xss-protection: 0
server: sffe
etag: "1428 / 641 of 1000 / last-modified: 1670587582"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 21 Dec 2022 23:48:24 GMT

GET
H3 200 pubads_impl_2022120701.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 1183 382 KB
129 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120701.js?cb=31071257

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2f8c7997f52d388163a69b8832524663fd4b607f83cdb13ed9c6e928ad71fac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 09:02:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53174
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132289
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 09:34:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 21 Dec 2023 09:02:10 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ Frame 1183 109 B
94 B 43ms
43ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=villainessturnshourglass.online

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

82613693f5ddb7fa0f78e558edfbbeaa939dffc936c57630108a46f5d8cf71fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:24 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69
x-xss-protection: 0
expires: Wed, 21 Dec 2022 23:48:24 GMT

GET
H3 200 integrator.js Show response
adservice.google.nl/adsid/ Frame 1183 107 B
122 B 42ms
42ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=villainessturnshourglass.online

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120701.js?cb=31071257

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 1183 107 B
122 B 163ms
69ms Script
application/javascript 2a00:1450:400d:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=villainessturnshourglass.online

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120701.js?cb=31071257

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1183 17 KB
9 KB 252ms
252ms XHR
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2495026100543775&correlator=2394227236952283&eid=31071151%2C31071257%2C31071159&output=ldjh&gdfp_req=1&vrg=2022120701&ptt=17&impl=fif&iu_parts=21902364955%3A22652385948%2Ccm_pu_villainessturnshourglass.online_arts_and_entertainment_top%2Ccm_pu_villainessturnshourglass.online_arts_and_entertainment_btf_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=160x600%7C120x600&ifi=1&adks=240754757&sfv=1-0-40&eri=4&sc=1&cookie=ID%3D45b1ce09ecbc4160%3AT%3D1671666503%3AS%3DALNI_MYvqvA_tywr8l5RcYa_wscDJMPpuQ&gpic=UID%3D00000b95d87b80ab%3AT%3D1671666503%3ART%3D1671666503%3AS%3DALNI_MbrF2PDH7DqaM1LIS1o3ueHg8qG0A&abxe=1&dt=1671666504700&dlt=1671666504530&idt=158&adxs=1439&adys=100&biw=1600&bih=1200&isw=160&ish=600&scr_x=0&scr_y=0&btvi=0&ucis=k5jww4me50ap&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=1&url=https%3A%2F%2Fvillainessturnshourglass.online%2F&top=villainessturnshourglass.online&frm=23&vis=1&psz=160x0&msz=160x0&fws=256&ohw=0&ea=0&ga_vid=526885979.1671666502&ga_sid=1671666505&ga_hid=216675113&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120701.js?cb=31071257

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

80fa9fcae601d6a3abb99f1ccd9fcbcdeb1b8a4e726ddf267e94c82e127e9cc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9602
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://villainessturnshourglass.online
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1183 15 KB
11 KB 166ms
48ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120701.js?cb=31071257

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

577a7909daad048eb538bacd2d4fca66157a6f80ae60d976f5c8f8dd7450c467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:24 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11240
x-xss-protection: 0

GET
H2 200 container.html Show response
7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3443 6 KB
3 KB 103ms
41ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120701.js?cb=31071257

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://villainessturnshourglass.online/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 23:48:24 GMT
expires: Thu, 21 Dec 2023 23:48:24 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4CEE 0
0 71ms
70ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022120501&jk=4262348326518811&bg=!wcKlwobNAAYgquz3AKo7ACkAdvg8WkPUxyR_tv6B_Enu-iRDgGcLquI-u0ol_YoWvDRvWolKmRp0rAIAAAFfUgAAAANoAQeZAzOxJWWTgYEuEv6PFg5AEhuyUKKL1-vyuB_3eAmC3UzVVAl54gp-ZquiKPrHXOFnePPMO-I7IuS3QwY_AKEjxey6dAgV2jgxJXtI6xeGbmAcwa4SmkBWTF3nMilHBhzB1HzZdU0Gl-L3OLsM3cRwXaTyR1KbI_fjS_CA5rUwJX_SuwpATla7NFEE2B7xGgzvSiwiHRF7JUJiO5QSgjDx_N6uT04_9vHcJTU7DINieolRA59T5CWDSQ2p6L2g4PfKmLdyPUQ13H9n6bRCbjl3rSJvq0gHEusynw9qSgt4rTekO1eez5-N6eKOXICSzB4csNgOipu0tNTB-RpSMGwsoJP3YwBSjRmVYVKwqZ4JtioIBggX1saDu5P2hVCLDpimFd1wR79xGzz4KHdX1iNetC-qiOJGK7mq_ig2x7WjZTtdAZ_rg2sjt7xGiMkoaTuZcJulO4id8dGVYr7VI7nj61KCqZJPmTNQ9-ZGWwWr0BV7lm0ss505ynNC5AbWjU7SCLc8pxxyM7geyW37fKjQX-I7NNbImpBJlgruoAxSdpRANOWWxGyPfH4A1H55vVAXZbqxX9MV9xo_dNg_lDclMZfQKgz-W4Bos3WVYBcL5rsHbsob300Jmx4H8HLWbK3u4Mj3rrHU319efOqVYhA_08D4LrhqbOMWA9k5qq6qvoctO8EbXnm8L1BfRP8GUa2C--kf9MebZBdQgnhN-ET5jZIKgMWKNd68ShdOc6auJqqRVldyceQQMLQLxaARAGOt5gPkc33IPRcV0zIMWST8DpROnx1DpLLU28nEnutQkVHz2FYzt6jrgFlM_GCxvGLHZ6Bgov4FeZp6tqct3k4ljLJKEN__eajr40diKHF3QpZVehejVMMjuF783C_R81P-MIDfJuMYzVGYzMp1N7rlNe_1zMGHV5DbGenrIuVg79IRM0374ynOw31FlOQKnbSo76lQQiT91bl7P7SgHDL8_76Ym3bY8oJYVjs68nJrzxbWH4OIK8ma9EwVzjSmY7hZuHm2j0RKVdonlxiKE-COu221amTCHZyWpxbY2XLfMR9pA0hjk9ucG_nGDz4vAZzcgjk-8gc
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame DF82 0
0 70ms
70ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022120501&jk=1870840456077220&bg=!iYqlis7NAAYgquz3AKo7ACkAdvg8WgMbjvmgVumdFtIhjkSXd4lriX38tBpJSPJwLjhU1DvlmNTG9QIAAAGHUgAAAANoAQeZAwu0kBish1zZQ7WphyY_IWC3SfSU2bnfI3u8VjBk4dnGbAdIE_j1w3LoCGcivREO_M9Ydp_NZ0LBV9xSdeB0AMQs-wPEUQQCjVrifC5Vg_YuqYD4lI8NKNuiM-S2NJhyBAjcAwWtvuzZ4qOAj4_VU0F4bHHDcj9d_4XlsPGSBTVMKZyNgFV4fjEFWbTE67q3GZQ2CVScWn2off1uz0oortoeAroY5ZJoyYzNAthZkFDQBZ6HtqDP2jt3VSjz7j_MnR6cWOnQ_LcLhekPwZwJagHLoL9h3KM9wNtz-EUtfpOn7_JKjFUZNi2PUwjPI7jNy5cLAKLh3KVmQ6-QMRpbEmwcu8ufiipArlBi0bX6VaWa1Zu-GoOpo8SmiapTBJ45yU9U8pAi6jJ0hLkpj8N6m-IY-UkKqMnZNkipWJkx8FKWGJraxzq117p_ic1JZOcVyCsbOTIHGd07fXH4rYbVXf6WOLt9A6u1GiNSVPjw3YVkx6nmcuCb_0OzkK9mhreMpdb1V3bdtsGgOKe_sPf1_rmfXwJ29NVID1OH7BRGanKE-ETHZyzN7wjQpsuwG3jvRf7DfoVnVKZMe9jbFUwOH6BHP0SqJKU8JIIZOwrPdoJeqWtllkge_QOmQ_4h-vNZewWQkTO2TEvumVWRx-Pdr56NMDupb1Us1k8cua78ZF3Cu599tBew5152D2fF0PqiOkBfbElUc27VdAwItdA4g0unsGPC_2ExTzs6xuzlYV-w15itasp8CYyrwaQL055jDxGjVL89Vff_6DHW9r-bCr5fM6qYTXCU0BTFFSeBLo_wSCVSAnaK1tYOKbA1BMaI5RSS16xl9nnyWO_GgEn3X_LMh0GCqFBJKUUNcOuPjCe93Y8Kw6-1zZXk4jcnGjmqspWorX1tPPF5rAZnZeaR-KuNbtAoYMGCu22V2Or3XzJnWD8El6hLQj6clPO9jLH3_NLeYXZqp6-1NqrP41km_fLbpZLz6wTxJmdboJ0r9nwmrSFWfRelNZ4-mlC3za_AerHvcAXk6zQoaqlhCg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E060 0
0 70ms
70ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022120701&jk=4482409417709231&bg=!sbKlsvbNAAYgquz3AKo7ACkAdvg8Wm7XNod_yGv58STHyNQiAweRd7lQ49nntPxqmelbPzdnwEo5OwIAAAEaUgAAAAJoAQcKAJNidUHcyYN-Xj38UEbdwd18obmNTHvJ-TLMhZGDAeRIzj575l4MRcnzCqlyuYyjGImW2q61uhUbUt5Y-jn5q0Wv8I7iPyK_363h1hs-Rq5d5gj99u-JMGjLb0bDUHs9iqkaydDKr483aqMTqVEA9qnaCsrrfXH4amYdNkXcS-2SMrDNw0qsIh9BLQzP5RUi9wpmVjmZAwIXIJC2hdPjHXWDuFl2hHzG37OkkEdKVe0e1Qa3XBv0laTK7rEWD9JhWDzhDK6Iq14jCkLtZIcS9Dj6UXkaXF-QUx-sffY8uvKVNb8ZnZTw_EjJKf6JsTg9lx6VfNQOkqkhyjOKppSMZNDxU-aUxpt6sd_ugbN5LBZekcs4iQ0jvHp3V1QIJqoGPcu9j9LrAEAI7E16LXhku8-_LzqjgSludO71BLTKR7iC-E6sDwt7IWnZNNJ0wqI9JBnXJgKhin__wKhkgPSfLVllKS0EcWJWQi9xC7mNDXSghXsPmpBVFYMP44AGeD49zz33eqav0RPRYYRD8Du6yNsm20jzSdnSCyeIR--LIL9XjIP2gd8JUClKA5GqH-yRa6eZyIbL7GTMG9RzhNe8hav1LGvptz_EK7aLL5rRUBz4IYd0RU_0h1k3EzPQFhRuSBzVUOZRFs2hXIMWIJ3wH0W0sDP-LConAO5jVk9YygbVlWoMcY8jXVr3Zki5VqBV2h6A-AyF46C6GaW8YS7Irlb7LA98XDxBERRYGhxcZFOeYJgOxyuZ8CJDsUuLl-Cv-7vua4ElOSYl8XJvd4bq6LViMnFKDu54yC7gJwknWHKqtzUb--bPWG8k7bnpoyfpiP8KEcyId77ICC3TEa0lbDKyJEhdikk2ksGKN1hzlZkR9bEDrNY-2M6vrateKcBajh93YoUZ_0Tw93QLZ8ocFikyjxa_WAxpyw2CQHbzMvHdCDzyA2LZQSU6n4I4CgWCJucaF9z9PHmtnD3a0o4rh0xOX5Pl5OT-PBOdBRUSZj7Zet6RMEH0IImnuVAUP1XySZDHi5SsLxYvlvtAuiwnHx8IYaFm6tKcjF1RmQqSoqKMzDCrBXGh0JyThvlMpjXJj5rm5zDmNL4rpV4zNyguO3WhldSrmgeqbkUArDyalQXd6bK5zqAKShdDnxEtUouh0fCBqp-A5nnfSr0sXRYdN3y298ORKlDzD-F9dYo5fnwG1pgk7-d3Uo2u7cnbp-bBebXiPbC8M3k9Fg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F3D7 0
0 71ms
71ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022120601&jk=3464552633123291&bg=!mJulm9_NAAYgquz3AKo7ACkAdvg8WkGjXDZvZjw17tITg_drMEDAmIRG1JFmNh8STT5bHvOhW49bFwIAAAFdUgAAAANoAQeZAw72NWQkQxKW1aryZQIuPQbt-C9wsflFNt-SqyiJyChJhf5KKTLr_MaVYMx3PG1Ndp0ZinP23C_y_tb0aw0e9JcFIsgAqC5714TA0NDf9OSlsKJ-gAiLHBr_xceCZI7RQGm10fZzfR91HUsBP6upPt4bC6I2EPRcPldqCRq5jqeBZJ4RIH1bgAWpJlsyFh1xsrnVG6CFQzvvySyDlCywE1GbagMmq9VrJYNbW0SdlMVNdtYqEymzeEXmZuyMA63nHaJwt5JK5ZMZENiPDpS0BCMvv6jgxt5xCN0KM26B5TCYytSTpoP6c60aO_QyKSf10qjoYhFLazCBxtjf8IVwNf8IgPvz9Khzfuddp_ODdVcIeJjEi8LCR5K1PSWtNWKtMIITa0b544bEebtEFLmljurRs1FZriM13IP8t3t--oq0NseVvcYSvcQP_pVVEZOS5ICR3JPoZMePaKQTi3GAcSWEy_wh8nAlcJNoO9QEHLxGThD8Gc3vNI83i1VkHESd5DUD5rVppys3lWoLuoUM-HmBaLKR7TtZNIf68SJn9cROvV9WNGjv-scAJFo40nCgFoQXYeRlz-ZinaZAAQc9qRqO_VENIyNVgw5NMCYhBb7xA9kjXHdnYjbFSQ2dC9if86FnvAfJ6HRwH2Urg6Ks8M6zCw_b4EuiHyWezQvkuUMjZauksJ6LA5pFG4uCvo1K7lshgfQN4jJL-10vRsYuXGRHp1BJaGyEwoD5ISfBDdrj3bR7plh6lrTiKUGmksCSONTvuJHC5m2K5qpwlYkYxN99qLr3E2wCUkaS0miRZTSCOv6McsNgxKiM0gIEChZzKplG9YMEIgz9shWbWOmbHYbXWEs_EuMZai_WgNXyOkpoXye1OMSUcNzDbSZHQWZZPTlTJvmn-vfrXSUDNiN9Sa1-BTJJAadMXZQyJrg9frg8F6a3VL8j0xNd-saxvi8MoCxLssYLdbmTcjoWaEu-3dwLro5Z6Ppz-nAg0BYIKWyU4MFRkFw-WHrTdrV2agKex2ZyEoYTyZ9yS0XGnCPbxg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1183 17 KB
6 KB 67ms
67ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120701.js?cb=31071257

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 21 Dec 2022 23:48:24 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 4EC1 42 B
64 B 72ms
71ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsspRiSkzuKMp7ISl4oFq-OCBW38t1npCSdr3fhSfwsWhphmJXOmpSmb61aRSk9U838nGkFtO6cpoxOSgywPJ5J6O9UtOi438felpsKZNGEQ1infceHQlnXMFCpatOtw1rgcakOtKw&sai=AMfl-YTJQGxz3BdWWlbQRz3zCldlp4fdkMArrvKqGuP4xd4-ISRFGGLKGhRItON2cxYW4dL_j5OE1Xms9WFZMsHbYIM9msDjhlnpKlAC-n8XmODyfaKaHmXIdKiECK-pybOG8u-q-EUchzcPSdgtv8Pp&sig=Cg0ArKJSzCtxRBMgD2dFEAE&cid=CAQSTADq26N9SGaR2grGjMYAkyAOoP6zQ7De20YLsCNFRUkIAZ_4ptsUezji-rNq7xRkhQn8xVRFe_yzhGMMyXl1flMAQQ7Q5S1Zq_TmDAUYASAT&id=ampim&o=276,527&d=728,200&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=419&tls=1419&g=100&h=100&tt=1419&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Dec 2022 23:48:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 6292 13 KB
5 KB 60ms
58ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://villainessturnshourglass.online/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 7413
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 21:44:51 GMT
expires: Thu, 21 Dec 2023 21:44:51 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 26CE 783 B
535 B 48ms
47ms Document
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fa59dd8d79ea705eb0f6aa48e64d15556d5818e0ec2e0847dfb5539c4dfc1e60

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-3LLRexU37XyinHeIYqHOCA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://villainessturnshourglass.online/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-3LLRexU37XyinHeIYqHOCA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 23:48:24 GMT
expires: Wed, 21 Dec 2022 23:48:24 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 container.html Show response
7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame DC30 6 KB
3 KB 105ms
33ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120701.js?cb=31071257

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://villainessturnshourglass.online/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 23:48:24 GMT
expires: Thu, 21 Dec 2023 23:48:24 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 200 i
api.purpleads.io/x/a/bb79b59a55928b3c95a7c593b2e6826b:ebe66ec839d863cb026f159fb328b8cf3ba9d1e3a5c47e0c92d521387b9843285c0e68de3bcee82c2e45671a53cd5a0e7f5520b0be31cd75efcb1ccf21f4521fe54c4e69713f103... Frame 0
0 119ms
118ms Preflight 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/bb79b59a55928b3c95a7c593b2e6826b:ebe66ec839d863cb026f159fb328b8cf3ba9d1e3a5c47e0c92d521387b9843285c0e68de3bcee82c2e45671a53cd5a0e7f5520b0be31cd75efcb1ccf21f4521fe54c4e69713f1033aad6b5deb306d3956c4850e93eebd344608d32add83151a945e9ead2209dccc829040c7f32f070029bd81b540abdb7014f099b7bc619366c0eb38ec714250530c6592c362d5785ae7aa1d9c7a7a5d95f67cb920cab34b177/i?id=6eaa5ca9-d922-43eb-888c-28a2c0e14f83&ts=1671666504976
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://villainessturnshourglass.online
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:25 GMT
x-request-id: 1706281e-313f-4735-9855-1da18ae82ed4

GET
H2 204 i
api.purpleads.io/x/a/bb79b59a55928b3c95a7c593b2e6826b:ebe66ec839d863cb026f159fb328b8cf3ba9d1e3a5c47e0c92d521387b9843285c0e68de3bcee82c2e45671a53cd5a0e7f5520b0be31cd75efcb1ccf21f4521fe54c4e69713f103... 0
0 187ms
186ms Fetch 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/bb79b59a55928b3c95a7c593b2e6826b:ebe66ec839d863cb026f159fb328b8cf3ba9d1e3a5c47e0c92d521387b9843285c0e68de3bcee82c2e45671a53cd5a0e7f5520b0be31cd75efcb1ccf21f4521fe54c4e69713f1033aad6b5deb306d3956c4850e93eebd344608d32add83151a945e9ead2209dccc829040c7f32f070029bd81b540abdb7014f099b7bc619366c0eb38ec714250530c6592c362d5785ae7aa1d9c7a7a5d95f67cb920cab34b177/i?id=6eaa5ca9-d922-43eb-888c-28a2c0e14f83&ts=1671666504976
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

x-request-url: aHR0cHM6Ly92aWxsYWluZXNzdHVybnNob3VyZ2xhc3Mub25saW5lLw==
accept-language: nl-NL,nl;q=0.9
Authorization: Bearer fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://villainessturnshourglass.online/
x-purpleads-version: 2.3.7

Response headers

access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:25 GMT
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
x-request-id: 85f8b879-9b0d-431e-830a-58e9dc817f73

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 7380 42 B
64 B 70ms
69ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst7vj2WlmGWHZ0kBflBmKVdVOdOvh_ZQL6llfuvtPCwiozIroz7a1kqTP5QMnyiCZPAyqbdnwy1zgcwX4BAPBICfM61_UR11FxRJS3XRcskYwGkLQYFhDx_yreVl71W_sVzDjORaA&sai=AMfl-YSZMJzySeEqwAyOs92wu1_YIbBk3aJT0tLxPZ1R0c9oB-V60bvRgH8nk9gXy9IutjNjMMVuMEqKwJPabPrw27wW_ypY70-s1V1eNGGAF02qKPBVA3kY8Ex5Ov0tW5NGs8RQktIgRyYh1T_17LNg&sig=Cg0ArKJSzENDZuYTZSo0EAE&cid=CAQSTADq26N9X6eEM1u63TVF3yhq8ZRvZ2XB7zfQaw4ytPq307JI-SHEgHgwHMdUY1w_b4vM4kJL-cT78SaKlAXunebCXTIbDZGHE_AvWeMYASAT&id=ampim&o=1,100&d=160,600&ss=1600,1200&bs=1600,1200&mcvt=1005&mtos=0,0,1005,1005,1005&tos=0,0,1005,0,0&tfs=407&tls=1412&g=100&h=100&tt=1412&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Dec 2022 23:48:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 26CE 0
0 66ms
65ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022120701&jk=2495026100543775&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 200 GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js Show response
pagead2.googlesyndication.com/bg/ Frame 6292 36 KB
16 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

182e4ce4dfd537795577b12b9b19a57422a8b21815f5dd92ef8acb3fd872a19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 20 Dec 2022 15:46:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 115304
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16025
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Dec 2023 15:46:41 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 3625 624 B
670 B 210ms
134ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN8DELWUQxiz8t_bATAB&v=APEucNUwGarhTl_qogzKuVZ5UFI2eB9q_EzlnlOd2sb-C8dKROZt3hHyfxGNHh5NGd4x7B9tBDrHeCAyxuds6IMDgF_HCoD_n5pQEkgdxX5mXZeqiAgTEfhRSqZi_M2PwaMRJi_-UTWpnrRLBwxi9KZTOK4Pg09rO8Jc_pVmpUdeF52DrYHhUDs

Requested by

Host: 7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com
URL: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 23:48:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame DC30 68 KB
33 KB 236ms
160ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A9LxWMXMXCUn6CpSOPjwbiyeKCKtYZCR-ABlg8-bP4AJiZ5oKolzMa3XSWt6u6yjrUAHJS6XzTjidpeI5WNofIMYM5Fw&cry=1&dbm_d=AKAmf-DBDkngG9un0VkwemFW2ll_2xDEMPZlbqtbcJjcBIHNAxFtIRTO5Z-KkAHjerEcj8NSpyG9so97H50sHR1BH8QY5dulvRStJ9-eenhznsPe5XktRSrtu5MRpKi9lGY6G3AAu6U6s2ym6RTGTS72bVFDsXhhvtdhjJ6hvNbtCm5t6bUa4JMU4Y86Sy0lbpHDal-M_rLfRdXTuUX4dmGURM13IsI7289pRKGKQLeXzyqB2jV0LUdBR5RwUBf-Bvs3lRvfInb9t3DgAiOob3TVJEhyhav_g170WAPwMUgSoyQScx3eLdRrNg5k0KrKIARY6LSAWEr32658fpCRGaj0qBOOdwGF2gR9K2GR6AP7fyNlwQKcWhukgFgG5KCbChyx3PbWbe0bTPUgIpT2J2wErsR3kT3FacTEPjVxt4Im5SP79feaRhiUA3zPAE3QOsGUnWHimv5xAplkBa8TUtX3jgWEqzuFEvSe0L77lKf9qm63dmXcjZZpFC3QIG0YWAru2ufN7sHm6BjlyEE-mimhZjDUwD8EpN2d9Y61rxiDzLdXXeK4k2pqicCDWhl_XX3AYOXrPBzsX8m78gKxvwEsZLonCs0lb56Ka47XW9H_SayvR4XTRXJyJ7Xusa-HQoLvyAb0k4IuoxaI8djPYQ_aBxi82nqciGBfl_W9Vhp1YopbMTKWeml8xdZQJtveh5P7oRsw1EZ5iJxpiB9YjnErI-yyQe4oa3jzHb61McBMmzHAdjIPbYgzgarI838oc8xT-CzuT_6LtvHQHhvdVvZD4bDOvS3jmWHOFm7nUpjNMEKZ5Vt1gj7dJuelgo1wttGm4QKiMK72ynHq5MJ84uafkmaJQ3wh7y8sPff3Vh6oohx0io2WLfMm5kr5OmjvKQ1jkblZ96S1q2iTaxpnrrt7q25MK5xzY4EJ8IcKrdfeFaRBpugtpK9WH6owSsZ1oisur9UdEslWhMb4_j8-OVpPe0KTIbFIxiQt76Pml4YyR1jLdgEZcty7YMU2QyqRHPsQnv4zOrDGm3JVBZkwP8ecBw1FWcoQEKeNmM8ThP55wGwp0-fsuUta7XVYwBiqfap6AFlbYg4TtN2WdFsUoz0W75HQl-VHQBAuEy6ZMFuhKHjIjH-jmaAPuNW3g9orqdLmCgXih1n-PUarFUDu7cfBxq5t9Y43VCd88HSPH4W5mI1kLz6zJ-U7yOz39TClxFyz3FHqBRRPvEmg8AtzMsqE30UvfsBQeIQ7bsleHz1GBW1frU5CA6ep3Oa5yZPHUqE34vKXX9WQDC_-TBXkBpIymzef7uJrDermAOQbVekvXvlOf5_jay1ApFFHtKsSfRPJ96HqkRJULvq9B0JpYvZzH_cag1YlhMbBeszi4Gmfo3cuF-kriNXZJ0-UgTZWXLVPJc7ojoXoMIpKqAaHFcFEXXDjEIUVXwqgnQRIKX8rrlMH29FYRqpZsrVmJkIeCI8w7VDWoMYDZTzp_FTDlXBRnBKGORpTEOwwm_H4N9RmJ8G-wgEap9bMc09rivp_E0ffEVv4NLr5F7qhIA9eT_QeZXAontuhQf3YpR6uAoYkBnFTpKQvkQErhq9fK0-QQO3c_raoVIFceWED7G9XHK68Mb6o3AmhAbajTBNzJl0FgVMN1XcofBiywWwSgHekSu4DhmuKcN168o1TLGsWP-8EmLiesysGvrq6q9uR8fL8M5NzCwUxGlXD1vWPgmxmlJjr3xXd-tuepP-gsIVVAD_buZqV07rHCHFTcVF1yb4hjYm00n3tMICL_vM3GbF7k9aCJswLzJwWOsH_7nbYuMALHWKFnGoMq1YY7XwNqWSgefrtVFDkfDptpUlfbl1m6Jw7enqpczb5frDMR2NR7_h32L74PRH29c5eyFbi5Aw-66Llzqx0SCt_X1JL1Rzn6BT--qDAeb_BVuFap3HfZRdyrrFNXm3NapbRcVZRPT0tsYhkbf2hZjJ1QrR6ZoWw2IfHQ5T3iIJ1jPDxY3X_HMmvrKJ92ieg0Voe9--0vE9EGS9OXGT0n17QlYQUyD2rp0i1DimqT1ccUhHS6qcyDUGv5IQQvIvXmPa8uvkgtCYKLbPQpqz_hMc36A106hQbwmmxJX839igzb5ykTzz2AOshnh1gSBZRypnOGJUg3kAy5DHHaChOzpkzpTtNX7DPw5uWIMzXcpd97p4ho9wC41qGf2hmqP5DVgM9KZpV0qLvsOh2TjSjIyXdXAM75E0TEE_nbNM2tAG15kbPCuxf8L1Ecvs4Lz_5Ln7614O22H7L5_NEds7MBF31Dy2IA85bdvwmFiGG0NhGFfA5FhijxJlrzOgwDcuhDcSWH5Ka7uNsH3owJpUNPdKrEoEq7uJkhPjHkaAzyfbOGEu31sRYDy65LMU47K3SJLLb_Q6rqu217rC_22iINDiXzFdzaYqfBYUQytSb_OclpCiPjZxzfHW4kLzRseUb--Hp8O74-pcNv8VHeQH1v8_f6k12wv6qhHdBLZL8bIJ_ipGesnlBFInVXUACUYwL50yOX-sisxmDR47qNPAxBeBazVnHZKlZAozWrZ1ckkA1KZdabvObWSLr3oJ0m_3utVsNatiMRreuS8WBzGc-6iDmi2Coio37tA4T3_InNjz3_GpYoYh-ptdtlfffiT9UydGc88TpVKf26oDfiIYOWH4Fn9uu47x6tc99abpKQlEEMJ1bC3bVvMQ12BVOiorUd0s65EDkPEaJ-fNIQgX5H4ODI61fUtBZx903ZN1SaZffOKP7Vtq-Z8AJ-fdlKAo1_LIzuicynDdirzTxF8HSjBpbQk7xl-AuAqRIRnv7tRQ6XAHu_MKxnEaKSH2EQpvRWUJBskYPU8LwVZaGJmcIb1c8ZsM6YH1r8teJv2Vo7g9eElRCERvaIYqh6GXlihIS4Q90zRbQsP8tqe8_usJTjr5HEtiRnNnoc06w5W_MPVCHnsk0zWtFz6SFohRUByEJNh236GaJWb8BD4fMEOMPjuKzIHNmgctFe-VoUuDJwBB_qRqzUQ8a6Mvq_5l50NkDXLweZbTWElwJZvklj_3h-HtiSIpDlJdLmEg1jExp-dePwKr1icBQHT63HhJJKgBOElis_Wsj5F1rYK8AJUz3rhVPyDP1s67WVlzJ0qAYv0VWfgVlVG4p6_cl29X3TYGzgpMMADllrbkD1jIzi5OCvqTrP882kr0QnCvHnjY_QQLb6fqUbr69p7aWpHUsnqy4-OT-NCq71C0mdBr8ILM7O_1w4O930NacH_6axABv0xuT4EwB2wfiwc3LW12sBznnjJ1xEBSfIg4ELOqmXgJOp7unCMkqrapuKtJpzgv9V9FcBqW_FSA_MSs8iqY1CjY7OSxTz4IZ0G7CNaNsk7EnJwmT735v-IW7DdnNVL1HQxvN&cid=CAQSOwDq26N9Akxf2aB-yqcoNREVToptb8Kp2X6iXQBmbjGu5ahEf5KvN5-YfVVBk5xzya2mjaQ7H5chyRk8GAEgEw&rfl=2%2Chttps%253A%252F%252Fvillainessturnshourglass.online%242%2Chttps%253A%252F%252Fvillainessturnshourglass.online%252F%240

Requested by

Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36f3bef5786bd96f7849517c5d10b734ef6788f6e90cde8febd2d681af8158ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Dec 2022 23:48:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33559
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame DC30 42 B
63 B 69ms
68ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CgLmZS_5aJd3uX6K-c4o2za9PZudjrRj8_Zop_MJJYPF4I7hf8j-E9Znm6NO4kPsM0kdDlgboeKOMbt3RjDomx9NVh-ROMtgC9QejPRboeyAuVBjs

Requested by

Host: 7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com
URL: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Dec 2022 23:48:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame DC30 3 KB
1 KB 190ms
188ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/window_focus_fy2021.js

Requested by

Host: 7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com
URL: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 15:28:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29979
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 04 Jan 2023 15:28:46 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame DC30 18 KB
7 KB 189ms
187ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com
URL: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 16:52:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24980
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 04 Jan 2023 16:52:05 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame DC30 0
0 41ms
39ms Image
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ5UGhZkw6Lnwdr-cJSR9qf-541jJ3HzRiIaO86jMLVcV_DJRhRmo-kzsYlvJMlYvKk3CJyeR4YLW5ybRplc9os0-G62A
Requested by: Host: 7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com
URL: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DC30 153 KB
47 KB 320ms
108ms Script
text/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com
URL: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 21 Dec 2022 23:48:25 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 6292 0
10 B 181ms
180ms Image
text/plain 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?qKFhRQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:25 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8B83 42 B
64 B 134ms
134ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss3umEHvfuRt_91xBW1evobJXg0SC5cjzmSrKyRal2eABM_iOsgVE65T_8cuI93lkUxRLpDCwaBhoc9k67r_HyJiFxU7DG92iL54iq-J6_MhjliXJ2N&sig=Cg0ArKJSzCCdYl65NkABEAE&id=lidar2&mcvt=1000&p=1105,436,1195,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221207&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=3514055143&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1671666503599&rpt=581&isd=0&lsd=0&met=ie&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Dec 2022 23:48:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 3625
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHfP6LMNl4mskYLwpRIbUzA&google_cver=1

43 B
766 B

33ms
32ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHfP6LMNl4mskYLwpRIbUzA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN8DELWUQxiz8t_bATAB&v=APEucNUwGarhTl_qogzKuVZ5UFI2eB9q_EzlnlOd2sb-C8dKROZt3hHyfxGNHh5NGd4x7B9tBDrHeCAyxuds6IMDgF_HCoD_n5pQEkgdxX5mXZeqiAgTEfhRSqZi_M2PwaMRJi_-UTWpnrRLBwxi9KZTOK4Pg09rO8Jc_pVmpUdeF52DrYHhUDs
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 21 Dec 2022 23:48:25 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 21 Dec 2022 23:48:25 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHfP6LMNl4mskYLwpRIbUzA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 3625
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y6ObScSgmLtA5PsXtXBcxwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHfP6LMNl4mskYLwpRIbUzA&google_cver=1

43 B
894 B

33ms
33ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHfP6LMNl4mskYLwpRIbUzA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN8DELWUQxiz8t_bATAB&v=APEucNUwGarhTl_qogzKuVZ5UFI2eB9q_EzlnlOd2sb-C8dKROZt3hHyfxGNHh5NGd4x7B9tBDrHeCAyxuds6IMDgF_HCoD_n5pQEkgdxX5mXZeqiAgTEfhRSqZi_M2PwaMRJi_-UTWpnrRLBwxi9KZTOK4Pg09rO8Jc_pVmpUdeF52DrYHhUDs
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 21 Dec 2022 23:48:25 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 21 Dec 2022 23:48:25 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHfP6LMNl4mskYLwpRIbUzA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 3625
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPZvO0Lct7VhvfGI4GAMM1Q&google_cver=1

43 B
1 KB

26ms
26ms

Image
image/gif

185.89.210.82
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEPZvO0Lct7VhvfGI4GAMM1Q&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN8DELWUQxiz8t_bATAB&v=APEucNUwGarhTl_qogzKuVZ5UFI2eB9q_EzlnlOd2sb-C8dKROZt3hHyfxGNHh5NGd4x7B9tBDrHeCAyxuds6IMDgF_HCoD_n5pQEkgdxX5mXZeqiAgTEfhRSqZi_M2PwaMRJi_-UTWpnrRLBwxi9KZTOK4Pg09rO8Jc_pVmpUdeF52DrYHhUDs

Protocol

HTTP/1.1

Server

185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 21 Dec 2022 23:48:25 GMT
AN-X-Request-Uuid: 3242a4d1-acfd-4283-8279-e70d3133737c
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 31.204.150.144; 31.204.150.144; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 21 Dec 2022 23:48:25 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEPZvO0Lct7VhvfGI4GAMM1Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 3625
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODk2NTk1ODQzNDQ1MjcyNjQwMw%3D%3D

170 B
243 B

93ms
73ms

Image
image/png

142.251.39.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODk2NTk1ODQzNDQ1MjcyNjQwMw%3D%3D

Requested by

Protocol

Server

142.251.39.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s38-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Dec 2022 23:48:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 21 Dec 2022 23:48:25 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 31.204.150.144; 31.204.150.144; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 8d89039d-a19f-42c8-93f1-b89d8064e242
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODk2NTk1ODQzNDQ1MjcyNjQwMw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame EF6C 708 B
367 B 43ms
42ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato&display=swap

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

76b2a103a4feac2ee3aa1bf11ce12032a38d8fa566fb95a39bcac61204811c5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 21 Dec 2022 23:48:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 21 Dec 2022 23:38:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 21 Dec 2022 23:48:25 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame EF6C 80 KB
27 KB 50ms
49ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a840e87b72a7a70e7092c587bf8f78a4e4b7fbae0e9887e3ec595564e6e3ad79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27537
x-xss-protection: 0
server: sffe
etag: "1428 / 21 of 1000 / last-modified: 1670587517"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 21 Dec 2022 23:48:25 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221207/r20110914/ Frame DC30 30 KB
11 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221207/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A9LxWMXMXCUn6CpSOPjwbiyeKCKtYZCR-ABlg8-bP4AJiZ5oKolzMa3XSWt6u6yjrUAHJS6XzTjidpeI5WNofIMYM5Fw&cry=1&dbm_d=AKAmf-DBDkngG9un0VkwemFW2ll_2xDEMPZlbqtbcJjcBIHNAxFtIRTO5Z-KkAHjerEcj8NSpyG9so97H50sHR1BH8QY5dulvRStJ9-eenhznsPe5XktRSrtu5MRpKi9lGY6G3AAu6U6s2ym6RTGTS72bVFDsXhhvtdhjJ6hvNbtCm5t6bUa4JMU4Y86Sy0lbpHDal-M_rLfRdXTuUX4dmGURM13IsI7289pRKGKQLeXzyqB2jV0LUdBR5RwUBf-Bvs3lRvfInb9t3DgAiOob3TVJEhyhav_g170WAPwMUgSoyQScx3eLdRrNg5k0KrKIARY6LSAWEr32658fpCRGaj0qBOOdwGF2gR9K2GR6AP7fyNlwQKcWhukgFgG5KCbChyx3PbWbe0bTPUgIpT2J2wErsR3kT3FacTEPjVxt4Im5SP79feaRhiUA3zPAE3QOsGUnWHimv5xAplkBa8TUtX3jgWEqzuFEvSe0L77lKf9qm63dmXcjZZpFC3QIG0YWAru2ufN7sHm6BjlyEE-mimhZjDUwD8EpN2d9Y61rxiDzLdXXeK4k2pqicCDWhl_XX3AYOXrPBzsX8m78gKxvwEsZLonCs0lb56Ka47XW9H_SayvR4XTRXJyJ7Xusa-HQoLvyAb0k4IuoxaI8djPYQ_aBxi82nqciGBfl_W9Vhp1YopbMTKWeml8xdZQJtveh5P7oRsw1EZ5iJxpiB9YjnErI-yyQe4oa3jzHb61McBMmzHAdjIPbYgzgarI838oc8xT-CzuT_6LtvHQHhvdVvZD4bDOvS3jmWHOFm7nUpjNMEKZ5Vt1gj7dJuelgo1wttGm4QKiMK72ynHq5MJ84uafkmaJQ3wh7y8sPff3Vh6oohx0io2WLfMm5kr5OmjvKQ1jkblZ96S1q2iTaxpnrrt7q25MK5xzY4EJ8IcKrdfeFaRBpugtpK9WH6owSsZ1oisur9UdEslWhMb4_j8-OVpPe0KTIbFIxiQt76Pml4YyR1jLdgEZcty7YMU2QyqRHPsQnv4zOrDGm3JVBZkwP8ecBw1FWcoQEKeNmM8ThP55wGwp0-fsuUta7XVYwBiqfap6AFlbYg4TtN2WdFsUoz0W75HQl-VHQBAuEy6ZMFuhKHjIjH-jmaAPuNW3g9orqdLmCgXih1n-PUarFUDu7cfBxq5t9Y43VCd88HSPH4W5mI1kLz6zJ-U7yOz39TClxFyz3FHqBRRPvEmg8AtzMsqE30UvfsBQeIQ7bsleHz1GBW1frU5CA6ep3Oa5yZPHUqE34vKXX9WQDC_-TBXkBpIymzef7uJrDermAOQbVekvXvlOf5_jay1ApFFHtKsSfRPJ96HqkRJULvq9B0JpYvZzH_cag1YlhMbBeszi4Gmfo3cuF-kriNXZJ0-UgTZWXLVPJc7ojoXoMIpKqAaHFcFEXXDjEIUVXwqgnQRIKX8rrlMH29FYRqpZsrVmJkIeCI8w7VDWoMYDZTzp_FTDlXBRnBKGORpTEOwwm_H4N9RmJ8G-wgEap9bMc09rivp_E0ffEVv4NLr5F7qhIA9eT_QeZXAontuhQf3YpR6uAoYkBnFTpKQvkQErhq9fK0-QQO3c_raoVIFceWED7G9XHK68Mb6o3AmhAbajTBNzJl0FgVMN1XcofBiywWwSgHekSu4DhmuKcN168o1TLGsWP-8EmLiesysGvrq6q9uR8fL8M5NzCwUxGlXD1vWPgmxmlJjr3xXd-tuepP-gsIVVAD_buZqV07rHCHFTcVF1yb4hjYm00n3tMICL_vM3GbF7k9aCJswLzJwWOsH_7nbYuMALHWKFnGoMq1YY7XwNqWSgefrtVFDkfDptpUlfbl1m6Jw7enqpczb5frDMR2NR7_h32L74PRH29c5eyFbi5Aw-66Llzqx0SCt_X1JL1Rzn6BT--qDAeb_BVuFap3HfZRdyrrFNXm3NapbRcVZRPT0tsYhkbf2hZjJ1QrR6ZoWw2IfHQ5T3iIJ1jPDxY3X_HMmvrKJ92ieg0Voe9--0vE9EGS9OXGT0n17QlYQUyD2rp0i1DimqT1ccUhHS6qcyDUGv5IQQvIvXmPa8uvkgtCYKLbPQpqz_hMc36A106hQbwmmxJX839igzb5ykTzz2AOshnh1gSBZRypnOGJUg3kAy5DHHaChOzpkzpTtNX7DPw5uWIMzXcpd97p4ho9wC41qGf2hmqP5DVgM9KZpV0qLvsOh2TjSjIyXdXAM75E0TEE_nbNM2tAG15kbPCuxf8L1Ecvs4Lz_5Ln7614O22H7L5_NEds7MBF31Dy2IA85bdvwmFiGG0NhGFfA5FhijxJlrzOgwDcuhDcSWH5Ka7uNsH3owJpUNPdKrEoEq7uJkhPjHkaAzyfbOGEu31sRYDy65LMU47K3SJLLb_Q6rqu217rC_22iINDiXzFdzaYqfBYUQytSb_OclpCiPjZxzfHW4kLzRseUb--Hp8O74-pcNv8VHeQH1v8_f6k12wv6qhHdBLZL8bIJ_ipGesnlBFInVXUACUYwL50yOX-sisxmDR47qNPAxBeBazVnHZKlZAozWrZ1ckkA1KZdabvObWSLr3oJ0m_3utVsNatiMRreuS8WBzGc-6iDmi2Coio37tA4T3_InNjz3_GpYoYh-ptdtlfffiT9UydGc88TpVKf26oDfiIYOWH4Fn9uu47x6tc99abpKQlEEMJ1bC3bVvMQ12BVOiorUd0s65EDkPEaJ-fNIQgX5H4ODI61fUtBZx903ZN1SaZffOKP7Vtq-Z8AJ-fdlKAo1_LIzuicynDdirzTxF8HSjBpbQk7xl-AuAqRIRnv7tRQ6XAHu_MKxnEaKSH2EQpvRWUJBskYPU8LwVZaGJmcIb1c8ZsM6YH1r8teJv2Vo7g9eElRCERvaIYqh6GXlihIS4Q90zRbQsP8tqe8_usJTjr5HEtiRnNnoc06w5W_MPVCHnsk0zWtFz6SFohRUByEJNh236GaJWb8BD4fMEOMPjuKzIHNmgctFe-VoUuDJwBB_qRqzUQ8a6Mvq_5l50NkDXLweZbTWElwJZvklj_3h-HtiSIpDlJdLmEg1jExp-dePwKr1icBQHT63HhJJKgBOElis_Wsj5F1rYK8AJUz3rhVPyDP1s67WVlzJ0qAYv0VWfgVlVG4p6_cl29X3TYGzgpMMADllrbkD1jIzi5OCvqTrP882kr0QnCvHnjY_QQLb6fqUbr69p7aWpHUsnqy4-OT-NCq71C0mdBr8ILM7O_1w4O930NacH_6axABv0xuT4EwB2wfiwc3LW12sBznnjJ1xEBSfIg4ELOqmXgJOp7unCMkqrapuKtJpzgv9V9FcBqW_FSA_MSs8iqY1CjY7OSxTz4IZ0G7CNaNsk7EnJwmT735v-IW7DdnNVL1HQxvN&cid=CAQSOwDq26N9Akxf2aB-yqcoNREVToptb8Kp2X6iXQBmbjGu5ahEf5KvN5-YfVVBk5xzya2mjaQ7H5chyRk8GAEgEw&rfl=2%2Chttps%253A%252F%252Fvillainessturnshourglass.online%242%2Chttps%253A%252F%252Fvillainessturnshourglass.online%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 15:28:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30023
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11387
x-xss-protection: 0
server: cafe
etag: 8197878782792770439
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 04 Jan 2023 15:28:02 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221207/r20110914/elements/html/ Frame DC30 8 KB
3 KB 34ms
34ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221207/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 15:28:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30020
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 04 Jan 2023 15:28:05 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame DC30 0
0 244ms
106ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuRFn0CaTOCNjxB8h5SLKqVqmwDGOBsKJwTRFO4oD174FDIs7I8SDMemZKU-rkMwHfEbsQxDKa1ktC4uzwTU7azZmMbSS4aXTjHiOGvSnJEwH7LKKat4Iiwu3Bn2ny0Ac232C9TrnEXtnklp8a4BwK8KtfwucJdEBjDxsc39O9yD6R7RhnMq2yn9ulRQp_JLfaAvrNE9uMhS-TTimriLDy8x35B4g_fakKIpgm3BV_sTR_c83A7dnJQFwZbS9nTMtQzpHakynGYgkXHRoGT_zWKy-fJc55WfslVDpXiyj_tvjM2qiw1-BPZaUb4719UQ7fPr-eL3ic-5Pl5cQqoDKfkPCLsKZ7EATesxxICkyIACO645kuNOOL1Gh-NqTdaFaQTTccrsa3qJgy7TabxtFnxTxXsPCauJMiOvAuoEIrD0lyqXWj4TkZhVNMmpRddtHnCYq2W1UC_c-SVqZZHK3_OgFWe4b2Tn8WBhFtmL_53V9KTgrjlSPreLhRrmgLp2Ae1meJgB_MrBNNuzX-eSaC87NyfFtvlwLA_N9hOaHvFHP7EZOtA7U4nyN3GCfHBZ6jwIAnYxRmBkx7nEH2aVDnrgMKU2BadpreaODlQXw6TP0YS5M1rPCNf7IJRsdQ6YQM26k-yaJItI56CXesu8BddkJhJltyL_aRgFNPKaJ4osmIvTxRtVSLYNERWh7_YreeFibZnjSoRJFvhgT2ftL9ydq4ehVIvXDUomYUNhAurGMOwq_Wxo1r-IMdsHHGhnjApGBBq4eGDqvg3HTypL9iMRgyXduZBl60lPSpeMmiijUHNIlKqf-ZIptahAB4ghTaYBmyYFd6OQU8vUahP1KmpfLrKGxyl68BGyiOhNCssonEVZqn4QURIngrQL7J5SrrgfXq1lS7QhT3dA9DlQ0dmJph1LVh_USB6Md9znVsiV0CdNqWSM9KTHKOa6UMk9swPkUPbuRGCdyFZfzZvInRZYfOFykxjOeZUYgImm3oYISv0-GCdS4Z6G8ma1hKincal89TUCwmgF3tSQINVOmCmHXtXeHmfc2sDx1WPyBXD2awg9HqjovEgH6Ff6fGB00YrMZZB8z-VP6HwybK8M1ADRl8nxSWRqcIi_6i7kTO9LCIA7f9tgYE5e-dtZ9cbzlyiQJ_1JxJNQgyLCImKONfTzEcLF8HJnEpr6x25Z37QV5mS5BbcVUtnAW1HB_ZT3GXrgXtUW--tPTzs2hqwAs-b3JzBulTBevudGYxLoYWFWjMx6e8hjH1Wz9AUbzHZ2L0OsIgBv4QapOTiyB1xJfPxP7iZrKND0Y0BA-yuWQXC7MTFprobMG8ZSy5Xfo6GpOCVvWdbdIWlu1i342GVNx4CIqgR2afn42-iMBUGoA&sai=AMfl-YTkDG7QjqOU0NrLVaE5xfU_haHIdgWV_JkB5mBjlAfVycwjmXuqRAOxQqR_EXjBZP_VMqTJIZFHqpM6EOWULeDhEOo-JVgESnycHQkTI7Ap3ykC3uKRmHq6912_yoJHn9Cv-bku55IJHCjpqZ2dyODIaZHMuWfwGMF7imZl1i_ccYLa5hK8en8CB67UPBOgzovnR196u3wssMTrwr5d4mLUhEX0LX_OwAp5h6Sji95CaF__wjRhRzAhc-OgHaxDAnGAa36BPUo&sig=Cg0ArKJSzIKfuyFlfDqEEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20221207.78183&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 21 Dec 2022 23:48:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 21 Dec 2022 23:48:25 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame DC30 41 KB
15 KB 60ms
59ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 19 Dec 2022 16:52:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 197780
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Dec 2023 16:52:05 GMT

GET
H2 200 6970673706899548234
s0.2mdn.net/simgad/ Frame DC30 205 KB
206 KB 121ms
34ms Image
image/gif 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/6970673706899548234

Requested by

Host: 7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com
URL: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47aa215c5e7f0dcc411b196a9399c19b0a0724144f6dfeb5bc58402964f67253

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 10:30:48 GMT
x-content-type-options: nosniff
age: 47857
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 210013
x-xss-protection: 0
last-modified: Tue, 06 Dec 2022 17:55:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Dec 2023 10:30:48 GMT

GET
H3 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ Frame EF6C 23 KB
23 KB 33ms
32ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://villainessturnshourglass.online
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 18 Dec 2022 11:05:12 GMT
x-content-type-options: nosniff
age: 304993
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Dec 2023 11:05:12 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 8680 1 KB
643 B 32ms
32ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com
URL: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

age: 30023
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 15:28:02 GMT
etag: 48472445140208031
expires: Thu, 22 Dec 2022 15:28:02 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_2022120501.js Show response
securepubads.g.doubleclick.net/gpt/ Frame EF6C 380 KB
129 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e288c4dc57f72a69a497baef524f41c57e1c6a414b09a5bde22cd5b2f1b7cdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 21:44:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7418
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131905
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 09:36:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 21 Dec 2023 21:44:47 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ Frame EF6C 109 B
94 B 42ms
42ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=villainessturnshourglass.online

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

82613693f5ddb7fa0f78e558edfbbeaa939dffc936c57630108a46f5d8cf71fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69
x-xss-protection: 0
expires: Wed, 21 Dec 2022 23:48:25 GMT

GET
DATA 200
OK truncated
/ Frame DC30 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1a7adb9583f7c119f3b83345c78a3ef59a8ed7b88bbeee5fde3fc3f6ee84f954

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 12C2 22 KB
8 KB 58ms
58ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 197780
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 19 Dec 2022 16:52:05 GMT
expires: Tue, 19 Dec 2023 16:52:05 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8680
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESENlUpTCD319xRNzgIv3aCrA&google_cver=1&google_push=AavPq0PozNhyPKB2Jc1P8C2q-LbdZl7oBK59Vn3YFka0Zg1aW1xvamZ4SfRa3pZ7iUV4uBWKDupA6DXK19FF1_G_...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AavPq0PozNhyPKB2Jc1P8C2q-LbdZl7oBK59Vn3YFka0Zg1aW1xvamZ4SfRa3pZ7iUV4uBWKDupA6DXK19FF1_G_jdkX4QHlQMFOrw

170 B
188 B

72ms
71ms

Image
image/png

142.251.39.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AavPq0PozNhyPKB2Jc1P8C2q-LbdZl7oBK59Vn3YFka0Zg1aW1xvamZ4SfRa3pZ7iUV4uBWKDupA6DXK19FF1_G_jdkX4QHlQMFOrw

Protocol

Server

142.251.39.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s38-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Dec 2022 23:48:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 21 Dec 2022 23:48:26 GMT
Server: MT3 277 3f0ad7a master zrh-pixel-x9 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AavPq0PozNhyPKB2Jc1P8C2q-LbdZl7oBK59Vn3YFka0Zg1aW1xvamZ4SfRa3pZ7iUV4uBWKDupA6DXK19FF1_G_jdkX4QHlQMFOrw
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 21 Dec 2022 23:48:25 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 8680 0
174 B 120ms
32ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEGMfY0pv_jlYl-hFGmAI4oc&google_cver=1&google_push=AavPq0Os5X4vCvuNLLIzX1RU_Rvz1CfQ-aJXiNMKF9CftVugJNIA0Xl_oWzU4xIQmkuOxNU5I5Rl2sGRqGEP22tTKwP1MwMxZhqqCQ
Requested by: Host: 7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com
URL: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:25 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8680
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEOes0t3HNphXO4fB3TaoHoY&google_cver=1&google_push=AavPq0Pghx7DyowzcgcRJsFqLtbozmLDj3BLVrD7fB1viPoVhgcacBYRnoxE2N0dvUZFTcCPvFFa5G-TTVForE...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE3OTc1Mjk2ODgwOTA4NTA4MQ%3D%3D&google_push=AavPq0Pghx7DyowzcgcRJsFqLtbozmLDj3BLVrD7fB1viPoVhgcacBYRnoxE2N0dvUZFTcCPvFFa5G-TTVForEsn_l...

170 B
188 B

135ms
70ms

Image
image/png

142.251.39.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE3OTc1Mjk2ODgwOTA4NTA4MQ%3D%3D&google_push=AavPq0Pghx7DyowzcgcRJsFqLtbozmLDj3BLVrD7fB1viPoVhgcacBYRnoxE2N0dvUZFTcCPvFFa5G-TTVForEsn_lFyUNZum2Hi

Requested by

Host: 7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com
URL: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.251.39.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s38-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Dec 2022 23:48:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE3OTc1Mjk2ODgwOTA4NTA4MQ%3D%3D&google_push=AavPq0Pghx7DyowzcgcRJsFqLtbozmLDj3BLVrD7fB1viPoVhgcacBYRnoxE2N0dvUZFTcCPvFFa5G-TTVForEsn_lFyUNZum2Hi
Date: Wed, 21 Dec 2022 23:48:25 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8680
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECmwI_uaGzcaETa2GEs5kOI&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESECmwI_uaGzcaETa2GEs5kOI&google_push=Aa...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESECmwI_uaGzcaETa2GEs5kOI&google_hm=Y6ObSQiBYR4lDizMXJshwgAABGYAAAIB&google_nid=index&google_push=AavPq0NukSYzH100VjVBxUqf0k7hpfkmCqHAx...

170 B
188 B

71ms
71ms

Image
image/png

142.251.39.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESECmwI_uaGzcaETa2GEs5kOI&google_hm=Y6ObSQiBYR4lDizMXJshwgAABGYAAAIB&google_nid=index&google_push=AavPq0NukSYzH100VjVBxUqf0k7hpfkmCqHAxWTxFcuCaKJDEX4FEspx2Wy3wjO9ifbnUrQl2IK_kyA-V2L3zeyFwMwCD0ZfLtR83g

Requested by

Host: 7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com
URL: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.251.39.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s38-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Dec 2022 23:48:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 21 Dec 2022 23:48:25 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HZW4UwL8%2BecMqpNePcXVZNfzkOP9oBIX4O8D5kwMKblx30PioHM9r2MVwgo7af3XO2OVLiYNdPOrx6C3WHZvNZ0MMhfqSEOTexxMBkF0BuZ8yLDk097NuU6gvN0b8XkkELczlcvsEpRioA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESECmwI_uaGzcaETa2GEs5kOI&google_hm=Y6ObSQiBYR4lDizMXJshwgAABGYAAAIB&google_nid=index&google_push=AavPq0NukSYzH100VjVBxUqf0k7hpfkmCqHAxWTxFcuCaKJDEX4FEspx2Wy3wjO9ifbnUrQl2IK_kyA-V2L3zeyFwMwCD0ZfLtR83g
cache-control: no-cache
cf-ray: 77d4822c6de00e9c-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8680
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEDyXI7qfrksMj8Mv72H3-s8&google_cver=1&google_push=AavPq0OQJO7_-NqRdxINVduT-wx4jaXQHxoYoDdOQBb5NXM-oOJZMQlAH8hNT8aad6kGRWr72nR-5Y23INP75EyLf...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEDyXI7qfrksMj8Mv72H3-s8&google_cver=1&google_push=AavPq0OQJO7_-NqRdxINVduT-wx4jaXQHxoYoDdOQBb5NXM-oOJZMQlAH8hNT8aad6kGRWr72nR-5Y23INP75EyLf...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AavPq0OQJO7_-NqRdxINVduT-wx4jaXQHxoYoDdOQBb5NXM-oOJZMQlAH8hNT8aad6kGRWr72nR-5Y23INP75EyLf6aF62_PV9Uy&google_hm=F2w0uGZH0WzKZ9PEQum7lbFM

170 B
188 B

72ms
72ms

Image
image/png

142.251.39.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AavPq0OQJO7_-NqRdxINVduT-wx4jaXQHxoYoDdOQBb5NXM-oOJZMQlAH8hNT8aad6kGRWr72nR-5Y23INP75EyLf6aF62_PV9Uy&google_hm=F2w0uGZH0WzKZ9PEQum7lbFM

Protocol

Server

142.251.39.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s38-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Dec 2022 23:48:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 21 Dec 2022 23:48:25 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AavPq0OQJO7_-NqRdxINVduT-wx4jaXQHxoYoDdOQBb5NXM-oOJZMQlAH8hNT8aad6kGRWr72nR-5Y23INP75EyLf6aF62_PV9Uy&google_hm=F2w0uGZH0WzKZ9PEQum7lbFM
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8680
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEJo9cPurxf-PO0d92kflMyQ&google_cver=1&google_push=AavPq0OogVbxoEXh-T4zD8-Ao4idCKzSe3_r8c-lxGJD9ElrcxJTCCRpbM4U8EHIXJZyGpauE03lGxAbxo4QP_B4pqV1fp2OYd...
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AavPq0OogVbxoEXh-T4zD8-Ao4idCKzSe3_r8c-lxGJD9ElrcxJTCCRpbM4U8EHIXJZyGpauE03lGxAbxo4QP_B4pqV1fp2OYd1...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTE5MzA4NjQyMzEzMDg0OTgxMjc4Nw%3D%3D&google_push=AavPq0OogVbxoEXh-T4zD8-Ao4idCKzSe3_r8c-lxGJD9ElrcxJTCCRp...

170 B
188 B

127ms
74ms

Image
image/png

142.251.39.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTE5MzA4NjQyMzEzMDg0OTgxMjc4Nw%3D%3D&google_push=AavPq0OogVbxoEXh-T4zD8-Ao4idCKzSe3_r8c-lxGJD9ElrcxJTCCRpbM4U8EHIXJZyGpauE03lGxAbxo4QP_B4pqV1fp2OYd19Hg

Requested by

Host: 7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com
URL: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.251.39.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s38-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Dec 2022 23:48:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTE5MzA4NjQyMzEzMDg0OTgxMjc4Nw%3D%3D&google_push=AavPq0OogVbxoEXh-T4zD8-Ao4idCKzSe3_r8c-lxGJD9ElrcxJTCCRpbM4U8EHIXJZyGpauE03lGxAbxo4QP_B4pqV1fp2OYd19Hg
date: Wed, 21 Dec 2022 23:48:25 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

/
onetag-sys.com/match/ Frame 8680
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEP1-KSgV3Fq8ertxfvSxyig&google_cver=1&google_push=AavPq0PB6YjAi1madPHaZAMjX-QnT9yVyc7bhLmKA8i78gt3byvODkDHj_ikEoWxWJSdR2y2Wzl3gyFk81Y...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AavPq0PB6YjAi1madPHaZAMjX-QnT9yVyc7bhLmKA8i78gt3byvODkDHj_ikEoWxWJSdR2y2Wzl3gyFk81Y191A0AWqPf8LxIOQwnQ
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

36ms
35ms

Image
text/plain

51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: 7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com
URL: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 21 Dec 2022 23:48:25 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 8680 0
232 B 81ms
68ms Image
text/html 142.251.39.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KkpShpltzmNQHJgDPwkxOZFkkZTEJO4pyo5Mx8Mph6-51WhoYgRcROJZPjHjH24aNirnAzEg

Requested by

Host: 7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com
URL: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.39.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s38-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:25 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 integrator.js Show response
adservice.google.nl/adsid/ Frame EF6C 107 B
122 B 43ms
42ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=villainessturnshourglass.online

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame EF6C 107 B
122 B 70ms
69ms Script
application/javascript 2a00:1450:400d:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=villainessturnshourglass.online

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame EF6C 54 KB
12 KB 227ms
227ms XHR
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2049990460202541&correlator=1220681332733408&eid=31071150%2C31070909&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fif&iu_parts=21902364955%3A22652385948%2Ccm_pu_villainessturnshourglass.online_arts_and_entertainment_top%2Ccm_pu_villainessturnshourglass.online_arts_and_entertainment_btf_2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C320x50%7C320x100&ifi=1&adks=2132953988&sfv=1-0-40&eri=4&sc=1&cookie=ID%3D45b1ce09ecbc4160%3AT%3D1671666503%3AS%3DALNI_MYvqvA_tywr8l5RcYa_wscDJMPpuQ&gpic=UID%3D00000b95d87b80ab%3AT%3D1671666503%3ART%3D1671666503%3AS%3DALNI_MbrF2PDH7DqaM1LIS1o3ueHg8qG0A&abxe=1&dt=1671666505511&dlt=1671666505366&idt=136&adxs=1244&adys=30&biw=1600&bih=1200&isw=343&ish=85&scr_x=0&scr_y=0&btvi=0&ucis=ay8qlu40lssk&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=1&url=https%3A%2F%2Fvillainessturnshourglass.online%2F&top=villainessturnshourglass.online&frm=23&vis=1&psz=343x0&msz=343x0&fws=256&ohw=0&ea=0&ga_vid=526885979.1671666502&ga_sid=1671666506&ga_hid=670289187&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2951c34bf80988b20c12d5006330bc3bbe7e301a6da6d97db81cb026bcf9c81a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12237
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://villainessturnshourglass.online
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
ed1ab487481d00003573b79799d3602f.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame EF71 6 KB
3 KB 128ms
42ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ed1ab487481d00003573b79799d3602f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://villainessturnshourglass.online/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 23:48:25 GMT
expires: Thu, 21 Dec 2023 23:48:25 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js Show response
pagead2.googlesyndication.com/bg/ Frame 12C2 36 KB
16 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

182e4ce4dfd537795577b12b9b19a57422a8b21815f5dd92ef8acb3fd872a19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 20 Dec 2022 15:46:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 115304
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16025
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Dec 2023 15:46:41 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame DC30 0
0 99ms
98ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuRFn0CaTOCNjxB8h5SLKqVqmwDGOBsKJwTRFO4oD174FDIs7I8SDMemZKU-rkMwHfEbsQxDKa1ktC4uzwTU7azZmMbSS4aXTjHiOGvSnJEwH7LKKat4Iiwu3Bn2ny0Ac232C9TrnEXtnklp8a4BwK8KtfwucJdEBjDxsc39O9yD6R7RhnMq2yn9ulRQp_JLfaAvrNE9uMhS-TTimriLDy8x35B4g_fakKIpgm3BV_sTR_c83A7dnJQFwZbS9nTMtQzpHakynGYgkXHRoGT_zWKy-fJc55WfslVDpXiyj_tvjM2qiw1-BPZaUb4719UQ7fPr-eL3ic-5Pl5cQqoDKfkPCLsKZ7EATesxxICkyIACO645kuNOOL1Gh-NqTdaFaQTTccrsa3qJgy7TabxtFnxTxXsPCauJMiOvAuoEIrD0lyqXWj4TkZhVNMmpRddtHnCYq2W1UC_c-SVqZZHK3_OgFWe4b2Tn8WBhFtmL_53V9KTgrjlSPreLhRrmgLp2Ae1meJgB_MrBNNuzX-eSaC87NyfFtvlwLA_N9hOaHvFHP7EZOtA7U4nyN3GCfHBZ6jwIAnYxRmBkx7nEH2aVDnrgMKU2BadpreaODlQXw6TP0YS5M1rPCNf7IJRsdQ6YQM26k-yaJItI56CXesu8BddkJhJltyL_aRgFNPKaJ4osmIvTxRtVSLYNERWh7_YreeFibZnjSoRJFvhgT2ftL9ydq4ehVIvXDUomYUNhAurGMOwq_Wxo1r-IMdsHHGhnjApGBBq4eGDqvg3HTypL9iMRgyXduZBl60lPSpeMmiijUHNIlKqf-ZIptahAB4ghTaYBmyYFd6OQU8vUahP1KmpfLrKGxyl68BGyiOhNCssonEVZqn4QURIngrQL7J5SrrgfXq1lS7QhT3dA9DlQ0dmJph1LVh_USB6Md9znVsiV0CdNqWSM9KTHKOa6UMk9swPkUPbuRGCdyFZfzZvInRZYfOFykxjOeZUYgImm3oYISv0-GCdS4Z6G8ma1hKincal89TUCwmgF3tSQINVOmCmHXtXeHmfc2sDx1WPyBXD2awg9HqjovEgH6Ff6fGB00YrMZZB8z-VP6HwybK8M1ADRl8nxSWRqcIi_6i7kTO9LCIA7f9tgYE5e-dtZ9cbzlyiQJ_1JxJNQgyLCImKONfTzEcLF8HJnEpr6x25Z37QV5mS5BbcVUtnAW1HB_ZT3GXrgXtUW--tPTzs2hqwAs-b3JzBulTBevudGYxLoYWFWjMx6e8hjH1Wz9AUbzHZ2L0OsIgBv4QapOTiyB1xJfPxP7iZrKND0Y0BA-yuWQXC7MTFprobMG8ZSy5Xfo6GpOCVvWdbdIWlu1i342GVNx4CIqgR2afn42-iMBUGoA&sai=AMfl-YTkDG7QjqOU0NrLVaE5xfU_haHIdgWV_JkB5mBjlAfVycwjmXuqRAOxQqR_EXjBZP_VMqTJIZFHqpM6EOWULeDhEOo-JVgESnycHQkTI7Ap3ykC3uKRmHq6912_yoJHn9Cv-bku55IJHCjpqZ2dyODIaZHMuWfwGMF7imZl1i_ccYLa5hK8en8CB67UPBOgzovnR196u3wssMTrwr5d4mLUhEX0LX_OwAp5h6Sji95CaF__wjRhRzAhc-OgHaxDAnGAa36BPUo&sig=Cg0ArKJSzIKfuyFlfDqEEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=233&vt=11&dtpt=232&dett=2&cstd=0&cisv=r20221207.78183&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 21 Dec 2022 23:48:25 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame EF6C 14 KB
11 KB 47ms
47ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2215634c33a7f9a27a0fa412f6d9276818e939fd04917440c51c17c21d2773f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11196
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1183 0
0 70ms
70ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022120701&jk=2495026100543775&bg=!YWKlYibNAAYgquz3AKo7ACkAdvg8WhTlsQf_u8ptV-t5vPZhAkPFATEhcV4lz42PBqXzVBGqpY0nsQIAAABQUgAAAAJoAQeZAxqczUv9oLir0DnlYMf7RDcUq6Gk8djF3uyod4ag1VbRkfX7gRa7e153sPc6ekzabpkwS27CYs0USycYFqYqAKGxxTSnhaRJSFZfNJK7GRhM3Md7J8KQLp6iG0OxCLk2d3N6vTJJoSgG4TNOvbG7_BjqEen_Bxp-_vE8ndWHqpNlLXSJZGnuLUDtNxcoGDTx7RyO4GM_YfBkT9jr8dIV-iyH1Ho88eq4mserXQvpWFF-_t6g9iP3SrhkWkzHOVc_d3Qe3bBkNz0c3BXQa0zXGM3Js85-LjgsownL4XC9f_LuLvjHospuPGyLhtjgwa2YjIWE-QqRi6CfM6BRwiuHEA9QGo8AfeH0OtoWWAgD2V2CEwJBdehojmbr2ck9dorKXNkjB2r5_meXuac_X1QhemoeZF2hqZm4b1yBnjOLNRWKN0iCd0UhuRMZK-_JmpiGmr9lpFtF6t5fYVgm-0i-Frf0Qvk7OGr8BDld3XpoAHUNgMlq7ANNfhikpEWZIqGkNXoALg5zktw9k4cvIq7Vv_I8WBx4Q0gy7_eV-GS-FHdfc7kwgu0hyG1nXJxwLcMv8eqJ1ymm7-we4MEI29dtcE85q7qh9mdvDHQ7Lx1aPoKV2nMnWbmDWyELSuF1U9Raxci3XDVPnpfwcRydfNeiM28dYWZPaCvNk91YfC87IX9Epbwjn52oeX7KqiOdLPUBf5zkozenQZxiWTa_ShLR9jQko1_S5BsZYxbmHkpBe-pVUICiBrqPXG88npAy26I15ZOY88XtI3m91LNgx-leGaDuxGqx5Q6SvTm0PU5EvL2o-42r7LqhBGPqcHrmKpGLN91noEthL-_PakuzIRmsaeWbKau53NdsOuHYgzPE3NHYZimv-ot9XKbuCOvZ_YViRAADnXd_1mT2k8IhFhMeejWs4WUPvQr4phnN1X8NXM_7pzsGUzilmNG6uwd58A1qt3D3FnjamhQy70az15ElTt2xECvjRUnHIXd8nEfjEWA_H6tr86p3A4AdlooyLvGBnXoimSunhcpyFutu3Jbwqpc43esxeAnO-ILi6A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 12C2 0
20 B 70ms
69ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BAIYzSZujY-zxEcTA9u8Pm_CXMAAAAAA4AeAEAg&bg=!wsGlwYXNAAYgquz3AKo7ACkAdvg8WlKl_chmcU2Oib1HMQ9rFV_RF3LYHSTNJgTBYoeg7s8FRKwR5gIAAABnUgAAAAJoAQcKADM9XxE1grImk3oXkdjZFcZsYbNd_PnsuSNPEvUqHAWuFyJQngpp3SUZQg1N1VGrikx4SCSZA1rQSLe4WtJfzvIid02Q_o7UgCAlp6GaiP155lbM_0z9tprh87EXlfEi7c0HQcQ64SSU_16u8_p6gPCPKvjW3MnvCbLC8JVriLIFIKZTuLz93r2tJMExUI0yBuTjuK4snY4wSHlVaE3oheeaFF5mwh0yo8ps-sw-GOUvj5c-lMZHJPEvhM_7LSBvu89Gxrork92wwhe_C7bMrWXyqg725gPg1a67xHIjyRmbEOX5AWLKNdAgYRc3b2FIusLcLq9RwSvfh5bSa-4VE1cEsbG7ms1Ysl64Du37Pe_zpzDWAqtntBYRPHzGWNua0q4wn4pPoeE7I0V_N6gS5Ux7c8nJvbXe_gSGBF61tWe3vQiiY00l77Gz5_gVbBrRccTd5cLAGb4Sp--VmCiQNzO7F3c-_vulQM1v2LCDhFtX4HoAF623erNSw_ZLqFGJ9Tb7Dw-cesvh3Be3VP4t0AxCrIR_beNwxlWTgSQzSNCbBZ2cUjEAfHGRWy4GUE_RlKhPGya_0pMYiXEyL__RD_VhBAsWfHrxBikWpAO8k31wrenS5WoR5a3s_9YY_WgfERH19JX347W-mTPHnm_sF6ALcHX0yseziDTR7LJtji23y17ebwTBv5E9b-1qVcjoJxy683XFhjDk9E4ukd1kUi_trq1v75afLHsDM2cPS5IvoeHWVUG8gPzdxo7KlhFz8-m93XA6rxw0VosnuYBGFVhOcObbxj_trfN1MgHGvTSSJrZMNX_nsFUhmlzRlpXFKE38fi0_EZxFTL_FWbFxrZ4Beef02Nr79tCiDD9z5kbySXrMLxCKaH9i4PfS7PLddSdNz4tBxorAyMaHn80ZSJiupoPeaWM2b1kpCcip9TSbA5rqfAkZ-HPkHTXAAqmXHbUoZoq4r0aLuujh2irHc84UnwN2bIhfwuTJxbD177OaDbKabVek1TDMDnLOyb6tZ-6tadSvvSqbsAw4UdJ5_w9T8dd9BQ83cS6fxaRvfYrx49W8ox8E2RlLm9i26uBHb4EwIBw78FbeWQvCLy_wPTSz2ybp17JzPuQrxvNkoHdUcMMPARIXCLXk7GPqeDjynCJLcRECwpMuVTIaTJ8eFkx394JNhCwxPybByeLUQEOqhDJS-fSgQ14xs9SW0pkS5rg

Requested by

Host: 7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com
URL: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Dec 2022 23:48:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame EF6C 17 KB
6 KB 71ms
71ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 21 Dec 2022 23:48:25 GMT

GET
H3 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012211060024000/ Frame 3CE2 221 KB
60 KB 145ms
48ms Script
text/javascript 2a00:1450:400d:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:802::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01f9f2f5ba1812441a49f7f1dc0b04fb56a18b486005289b8df4212381f10ce

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 01:38:32 GMT
age: 79793
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61592
x-xss-protection: 0
server: sffe
etag: "a2fca7132416d151"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 21 Dec 2023 01:38:32 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 3CE2 14 KB
5 KB 226ms
129ms Script
text/javascript 2a00:1450:400d:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:802::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 01:38:32 GMT
age: 79793
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5218
x-xss-protection: 0
server: sffe
etag: "abd4378f71571d78"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 21 Dec 2023 01:38:32 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 3CE2 94 KB
28 KB 210ms
114ms Script
text/javascript 2a00:1450:400d:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:802::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 01:38:32 GMT
age: 79793
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28809
x-xss-protection: 0
server: sffe
etag: "dd6615029de85e23"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 21 Dec 2023 01:38:32 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 3CE2 5 KB
2 KB 229ms
133ms Script
text/javascript 2a00:1450:400d:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:802::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 01:38:32 GMT
age: 79793
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
etag: "403438c4d550ee88"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 21 Dec 2023 01:38:32 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 3CE2 40 KB
13 KB 143ms
47ms Script
text/javascript 2a00:1450:400d:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:802::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 01:38:32 GMT
age: 79793
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12946
x-xss-protection: 0
server: sffe
etag: "0bacd3f1ce38a7db"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 21 Dec 2023 01:38:32 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 3CE2 4 KB
621 B 42ms
42ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 21 Dec 2022 23:48:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 21 Dec 2022 22:02:32 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 21 Dec 2022 23:48:25 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3CE2 2 KB
2 KB 58ms
58ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 09:39:53 GMT
x-content-type-options: nosniff
server: cafe
age: 50912
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 22 Dec 2022 09:39:53 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3CE2 295 B
323 B 59ms
59ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 20:35:33 GMT
x-content-type-options: nosniff
server: cafe
age: 11572
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 22 Dec 2022 20:35:33 GMT

OPTIONS
H2 200 i
api.purpleads.io/x/a/0c0a16dc57be357876263a8ba9753995:c33913a627c5c5d118ecee72415b81804f097e2a3d84e4cffcb7853205911d0f6569749f8537e7a07518d1440e94e1e681777025dcd5f86d4b65e64def32e899e0a0980bad5ec56... Frame 0
0 115ms
115ms Preflight 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/0c0a16dc57be357876263a8ba9753995:c33913a627c5c5d118ecee72415b81804f097e2a3d84e4cffcb7853205911d0f6569749f8537e7a07518d1440e94e1e681777025dcd5f86d4b65e64def32e899e0a0980bad5ec564639a42ce56cc09bc4994044729d0ae44b23ab8ecc87dbd9a/i?id=6f8d2e1c-972c-4efa-a6ca-656c2c35b86f&ts=1671666505757
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://villainessturnshourglass.online
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:25 GMT
x-request-id: 8f8ae6f2-c2b7-4c9d-b6bb-0e5f60b2cc81

GET
H3 204 l
www.google.com/ads/measurement/ Frame 3CE2 0
0 42ms
42ms Image
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSri_4RPLJOt7eu0_jdGw2GQrdLFMDrscuia31qENKg4sosah1TkBeJPA5lW07FbRVMqHlt0PDMaaVangLo8C1llQdPyA
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 3CE2 0
0 79ms
79ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CgtwASZujY-zjIr_k7_UPhcmNoA7brbKFbuXupq_WEPPW9P0IEAEg8tO5e2CRhKCFjBigAauX-LcoyAEJ4AIAqAMByAMKqgTJAk_QxYApLGjFfG0uMH78vuMgBuTLamkgKFyzl_MPKoMrxOEFRUJzxuoy0dqK4IjtiXAc0NSTGGIIsMlVSsAllVDXh6Wg7x0u0KtxnX57I6oLcn7II82Yt4cpjIwQ0codWxgYVJdAwlGVePSJzFvee3shonlboz9AOeopx0iO_UjOf5pjv4KEQzUbDpDCK_KC3xh_4uwaCzXHrHTorbEyE4akgDA97cFzu7OVbR9YyhzlvifrTYsI34015Y1xhEXRWqmdyvSJ_Pz7rgi1GEJYaGjMf26f7tbz3Fgv1BJinGSdWEN2Rv0hx7J5hvJ6AiDKxxHt1FNHygMZjF1RIB29Mig306Y6Ic9tJAg-TC-Sm8cN29oGBdcbjV7oFzu4gp1X_ZP65bx1fvDAy139wUnQA1TW9JLwqWNwzcv66mBNaIcWm-u1CXCeOEepwASV_4GglgTgBAGSBQQIBBgBkgUECAUYBKAGLoAHq8_IlwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBCiwgHSCBEIgOGAEBABGB0yAqoCOgKAQIAKA8gLAdgTDdAVAYAXAbIXHgocCAASFHB1Yi01NDEzMzI5NTQ0MDQwOTQ3GMGMdA&sigh=3KLzR2-6Eo0&uach_m=[UACH]&cid=CAQSOwDq26N93YbVu6cqxi3PoqC2xoBSCKvUJGKXgSdAqCwcEZ5b89lgyZGWu1U_8dAiyuQHHF5hOszJUSuwGAEgEw&template_id=5000
Requested by: Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H2 204 i
api.purpleads.io/x/a/0c0a16dc57be357876263a8ba9753995:c33913a627c5c5d118ecee72415b81804f097e2a3d84e4cffcb7853205911d0f6569749f8537e7a07518d1440e94e1e681777025dcd5f86d4b65e64def32e899e0a0980bad5ec56... 0
0 143ms
143ms Fetch 52.204.242.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/0c0a16dc57be357876263a8ba9753995:c33913a627c5c5d118ecee72415b81804f097e2a3d84e4cffcb7853205911d0f6569749f8537e7a07518d1440e94e1e681777025dcd5f86d4b65e64def32e899e0a0980bad5ec564639a42ce56cc09bc4994044729d0ae44b23ab8ecc87dbd9a/i?id=6f8d2e1c-972c-4efa-a6ca-656c2c35b86f&ts=1671666505757
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/load.js?publisherId=fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.242.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-242-76.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

x-request-url: aHR0cHM6Ly92aWxsYWluZXNzdHVybnNob3VyZ2xhc3Mub25saW5lLw==
accept-language: nl-NL,nl;q=0.9
Authorization: Bearer fe94c40be3fbf1baa9683edb0ec2eb63:ee9781a5d92ce7e2456bab07dc6924ade67ce633b6fef1c4f5b53c77c4f29a0ba25ae149b52bbfa1a8bfe28f52d8a96c9eb9dce2a4c60604fb30a1e168e0abfe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://villainessturnshourglass.online/
x-purpleads-version: 1.0.10

Response headers

access-control-allow-origin: https://villainessturnshourglass.online
date: Wed, 21 Dec 2022 23:48:25 GMT
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
x-request-id: 0b98939d-3e91-460e-a0a1-b71b80a56b23

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/5238594716255546121/ Frame 3CE2 26 KB
26 KB 58ms
58ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5238594716255546121/14763004658117789537?w=400&h=209

Requested by

Host: villainessturnshourglass.online
URL: https://villainessturnshourglass.online/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66fc6ca2760f4dd4df304739a23db941cd151c46b55dadedeada1535e83511a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 19 Dec 2022 05:04:48 GMT
x-content-type-options: nosniff
age: 240217
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26951
x-xss-protection: 0
last-modified: Thu, 24 Nov 2022 06:33:06 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 19 Dec 2023 05:04:48 GMT

GET
DATA 200
OK truncated
/ Frame 3CE2 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 3CE2 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eedccfa98ff12e545d555346a00e40e8ba62af8a7b2f30926ecaaa9ba75ba726

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1149 13 KB
5 KB 59ms
58ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://villainessturnshourglass.online/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 7414
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 21:44:51 GMT
expires: Thu, 21 Dec 2023 21:44:51 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3DF2 783 B
534 B 42ms
42ms Document
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d9fde63468406bc11e4928c80e2ba3099645005f4f8d7cc3934d364788e38ac7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-CW0xx6ISE1-5pc7vgpOJmw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://villainessturnshourglass.online/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-CW0xx6ISE1-5pc7vgpOJmw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 21 Dec 2022 23:48:25 GMT
expires: Wed, 21 Dec 2022 23:48:25 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 3CE2 16 KB
16 KB 33ms
32ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://villainessturnshourglass.online
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 17 Dec 2022 09:07:05 GMT
x-content-type-options: nosniff
age: 398480
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 17 Dec 2023 09:07:05 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 3CE2 15 KB
15 KB 33ms
32ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://villainessturnshourglass.online
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 15 Dec 2022 19:42:15 GMT
x-content-type-options: nosniff
age: 533170
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Dec 2023 19:42:15 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3DF2 0
0 66ms
65ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022120501&jk=2049990460202541&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 200 GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js Show response
pagead2.googlesyndication.com/bg/ Frame 1149 36 KB
16 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GC5M5N_VN3lVd7ErmxmldCKoshgV9d2S74rLP9hyoZw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

182e4ce4dfd537795577b12b9b19a57422a8b21815f5dd92ef8acb3fd872a19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 20 Dec 2022 15:46:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 115304
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16025
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Dec 2023 15:46:41 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 1149 0
10 B 59ms
58ms Image
text/plain 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?_FPxEA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 23:48:25 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame EF6C 0
0 142ms
140ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022120501&jk=2049990460202541&bg=!fX6lfjrNAAYgquz3AKo7ACkAdvg8Wk733Nv609w8skIg79_BOjQn-Ggrtj4bO5gjcQ3mTMGgKqThagIAAABfUgAAAAloAQcKAGA8f5N5riVvnfOp21gY9tn0FuRtBYFgYwnCzmucyeq7gSba2dSiJByuCIMc_ZCOCXoR1gbFe5gZY-wh4g2TJLPCL46ejHDPgB5CM-5s_v5-qg7gLi45tWEPtn7YIrkBuaCZAy6LEEQdvc-CmuXMXaejgQwPgGAaCaUA4WQYJ5twuRraIVilfi3P5D9d4kJosuEN9Ir8dVL3xKlMwquXoGj4aUfPUm5aod_NQ9Iahxy1VDXnC9IofXUAYCjuNuvEHW1w_gCJCBVrJ9Oodmyd4eDuN7W_tpd8rSQNmsXXo91dGV6w_0ni6127xfFKKCp8Zh9x60mm2rxta7lFxu10vc6qEiJ7r4UDo7iJIt7OmSVcjZnXkhAfMWKaNuIYAX_copAmbyJwchFp_rjgtX3oWfwTh9z-G1QFEsrmGG-z57ozAQMOVW4hDqlC_Y13v30Vg5cLAdXBfg2Ho3TUGUZYobORkPa_n4wnSXKE0DO5Q7BX9wcQYeUHkvPD3IiOv1e9pAYWWbYcpW8UK3RWsrl-oBW6omU5lrxPzcJVj3V3jBZ1j-NlUFTcjjYvt-Z6WoC84nOIlQAKPoKOAlWCCbgOjo6SNfLZuIYrXsWekGxEjkpIsPoggm7Ks9QUQwJRsVvDOqrpoau0BCn9TlmjFG8wRGjUnuo_Ze9Q-IQf05RI1uzyLRVMWYoj2yZP2gUEKkJ_JMtD2A23n2yIKlJXp6iTllNnqpDbVsVnp_tdZH285yxR4QT6lIKHH4Avv_ARIc4ZqPZr61hMZVvQ--YZipg332JKb9Tc34Ew_a8_9VZUpbzyfULrlG6HcrWIhaYS7LUFeIf6_oMlIM0mAdWl25v6LRhfdqZ3_Rw42woSf4c2WtFw4qfb5z4R8CgKwEtLzcUNoHVc3-1Eu27uUh0GzST7C9-Pz7c7I7b58ioJ7su1exERl-yAefHHl19To2eBEfY4Eea770WhuyfUU9SmZi5WcffNM1H369Pu8WfDmTiq9mewiqsk69vgO6ijDPPNaWT1H54rwtyDUK9kwxOVg-BxlbGQ2zak2yL6bdeOvOHrprG7LVWKhFvrRjhmFuaozkqJ4ik_6uhb-afkj6Qfji_AGprv13ANSPbowoOr8t5BPAkL_2r-hJlhPFJ9ish4viLBy6xEpdjB-UBVE1b2uMMe2k3HG6FephvVpUnLGe_1pUe3FfMR51h7cLXyIP1TDzyyF6Z9
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame DC30 42 B
64 B 79ms
78ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvw74OvKCFVzdEyEVkQ10tTeqGF7DD4k4qOyS1PKWk1ILVTaUX77OepB0zTChctQrRgH49buuEfIFzFLiFaFjxgXnb5kFledtlM-LThWQdheTFK2mia2GSLkrlsrY4TwuE6icLIEg&sai=AMfl-YRH5ajNUx--ljZnMRCdq7M3o6_8EbP0eNBUe0odeyW4z_QRhu2bh72VVp1k3dlL-efLjyeoiy6Y1NV3Z22iLTz7mWP5AoZS_Blmdvn2gZuIi4WxxqbKUzgPam_-1w&sig=Cg0ArKJSzFMQ6gsU1HiWEAE&cid=CAQSOwDq26N9Akxf2aB-yqcoNREVToptb8Kp2X6iXQBmbjGu5ahEf5KvN5-YfVVBk5xzya2mjaQ7H5chyRk8GAEgEw&id=lidar2&mcvt=1001&p=100,1,700,161&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=240754757&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1671666504974&rpt=645&isd=0&lsd=0&met=ie&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Dec 2022 23:48:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 3CE2 42 B
64 B 79ms
78ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuNjF83Ob4umdMeY44uQGXnWh-Fr5RxGV2UQMQ250Yo0NNDAGb-8ff_eFdDjZS9TMiTHs87Q-7QirEZRlpjw8ojAeDdOSi-PLZ-q0rJIryMAwWi7DrJpfu5Az4nbEiSWmImQzVSTw&sai=AMfl-YQcECAIRF6R8OCaWdg1foGPqlsuTNyALQaq-1ctdkvGQkcGJtLrTr3p5IZydR5XelzgEIrYtfbhIM8DDTFE34qttawcaUoHkbuM_INeZbc9YTgrTDUEdXlaszS77w&sig=Cg0ArKJSzIccwYAWUIOMEAE&cid=CAQSOwDq26N93YbVu6cqxi3PoqC2xoBSCKvUJGKXgSdAqCwcEZ5b89lgyZGWu1U_8dAiyuQHHF5hOszJUSuwGAEgEw&id=ampim&o=1269,30&d=320,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=269&tls=1269&g=99.37499761581421&h=99.37499761581421&tt=1269&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://villainessturnshourglass.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Dec 2022 23:48:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

98 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

20 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.villainessturnshourglass.online/	1970-01-20 17:57:06	Name: _ga Value: GA1.2.526885979.1671666502
.villainessturnshourglass.online/	1970-01-20 08:22:32	Name: _gid Value: GA1.2.654322946.1671666502
.villainessturnshourglass.online/	1970-01-20 08:21:06	Name: _gat Value: 1
.villainessturnshourglass.online/	1970-01-20 17:42:42	Name: __gads Value: ID=45b1ce09ecbc4160:T=1671666503:S=ALNI_MYvqvA_tywr8l5RcYa_wscDJMPpuQ
.villainessturnshourglass.online/	1970-01-20 17:42:42	Name: __gpi Value: UID=00000b95d87b80ab:T=1671666503:RT=1671666503:S=ALNI_MbrF2PDH7DqaM1LIS1o3ueHg8qG0A
.doubleclick.net/	1970-01-20 17:42:42	Name: IDE Value: AHWqTUlPhLJrwzO_Wz_SKku389ssgloU4HCS5EOeHLKgqXb08XkmymLx65UCMd4apZ0
.prebid.a-mo.net/	1970-01-20 17:06:42	Name: __amc Value: 2_1671666503_1671666503
.rubiconproject.com/	1970-01-20 17:06:42	Name: khaos Value: LBYB2PLG-9-EFGW
.rubiconproject.com/	1970-01-20 17:06:42	Name: audit Value: 1\|naVuGyos1qrgMIpOajii2efhqFI7AU9U903mtsHdljDEX6pakvgue3GlaZTvcVjXZrm+UXywNh11yh8y9NZt8jRZHFkm0E2KAAVJVRs6g/Qi+YQF72mVaVCKzHW1UOSr
.adnxs.com/	1970-01-20 10:30:42	Name: uuid2 Value: 8965958434452726403
.3lift.com/	1970-01-20 10:30:42	Name: tluid Value: 1193086423130849812787
.adnxs.com/	1970-01-20 10:30:42	Name: anj Value: dTM7k!M41.D>6NRF']wIg2C'!rD:LI!]tbPl1M>e)ZlrFUfJ+tGXvWB@44PT>RH??ADUKcb?PPyYXcp3X^W_iM@7)jbpRzqF1`*b^z!)q@uR
.blismedia.com/	1970-01-20 17:06:46	Name: b Value: 63A39B49C5388CD0460DBCDDBLIS
.lijit.com/	1970-01-20 17:06:42	Name: ljt_reader Value: F2w0uGZH0WzKZ9PEQum7lbFM
.adfarm1.adition.com/	1970-01-20 10:30:42	Name: UserID1 Value: 7179752968809085081
.casalemedia.com/	1970-01-20 10:30:42	Name: CMPS Value: 2175
.casalemedia.com/	1970-01-20 17:06:42	Name: CMID Value: Y6ObSQiBYR4lDizMXJshwgAA
.casalemedia.com/	1970-01-20 10:30:42	Name: CMPRO Value: 1126
.mathtag.com/	1970-01-20 17:47:01	Name: uuid Value: a4d063a3-9b4b-4b00-a7a7-203004e19050
.mathtag.com/	1970-01-20 09:04:18	Name: mt_mop Value: 4:1671666507

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0f974652e490bdeb6e8fc05a8780a2f1.safeframe.googlesyndication.com
7910b8cc40f9484f6882cd7cbd153552.safeframe.googlesyndication.com
8d7393c1e66d24c697ecb58c46392eb8.safeframe.googlesyndication.com
a.exdynsrv.com
ads.rubiconproject.com
ads.servenobid.com
adservice.google.com
adservice.google.nl
ap.lijit.com
api.purpleads.io
c53869c191bc3e659bd34e977428922e.safeframe.googlesyndication.com
cdn.ampproject.org
cdn.onesignal.com
cdn.psdn.xyz
cdn.purpleads.io
cm.g.doubleclick.net
code.jquery.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
e6d054d95d762ca565d1bb3d58179dc6.safeframe.googlesyndication.com
eb2.3lift.com
ed1ab487481d00003573b79799d3602f.safeframe.googlesyndication.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hb.minutemedia-prebid.com
i.imgur.com
ib.adnxs.com
img.onesignal.com
mp.4dex.io
onesignal.com
onetag-sys.com
pagead2.googlesyndication.com
prebid-eu.creativecdn.com
prebid.a-mo.net
prebid.media.net
s0.2mdn.net
script.4dex.io
secure-assets.rubiconproject.com
securepubads.g.doubleclick.net
smarttag.rubiconproject.com
ssum-sec.casalemedia.com
sync.mathtag.com
tpc.googlesyndication.com
tr.blismedia.com
villainessturnshourglass.online
www.google-analytics.com
www.google.com
www.googletagservices.com
104.96.145.246
13.32.27.27
142.251.39.34
147.75.85.234
172.217.18.2
172.64.154.237
185.184.8.90
185.29.132.245
185.80.39.216
185.89.210.82
199.232.16.193
2001:4de0:ac18::1:a:1b
2001:4de0:ac19::1:b:1b
205.185.216.10
216.52.2.30
2602:803:c003:200::51
2606:4700:20::681a:9a9
2606:4700::6812:e134
2a00:1450:4001:800::2002
2a00:1450:4001:806::2004
2a00:1450:4001:808::2003
2a00:1450:4001:80e::2001
2a00:1450:4001:810::2006
2a00:1450:4001:827::2001
2a00:1450:4001:828::200e
2a00:1450:4001:829::2002
2a00:1450:4001:82b::200a
2a00:1450:4001:830::2002
2a00:1450:4001:831::2002
2a00:1450:400d:802::2001
2a00:1450:400d:803::2002
2a00:1450:400d:806::2002
2a06:98c1:3120::3
2a06:98c1:3122::
34.107.148.139
34.237.159.44
34.96.105.8
51.89.9.254
52.204.242.76
54.154.5.50
76.223.111.18
85.114.159.93
000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c
068a51dcd4d054caf1b2fdbc4370b8e8ac16e5ec3609846d8ed1158d2d723813
070edfef42e0980783d0acf8fa9ca6a9833b994eca13ffaa94e9a2deb47c92cf
082dad19fa9f0f35c15027a26a3d1e1f7bb9eabfbd1af1ee9235a3ca96a8cbf4
0856d9929d74cd3d5e500bba67a7ccfb4f2f03f38fa16e731ef1664b5ff6516e
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c087c3e6882fae966a431bb979d17bf8af58ce38101213a5eafa6c10bf7e0ac
10ef4250de7a7edeb8f3d912b293b7982e10746368902fbdcb83bb8dc23e3e9a
110c7932b78e1f27d049f7a3718b9099a8aba3fba09a65e7e22d771661c58022
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
16424cca6c89ec7827a4f392fb918b2781f9d3d3f98c1629c8de129c1de5b7d5
1690266a4def354da2feda545468781eefe065dab28c28e115ef23160308206b
182e4ce4dfd537795577b12b9b19a57422a8b21815f5dd92ef8acb3fd872a19c
196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e
1a7adb9583f7c119f3b83345c78a3ef59a8ed7b88bbeee5fde3fc3f6ee84f954
1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0
1c9a3419e797140772229ebcf61f8b191ef8e5c1c636843a9cd6449ba8fd2dcc
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
1e288c4dc57f72a69a497baef524f41c57e1c6a414b09a5bde22cd5b2f1b7cdf
1e7adc9a24a57746863ef54f2de5f8905c242ebc6d416713133ff989fb050222
1fb11f9928c7863fb284d54922f8fbc7a98ba330a3be9d23e721c3b602e2b157
2215634c33a7f9a27a0fa412f6d9276818e939fd04917440c51c17c21d2773f7
24874305f69dd3cbd19559db3bb41099a39b60ee10a9dbfe9389adf14313b740
293913879d30bab7499013e935009f5183facbddd63bfc9656a859622590b80b
2951c34bf80988b20c12d5006330bc3bbe7e301a6da6d97db81cb026bcf9c81a
2b8e6102dc8302c36f480ee6093667f327a54e7f1b18924e175e45ddb690464b
2dbe53260adb43c727a018143a98f178b80cfdd7e7248ad591548cc303344de3
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
340360366739b1523bc21f969f4a95b9dd94014c07afa9d4789f639b54094d24
359009092ea6b6e84b5b534ef6e51fde01c10fc6e426ea211de2786b0065faf9
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
36f3bef5786bd96f7849517c5d10b734ef6788f6e90cde8febd2d681af8158ee
394e2eff54c931c4def55131d8c46a20775bc1b49d96a6af5b25906942f64b8f
39faa21e31fa47676ec25210292375584383c45d17634eba7e30708360870ebe
3a8ded135053e9ec32f3bbf8aa5a3c728d8110f02a4f709f3dfce447cfa19a65
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46cce4c9a098122fafa7c570d1e91a20c695decf19a2e65dee2e8ce57cda9e88
46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2
47aa215c5e7f0dcc411b196a9399c19b0a0724144f6dfeb5bc58402964f67253
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56af42d8b1f0fff68d0f74b929496bcc37e5c9fccd7e41a4f18ce227cd628628
577a7909daad048eb538bacd2d4fca66157a6f80ae60d976f5c8f8dd7450c467
58a617d2c88d378bfd267e2817e2228e82ef0c3f28d8ac3458b18af77335c39e
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5dacc86b8a64742e60d70192353e5643da219a3f84c0b26cf6116b06b67fff32
6146e850afd9ba2175c55d58300dd7412223a95c7987cdbad5eee5060a6b3adf
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6231398da535e277fa219e44ff9972a07623d40ab24ba73d6d0b373b8bfc59f6
63a3c80a33a3403e62e43a661d908be553b740a9a7770044b7ea36ca7cbf2375
63d260da134d65a0bf2f86cefcd75e7d27bb90297e2884820f5096a64ebb46b2
6614836fb1cb7b97f4aa7450436ab22eb61cb94beebcd26db2986335e5b8271f
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
66fc6ca2760f4dd4df304739a23db941cd151c46b55dadedeada1535e83511a8
6e86a52a9858206302e32036d89907e3ac87762055e7f9c6364aec33221b3e41
742147e0e3a1733eb78588826c4c80f376faeebe3fa914de767c59e3d8b399e3
76b2a103a4feac2ee3aa1bf11ce12032a38d8fa566fb95a39bcac61204811c5c
7d1f9c9db3c939f3ccaf9eff5fcf3d8f7ceaf74dd05928c783e1773498428b2f
7d9e1488be90235f9cec4b6690a0184ee3215fb123469bc141b82699abb6bbb4
7da667cff6ec23817a7a9a4635e2bb7254c35e4009526267f1faec0f4fd05bcc
7fa8f76313e50c6a5ba89ba20c3e24a01997a00a88f78c08facfca998ce093f8
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
80fa9fcae601d6a3abb99f1ccd9fcbcdeb1b8a4e726ddf267e94c82e127e9cc5
82613693f5ddb7fa0f78e558edfbbeaa939dffc936c57630108a46f5d8cf71fc
8277612008fbd4b33ad1ad2f5d357517be701fee46e184bb283c5f42c5a02cb6
835f79262dd6633b91d8bbfeb62f78afa60dbd0a40072b402c1d3ed2a6d4a410
843114448aaeeda7e8caa0cf76d61e0c63b8bffccd34517483363fdb15cdc80c
8810ba3440bf482ced33d2f74b7803bba711f689d8e4caa7da5c6ae6844a1b49
8ba4c1985231e93451aed3ec4ff87c19160ba669e0c772aa653472763d4f942e
8d4760a6aa7f6fdba7e29114a884ea592eb532db4e41b6dbbca912c464f45586
8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178
8f3990f520750adc28d17f3e1f3e8480c8335d6137b7e94b9b75ff7bad2492c9
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
949ef00ce71e069fc69a6b829771726245072e18e56b264c536837c459b3febf
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9dd3a1326f714eee263d0cf46a7d3e04da82774573de40c6a2ff9094654e7dbd
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a01f9f2f5ba1812441a49f7f1dc0b04fb56a18b486005289b8df4212381f10ce
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a06435a3a79ed963180111494f3dd8af548dd8310fb47cce7bfe94d580985650
a08c94e9486aa1e46a87a47ebb3d6d603ee63372803ef6a1dc3c5caf9f240672
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a840e87b72a7a70e7092c587bf8f78a4e4b7fbae0e9887e3ec595564e6e3ad79
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
a8d7b794abba35f933609894cddfe38aef55dc944a63bf1788024017c67bcf06
a904c1a3e665c4f9d7b699e18c893d7459488f22b9ed83d3a9f6eeb8d925cfc2
a9614ae9e8d2d194b8a5fa2ce66303df50acda89f3abf159704e08c032f6a156
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
aae647740085ee3853f6fb6cf10de92db9b74452a75d6a12d09dbafd96f5d14a
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b0cc0f37d2d9dff52ed354664a1a65f2282a7b66617b35e288c80909f4d2a831
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2ff39ccfc80daf66110e4b104956bc70911dec5c51764de1c19422439a34ba5
b358fb569197e71a9e01ba7cffddd59643ddeebb16862542c60f4bd621160320
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b4a64ae7b1ff9109e080260dddd91bdcfb69de758a24b2dd0303cac9c77af278
b507ba4f4d245b0e9c35427c3697579591f70eedab5f0859bc4ee46e9515c49f
b541d4aa2aa035af47e0c5558a2c57590d81a70c0081489d55ac86d27a96a8a5
b8e78b48acc08ce31457aff168d6fb2c814d51a8739a97693cdba585d60f5b35
bb955e438072ca1d1d188f0ec1f6a50db7d1f37a9d1b311eeb4d067adc21c260
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c468201a34ec357ea756528c71c9245d13575b33bcda5b1566b607b026de1b3f
c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8
c6ea40b571810cf8b05fa0a8655451fcec540db020557ed8f138b7e0a6fa7681
ce654b6c4f12fea0ec30261d26e088b38a1d9e637ba021249edd012367f8558d
d12c6745eca14e06d4dea70f4c2bd875769b349770d04300477ab18d0db005d4
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd
d9fde63468406bc11e4928c80e2ba3099645005f4f8d7cc3934d364788e38ac7
da5db7d32efd4567f03c3fb6f91bd363d97c184f81c2f35808e401ca32922cec
db345883b20676c2cba35420a4a0aa209de295947784747e70aa602838652364
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
e286a9ef7d2064a4cf7026449941a557c7123aa84ef2a17cf79a38820f5474bc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e87a1c5e24f9a7c7dcb437417f0b05b0a3c12947ce32d65c990c988a8b5ed4d7
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
e9f66bc80ade82afeee6d178ee563011c16c68547cbf33e742f07f70028ddcca
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8
ed87a83a9df154b61d76e8b9b53bb9d23db3eea194e66bca6b575e3e4f7a57bf
eea0b9621509f98be77c5af1e9b5c952a675bda2b27c419876364017069e0c19
eedccfa98ff12e545d555346a00e40e8ba62af8a7b2f30926ecaaa9ba75ba726
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2f8c7997f52d388163a69b8832524663fd4b607f83cdb13ed9c6e928ad71fac
f44c186685862ce05b9a585fb1cf91983b571db5467b3dc424eb1c970625fa9d
f64bc725ae1e403427dbeef77c40f9a9d4ea14f9149419cd88946c6b834c779e
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f6914cddfb8fcc3e7d99864e104ebdb47934a357ef08d90f9e0acdf48433d6c9
f6d95303362090efcbb2284448f63422f60662adc55ddf520f639217d28e85de
f9220bc792ffc0a11fa1dfab1a30988b6bd4bacf1f9a9b437dd621a2e5873102
fa59dd8d79ea705eb0f6aa48e64d15556d5818e0ec2e0847dfb5539c4dfc1e60

villainessturnshourglass.online Open in urlscan Pro 2a06:98c1:3120::3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

271 Requests

96 %HTTPS

50 %IPv6

32 Domains

50 Subdomains

38 IPs

7 Countries

3335 kBTransfer

8675 kBSize

20 Cookies

0 Outgoing links

Redirected requests

271 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

villainessturnshourglass.online Open in urlscan Pro
2a06:98c1:3120::3 Public Scan

Screenshot
Live screenshot

Full Image

271
Requests

96 %
HTTPS

50 %
IPv6

32
Domains

50
Subdomains

38
IPs

7
Countries

3335 kB
Transfer

8675 kB
Size

20
Cookies

271 HTTP transactions
11 data transactions